Replace HTML files by redirection to the official spec hosting
Use HTML redirects since we can't do HTTP redirects on GitHub pages.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/docs/1.1.0/html/api/keys/attributes.html b/docs/1.1.0/html/api/keys/attributes.html
index c4994c4..70f07be 100644
--- a/docs/1.1.0/html/api/keys/attributes.html
+++ b/docs/1.1.0/html/api/keys/attributes.html
@@ -1,310 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>9.1. Key attributes — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="9.2. Key types" href="types.html" />
- <link rel="prev" title="9. Key management reference" href="index.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="key-attributes">
-<span id="id1"></span><h1>9.1. Key attributes</h1>
-<p>Key attributes are managed in a <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object. These are used when a key is created, after which the key attributes are fixed. Attributes of an existing key can be queried using <a class="reference internal" href="#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a>.</p>
-<p>Description of the individual attributes is found in the following sections:</p>
-<ul class="simple">
-<li><a class="reference internal" href="types.html#key-types"><span class="secref">Key types</span></a></li>
-<li><a class="reference internal" href="ids.html#key-identifiers"><span class="secref">Key identifiers</span></a></li>
-<li><a class="reference internal" href="lifetimes.html#key-lifetimes"><span class="secref">Key lifetimes</span></a></li>
-<li><a class="reference internal" href="policy.html#key-policy"><span class="secref">Key policies</span></a></li>
-</ul>
-<div class="section" id="managing-key-attributes">
-<h2>9.1.1. Managing key attributes</h2>
-<div class="section" id="psa_key_attributes_t">
-<span id="c.psa_key_attributes_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_attributes_t</span></code> (type)</h3>
-<p>The type of an object containing key attributes.</p>
-<pre class="literal-block">
-typedef <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a>;
-</pre>
-<p>This is the object that represents the metadata of a key object. Metadata that can be stored in attributes includes:</p>
-<ul class="simple">
-<li>The location of the key in storage, indicated by its key identifier and its lifetime.</li>
-<li>The key’s policy, comprising usage flags and a specification of the permitted algorithm(s).</li>
-<li>Information about the key itself: the key type and its size.</li>
-<li>Implementations can define additional attributes.</li>
-</ul>
-<p>The actual key material is not considered an attribute of a key. Key attributes do not contain information that is generally considered highly confidential.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p>Implementations are recommended to define the attribute object as a simple data structure, with fields corresponding to the individual key attributes. In such an implementation, each function <code class="docutils literal"><span class="pre">psa_set_key_xxx()</span></code> sets a field and the corresponding function <code class="docutils literal"><span class="pre">psa_get_key_xxx()</span></code> retrieves the value of the field.</p>
-<p class="last">An implementations can report attribute values that are equivalent to the original one, but have a different encoding. For example, an implementation can use a more compact representation for types where many bit-patterns are invalid or not supported, and store all values that it does not support as a special marker value. In such an implementation, after setting an invalid value, the corresponding get function returns an invalid value which might not be the one that was originally stored.</p>
-</div>
-<p>This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.</p>
-<p>An attribute object can contain references to auxiliary resources, for example pointers to allocated memory or indirect references to pre-calculated values. In order to free such resources, the application must call <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a>. As an exception, calling <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a> on an attribute object is optional if the object has only been modified by the following functions since it was initialized or last reset with <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a>:</p>
-<ul class="simple">
-<li><a class="reference internal" href="ids.html#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_id()</span></code></a></li>
-<li><a class="reference internal" href="lifetimes.html#c.psa_set_key_lifetime" title="psa_set_key_lifetime"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_lifetime()</span></code></a></li>
-<li><a class="reference internal" href="types.html#c.psa_set_key_type" title="psa_set_key_type"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_type()</span></code></a></li>
-<li><a class="reference internal" href="types.html#c.psa_set_key_bits" title="psa_set_key_bits"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_bits()</span></code></a></li>
-<li><a class="reference internal" href="policy.html#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_usage_flags()</span></code></a></li>
-<li><a class="reference internal" href="policy.html#c.psa_set_key_algorithm" title="psa_set_key_algorithm"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_algorithm()</span></code></a></li>
-</ul>
-<p>Before calling any function on a key attribute object, the application must initialize it by any of the following means:</p>
-<ul>
-<li><p class="first">Set the object to all-bits-zero, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> attributes;
-memset(&attributes, 0, sizeof(attributes));
-</pre>
-</li>
-<li><p class="first">Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:</p>
-<pre class="literal-block">
-static <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> attributes;
-</pre>
-</li>
-<li><p class="first">Initialize the object to the initializer <a class="reference internal" href="#c.PSA_KEY_ATTRIBUTES_INIT" title="PSA_KEY_ATTRIBUTES_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code></a>, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> attributes = <a class="reference internal" href="#c.PSA_KEY_ATTRIBUTES_INIT" title="PSA_KEY_ATTRIBUTES_INIT">PSA_KEY_ATTRIBUTES_INIT</a>;
-</pre>
-</li>
-<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_key_attributes_init" title="psa_key_attributes_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_attributes_init()</span></code></a> to the object, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> attributes;
-attributes = <a class="reference internal" href="#c.psa_key_attributes_init" title="psa_key_attributes_init">psa_key_attributes_init</a>();
-</pre>
-</li>
-</ul>
-<p>A freshly initialized attribute object contains the following values:</p>
-<table border="1" class="colwidths-auto docutils align-left">
-<thead valign="bottom">
-<tr class="row-odd"><th class="head">Attribute</th>
-<th class="head">Value</th>
-</tr>
-</thead>
-<tbody valign="top">
-<tr class="row-even"><td>lifetime</td>
-<td><a class="reference internal" href="lifetimes.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>.</td>
-</tr>
-<tr class="row-odd"><td>key identifier</td>
-<td><a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> — which is not a valid key identifier.</td>
-</tr>
-<tr class="row-even"><td>type</td>
-<td><a class="reference internal" href="types.html#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code></a> — meaning that the type is unspecified.</td>
-</tr>
-<tr class="row-odd"><td>key size</td>
-<td><code class="docutils literal"><span class="pre">0</span></code> — meaning that the size is unspecified.</td>
-</tr>
-<tr class="row-even"><td>usage flags</td>
-<td><code class="docutils literal"><span class="pre">0</span></code> — which allows no usage except exporting a public key.</td>
-</tr>
-<tr class="row-odd"><td>algorithm</td>
-<td><a class="reference internal" href="../ops/algorithms.html#c.PSA_ALG_NONE" title="PSA_ALG_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_NONE</span></code></a> — which does not allow cryptographic usage, but allows exporting.</td>
-</tr>
-</tbody>
-</table>
-<p class="rubric">Usage</p>
-<p>A typical sequence to create a key is as follows:</p>
-<ol class="arabic simple">
-<li>Create and initialize an attribute object.</li>
-<li>If the key is persistent, call <a class="reference internal" href="ids.html#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_id()</span></code></a>. Also call <a class="reference internal" href="lifetimes.html#c.psa_set_key_lifetime" title="psa_set_key_lifetime"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_lifetime()</span></code></a> to place the key in a non-default location.</li>
-<li>Set the key policy with <a class="reference internal" href="policy.html#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_usage_flags()</span></code></a> and <a class="reference internal" href="policy.html#c.psa_set_key_algorithm" title="psa_set_key_algorithm"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_algorithm()</span></code></a>.</li>
-<li>Set the key type with <a class="reference internal" href="types.html#c.psa_set_key_type" title="psa_set_key_type"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_type()</span></code></a>. Skip this step if copying an existing key with <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a>.</li>
-<li>When generating a random key with <a class="reference internal" href="management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a> or deriving a key with <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a>, set the desired key size with <a class="reference internal" href="types.html#c.psa_set_key_bits" title="psa_set_key_bits"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_bits()</span></code></a>.</li>
-<li>Call a key creation function: <a class="reference internal" href="management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a>. This function reads the attribute object, creates a key with these attributes, and outputs an identifier for the newly created key.</li>
-<li>Optionally call <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a>, now that the attribute object is no longer needed. Currently this call is not required as the attributes defined in this specification do not require additional resources beyond the object itself.</li>
-</ol>
-<p>A typical sequence to query a key’s attributes is as follows:</p>
-<ol class="arabic simple">
-<li>Call <a class="reference internal" href="#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a>.</li>
-<li>Call <code class="docutils literal"><span class="pre">psa_get_key_xxx()</span></code> functions to retrieve the required attribute(s).</li>
-<li>Call <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a> to free any resources that can be used by the attribute object.</li>
-</ol>
-<p>Once a key has been created, it is impossible to change its attributes.</p>
-</div>
-<div class="section" id="PSA_KEY_ATTRIBUTES_INIT">
-<span id="c.PSA_KEY_ATTRIBUTES_INIT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code> (macro)</h3>
-<p>This macro returns a suitable initializer for a key attribute object of type <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_ATTRIBUTES_INIT" title="PSA_KEY_ATTRIBUTES_INIT">PSA_KEY_ATTRIBUTES_INIT</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-</div>
-<div class="section" id="psa_key_attributes_init">
-<span id="c.psa_key_attributes_init"></span><h3><code class="docutils literal"><span class="pre">psa_key_attributes_init</span></code> (function)</h3>
-<p>Return an initial value for a key attribute object.</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> <a class="reference internal" href="#c.psa_key_attributes_init" title="psa_key_attributes_init">psa_key_attributes_init</a>(void);
-</pre>
-<p class="rubric">Returns: <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="docutils literal"><span class="pre">psa_key_attributes_t</span></code></a></p>
-</div>
-<div class="section" id="psa_get_key_attributes">
-<span id="c.psa_get_key_attributes"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_attributes</span></code> (function)</h3>
-<p>Retrieve the attributes of a key.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_get_key_attributes" title="psa_get_key_attributes">psa_get_key_attributes</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to query.</dd>
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>On entry, <code class="docutils literal"><span class="pre">*attributes</span></code> must be in a valid state. On successful return, it contains the attributes of the key. On failure, it is equivalent to a freshly-initialized attribute object.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-<code class="docutils literal"><span class="pre">attributes</span></code> contains the attributes of the key.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This function first resets the attribute object as with <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a>. It then copies the attributes of the given key into the given attribute object.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">This function clears any previous content from the attribute object and therefore expects it to be in a valid state. In particular, if this function is called on a newly allocated attribute object, the attribute object must be initialized before calling this function.</p>
-</div>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">This function might allocate memory or other resources. Once this function has been called on an attribute object, <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a> must be called to free these resources.</p>
-</div>
-</div>
-<div class="section" id="psa_reset_key_attributes">
-<span id="c.psa_reset_key_attributes"></span><h3><code class="docutils literal"><span class="pre">psa_reset_key_attributes</span></code> (function)</h3>
-<p>Reset a key attribute object to a freshly initialized state.</p>
-<pre class="literal-block">
-void <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes">psa_reset_key_attributes</a>(<a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The attribute object to reset.</dd>
-</dl>
-<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
-<p class="rubric">Description</p>
-<p>The attribute object must be initialized as described in the documentation of the type <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> before calling this function. Once the object has been initialized, this function can be called at any time.</p>
-<p>This function frees any auxiliary resources that the object might contain.</p>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">9. Key management reference</a><ul class="current">
-<li class="toctree-l2 current"><a class="current reference internal" href="#">9.1. Key attributes</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#managing-key-attributes">9.1.1. Managing key attributes</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="types.html">9.2. Key types</a></li>
-<li class="toctree-l2"><a class="reference internal" href="lifetimes.html">9.3. Key lifetimes</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ids.html">9.4. Key identifiers</a></li>
-<li class="toctree-l2"><a class="reference internal" href="policy.html">9.5. Key policies</a></li>
-<li class="toctree-l2"><a class="reference internal" href="management.html">9.6. Key management functions</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/keys/attributes.html'" />
diff --git a/docs/1.1.0/html/api/keys/ids.html b/docs/1.1.0/html/api/keys/ids.html
index f566a3c..ae22e39 100644
--- a/docs/1.1.0/html/api/keys/ids.html
+++ b/docs/1.1.0/html/api/keys/ids.html
@@ -1,227 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>9.4. Key identifiers — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="9.5. Key policies" href="policy.html" />
- <link rel="prev" title="9.3. Key lifetimes" href="lifetimes.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="key-identifiers">
-<span id="id1"></span><h1>9.4. Key identifiers</h1>
-<p>Key identifiers are integral values that act as permanent names for persistent keys, or as transient references to volatile keys. Key identifiers use the <a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_id_t</span></code></a> type, and the range of identifier values is divided as follows:</p>
-<dl class="docutils">
-<dt><a class="reference internal" href="#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a><code class="docutils literal"> <span class="pre">=</span> <span class="pre">0</span></code></dt>
-<dd>Reserved as an invalid key identifier.</dd>
-<dt><a class="reference internal" href="#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code></a><code class="docutils literal"> <span class="pre">–</span> </code><a class="reference internal" href="#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code></a></dt>
-<dd>Applications can freely choose persistent key identifiers in this range.</dd>
-<dt><a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code></a><code class="docutils literal"> <span class="pre">–</span> </code><a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code></a></dt>
-<dd>Implementations can define additional persistent key identifiers in this range, and must allocate any volatile key identifiers from this range.</dd>
-</dl>
-<p>Key identifiers outside these ranges are reserved for future use.</p>
-<p>Key identifiers are output from a successful call to one of the key creation functions. For persistent keys, this is the same identifier as the one specified in the key attributes used to create the key. The key identifier remains valid until it is invalidated by passing it to <a class="reference internal" href="management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a>. A volatile key identifier must not be used after it has been invalidated.</p>
-<p>If an invalid key identifier is provided as a parameter in any function, the function will return <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a>; except for the special case of calling <a class="reference internal" href="management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="docutils literal"><span class="pre">psa_destroy_key</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a><code class="docutils literal"><span class="pre">)</span></code>, which has no effect and always returns <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</p>
-<p>Valid key identifiers must have distinct values within the same application. If the implementation provides <a class="reference internal" href="../../about.html#term-caller-isolation"><span class="term">caller isolation</span></a>, then key identifiers are local to each application. That is, the same key identifier in two applications corresponds to two different keys.</p>
-<div class="section" id="key-identifier-type">
-<h2>9.4.1. Key identifier type</h2>
-<div class="section" id="psa_key_id_t">
-<span id="c.psa_key_id_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_id_t</span></code> (type)</h3>
-<p>Key identifier.</p>
-<pre class="literal-block">
-typedef uint32_t <a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>;
-</pre>
-<p>A key identifier can be a permanent name for a persistent key, or a transient reference to volatile key. See <a class="reference internal" href="#key-identifiers"><span class="secref">Key identifiers</span></a>.</p>
-</div>
-<div class="section" id="PSA_KEY_ID_NULL">
-<span id="c.PSA_KEY_ID_NULL"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code> (macro)</h3>
-<p>The null key identifier.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL">PSA_KEY_ID_NULL</a> ((<a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0)
-</pre>
-<p>The null key identifier is always invalid, except when used without in a call to <a class="reference internal" href="management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> which will return <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_KEY_ID_USER_MIN">
-<span id="c.PSA_KEY_ID_USER_MIN"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code> (macro)</h3>
-<p>The minimum value for a key identifier chosen by the application.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN">PSA_KEY_ID_USER_MIN</a> ((<a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x00000001)
-</pre>
-</div>
-<div class="section" id="PSA_KEY_ID_USER_MAX">
-<span id="c.PSA_KEY_ID_USER_MAX"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code> (macro)</h3>
-<p>The maximum value for a key identifier chosen by the application.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX">PSA_KEY_ID_USER_MAX</a> ((<a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x3fffffff)
-</pre>
-</div>
-<div class="section" id="PSA_KEY_ID_VENDOR_MIN">
-<span id="c.PSA_KEY_ID_VENDOR_MIN"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code> (macro)</h3>
-<p>The minimum value for a key identifier chosen by the implementation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN">PSA_KEY_ID_VENDOR_MIN</a> ((<a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x40000000)
-</pre>
-</div>
-<div class="section" id="PSA_KEY_ID_VENDOR_MAX">
-<span id="c.PSA_KEY_ID_VENDOR_MAX"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code> (macro)</h3>
-<p>The maximum value for a key identifier chosen by the implementation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX">PSA_KEY_ID_VENDOR_MAX</a> ((<a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x7fffffff)
-</pre>
-</div>
-</div>
-<div class="section" id="attribute-accessors">
-<h2>9.4.2. Attribute accessors</h2>
-<div class="section" id="psa_set_key_id">
-<span id="c.psa_set_key_id"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_id</span></code> (function)</h3>
-<p>Declare a key as persistent and set its key identifier.</p>
-<pre class="literal-block">
-void <a class="reference internal" href="#c.psa_set_key_id" title="psa_set_key_id">psa_set_key_id</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> id);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The attribute object to write to.</dd>
-<dt> <code class="docutils literal"><span class="pre">id</span></code></dt>
-<dd>The persistent identifier for the key.</dd>
-</dl>
-<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
-<p class="rubric">Description</p>
-<p>The application must choose a value for <code class="docutils literal"><span class="pre">id</span></code> between <a class="reference internal" href="#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code></a> and <a class="reference internal" href="#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code></a>.</p>
-<p>If the attribute object currently declares the key as volatile, which is the default lifetime of an attribute object, this function sets the lifetime attribute to <a class="reference internal" href="lifetimes.html#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>.</p>
-<p>This function does not access storage, it merely stores the given value in the attribute object. The persistent key will be written to storage when the attribute object is passed to a key creation function such as <a class="reference internal" href="management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a>.</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p class="last">This is a simple accessor function that is not required to validate its inputs. It can be efficiently implemented as a <code class="docutils literal"><span class="pre">static</span> <span class="pre">inline</span></code> function or a function-like-macro.</p>
-</div>
-</div>
-<div class="section" id="psa_get_key_id">
-<span id="c.psa_get_key_id"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_id</span></code> (function)</h3>
-<p>Retrieve the key identifier from key attributes.</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> <a class="reference internal" href="#c.psa_get_key_id" title="psa_get_key_id">psa_get_key_id</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The key attribute object to query.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t"><code class="docutils literal"><span class="pre">psa_key_id_t</span></code></a></p>
-<p>The persistent identifier stored in the attribute object. This value is unspecified if the attribute object declares the key as volatile.</p>
-<p class="rubric">Description</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p class="last">This is a simple accessor function that is not required to validate its inputs. It can be efficiently implemented as a <code class="docutils literal"><span class="pre">static</span> <span class="pre">inline</span></code> function or a function-like-macro.</p>
-</div>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">9. Key management reference</a><ul class="current">
-<li class="toctree-l2"><a class="reference internal" href="attributes.html">9.1. Key attributes</a></li>
-<li class="toctree-l2"><a class="reference internal" href="types.html">9.2. Key types</a></li>
-<li class="toctree-l2"><a class="reference internal" href="lifetimes.html">9.3. Key lifetimes</a></li>
-<li class="toctree-l2 current"><a class="current reference internal" href="#">9.4. Key identifiers</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#key-identifier-type">9.4.1. Key identifier type</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#attribute-accessors">9.4.2. Attribute accessors</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="policy.html">9.5. Key policies</a></li>
-<li class="toctree-l2"><a class="reference internal" href="management.html">9.6. Key management functions</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/keys/ids.html'" />
diff --git a/docs/1.1.0/html/api/keys/index.html b/docs/1.1.0/html/api/keys/index.html
index 10819c9..dad2c1e 100644
--- a/docs/1.1.0/html/api/keys/index.html
+++ b/docs/1.1.0/html/api/keys/index.html
@@ -1,307 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>9. Key management reference — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="9.1. Key attributes" href="attributes.html" />
- <link rel="prev" title="8.2. PSA Crypto library" href="../library/library.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="key-management-reference">
-<span id="key-management"></span><h1>9. Key management reference</h1>
-<div class="toctree-wrapper compound">
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="attributes.html">9.1. Key attributes</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="attributes.html#managing-key-attributes">9.1.1. Managing key attributes</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_key_attributes_t"><code class="docutils literal"><span class="pre">psa_key_attributes_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="attributes.html#PSA_KEY_ATTRIBUTES_INIT"><code class="docutils literal"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_key_attributes_init"><code class="docutils literal"><span class="pre">psa_key_attributes_init</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_get_key_attributes"><code class="docutils literal"><span class="pre">psa_get_key_attributes</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_reset_key_attributes"><code class="docutils literal"><span class="pre">psa_reset_key_attributes</span></code> (function)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="types.html">9.2. Key types</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="types.html#key-type-encoding">9.2.1. Key type encoding</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="types.html#psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_NONE"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="types.html#key-categories">9.2.2. Key categories</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="types.html#symmetric-keys">9.2.3. Symmetric keys</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_RAW_DATA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_HMAC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_HMAC</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_DERIVE"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_PASSWORD"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_PASSWORD_HASH"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD_HASH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_PEPPER"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PEPPER</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_AES"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_ARIA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ARIA</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_DES"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_CAMELLIA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_SM4"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_ARC4"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_CHACHA20"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="types.html#rsa-keys">9.2.4. RSA keys</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_RSA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="types.html#elliptic-curve-keys">9.2.5. Elliptic Curve keys</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="types.html#psa_ecc_family_t"><code class="docutils literal"><span class="pre">psa_ecc_family_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_SECP_K1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_K1</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_SECP_R1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_R1</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_SECP_R2"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_R2</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_SECT_K1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_K1</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_SECT_R1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_R1</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_SECT_R2"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_R2</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_FRP"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_MONTGOMERY"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_TWISTED_EDWARDS"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_TWISTED_EDWARDS</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_ECC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_ECC_GET_FAMILY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_GET_FAMILY</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="types.html#diffie-hellman-keys">9.2.6. Diffie Hellman keys</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="types.html#psa_dh_family_t"><code class="docutils literal"><span class="pre">psa_dh_family_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_DH_FAMILY_RFC7919"><code class="docutils literal"><span class="pre">PSA_DH_FAMILY_RFC7919</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_DH"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_DH_GET_FAMILY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_GET_FAMILY</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="types.html#attribute-accessors">9.2.7. Attribute accessors</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="types.html#psa_set_key_type"><code class="docutils literal"><span class="pre">psa_set_key_type</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#psa_get_key_type"><code class="docutils literal"><span class="pre">psa_get_key_type</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#psa_get_key_bits"><code class="docutils literal"><span class="pre">psa_get_key_bits</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="types.html#psa_set_key_bits"><code class="docutils literal"><span class="pre">psa_set_key_bits</span></code> (function)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="lifetimes.html">9.3. Key lifetimes</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="lifetimes.html#volatile-keys">9.3.1. Volatile keys</a></li>
-<li class="toctree-l2"><a class="reference internal" href="lifetimes.html#persistent-keys">9.3.2. Persistent keys</a></li>
-<li class="toctree-l2"><a class="reference internal" href="lifetimes.html#lifetime-encodings">9.3.3. Lifetime encodings</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#psa_key_lifetime_t"><code class="docutils literal"><span class="pre">psa_key_lifetime_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#psa_key_persistence_t"><code class="docutils literal"><span class="pre">psa_key_persistence_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#psa_key_location_t"><code class="docutils literal"><span class="pre">psa_key_location_t</span></code> (type)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="lifetimes.html#lifetime-values">9.3.4. Lifetime values</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_LIFETIME_VOLATILE"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_LIFETIME_PERSISTENT"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_PERSISTENCE_VOLATILE"><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_VOLATILE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_PERSISTENCE_DEFAULT"><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_DEFAULT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_PERSISTENCE_READ_ONLY"><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_READ_ONLY</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_LOCATION_LOCAL_STORAGE"><code class="docutils literal"><span class="pre">PSA_KEY_LOCATION_LOCAL_STORAGE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT"><code class="docutils literal"><span class="pre">PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="lifetimes.html#attribute-accessors">9.3.5. Attribute accessors</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#psa_set_key_lifetime"><code class="docutils literal"><span class="pre">psa_set_key_lifetime</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#psa_get_key_lifetime"><code class="docutils literal"><span class="pre">psa_get_key_lifetime</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="lifetimes.html#support-macros">9.3.6. Support macros</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_LIFETIME_GET_PERSISTENCE"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_GET_PERSISTENCE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_LIFETIME_GET_LOCATION"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_GET_LOCATION</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_LIFETIME_IS_VOLATILE"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_IS_VOLATILE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="ids.html">9.4. Key identifiers</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="ids.html#key-identifier-type">9.4.1. Key identifier type</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="ids.html#psa_key_id_t"><code class="docutils literal"><span class="pre">psa_key_id_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ids.html#PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ids.html#PSA_KEY_ID_USER_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ids.html#PSA_KEY_ID_USER_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ids.html#PSA_KEY_ID_VENDOR_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ids.html#PSA_KEY_ID_VENDOR_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="ids.html#attribute-accessors">9.4.2. Attribute accessors</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="ids.html#psa_set_key_id"><code class="docutils literal"><span class="pre">psa_set_key_id</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ids.html#psa_get_key_id"><code class="docutils literal"><span class="pre">psa_get_key_id</span></code> (function)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="policy.html">9.5. Key policies</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="policy.html#permitted-algorithms">9.5.1. Permitted algorithms</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="policy.html#psa_set_key_algorithm"><code class="docutils literal"><span class="pre">psa_set_key_algorithm</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="policy.html#psa_get_key_algorithm"><code class="docutils literal"><span class="pre">psa_get_key_algorithm</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="policy.html#key-usage-flags">9.5.2. Key usage flags</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="policy.html#psa_key_usage_t"><code class="docutils literal"><span class="pre">psa_key_usage_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_EXPORT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_COPY"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_CACHE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_ENCRYPT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_DECRYPT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_VERIFY_HASH"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_DERIVE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_VERIFY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_DERIVATION</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="policy.html#psa_set_key_usage_flags"><code class="docutils literal"><span class="pre">psa_set_key_usage_flags</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="policy.html#psa_get_key_usage_flags"><code class="docutils literal"><span class="pre">psa_get_key_usage_flags</span></code> (function)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="management.html">9.6. Key management functions</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="management.html#key-creation">9.6.1. Key creation</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="management.html#psa_import_key"><code class="docutils literal"><span class="pre">psa_import_key</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="management.html#psa_generate_key"><code class="docutils literal"><span class="pre">psa_generate_key</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="management.html#psa_copy_key"><code class="docutils literal"><span class="pre">psa_copy_key</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="management.html#key-destruction">9.6.2. Key destruction</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="management.html#psa_destroy_key"><code class="docutils literal"><span class="pre">psa_destroy_key</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="management.html#psa_purge_key"><code class="docutils literal"><span class="pre">psa_purge_key</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="management.html#key-export">9.6.3. Key export</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="management.html#psa_export_key"><code class="docutils literal"><span class="pre">psa_export_key</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="management.html#psa_export_public_key"><code class="docutils literal"><span class="pre">psa_export_public_key</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="management.html#PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="management.html#PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="management.html#PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="management.html#PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1 current"><a class="current reference internal" href="#">9. Key management reference</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="attributes.html">9.1. Key attributes</a></li>
-<li class="toctree-l2"><a class="reference internal" href="types.html">9.2. Key types</a></li>
-<li class="toctree-l2"><a class="reference internal" href="lifetimes.html">9.3. Key lifetimes</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ids.html">9.4. Key identifiers</a></li>
-<li class="toctree-l2"><a class="reference internal" href="policy.html">9.5. Key policies</a></li>
-<li class="toctree-l2"><a class="reference internal" href="management.html">9.6. Key management functions</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/keys/index.html'" />
diff --git a/docs/1.1.0/html/api/keys/lifetimes.html b/docs/1.1.0/html/api/keys/lifetimes.html
index 4cad3f0..0197fca 100644
--- a/docs/1.1.0/html/api/keys/lifetimes.html
+++ b/docs/1.1.0/html/api/keys/lifetimes.html
@@ -1,465 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>9.3. Key lifetimes — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="9.4. Key identifiers" href="ids.html" />
- <link rel="prev" title="9.2. Key types" href="types.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="key-lifetimes">
-<span id="id1"></span><h1>9.3. Key lifetimes</h1>
-<p>The lifetime of a key indicates where it is stored and which application and system actions will create and destroy it.</p>
-<p>Lifetime values are composed from:</p>
-<ul class="simple">
-<li>A persistence level, which indicates what device management actions can cause it to be destroyed. In particular, it indicates whether the key is volatile or persistent. See <a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_persistence_t</span></code></a> for more information.</li>
-<li>A location indicator, which indicates where the key is stored and where operations on the key are performed. See <a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_location_t</span></code></a> for more information.</li>
-</ul>
-<p>There are two main types of lifetime, indicated by the persistence level: <em>volatile</em> and <em>persistent</em>.</p>
-<div class="section" id="volatile-keys">
-<h2>9.3.1. Volatile keys</h2>
-<p>Volatile keys are automatically destroyed when the application instance terminates or on a power reset of the device. Volatile keys can be explicitly destroyed by the application.</p>
-<p>Conceptually, a volatile key is stored in RAM. Volatile keys have the lifetime <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>.</p>
-<p>To create a volatile key:</p>
-<ol class="arabic simple">
-<li>Populate a <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object with the required type, size, policy and other key attributes.</li>
-<li>Create the key with one of the key creation functions. If successful, these functions output a transient <a class="reference internal" href="ids.html#key-identifiers"><span class="std std-ref">key identifier</span></a>.</li>
-</ol>
-<p>To destroy a volatile key: call <a class="reference internal" href="management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> with the key identifier. There must be a matching call to <a class="reference internal" href="management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> for each successful call to a create a volatile key.</p>
-</div>
-<div class="section" id="persistent-keys">
-<h2>9.3.2. Persistent keys</h2>
-<p>Persistent keys are preserved until the application explicitly destroys them or until an implementation-specific device management event occurs, for example, a factory reset.</p>
-<p>Each persistent key has a permanent key identifier, which acts as a name for the key.
-Within an application, the key identifier corresponds to a single key. The
-application specifies the key identifier when the key is created and when
-using the key.</p>
-<p>The lifetime attribute of a persistent key indicates how and where it is stored. The default lifetime value for a persistent key is <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>, which corresponds to a default storage area. This specification defines how implementations can provide other lifetime values corresponding to
-different storage areas with different retention policies, or to secure elements
-with different security characteristics.</p>
-<p>To create a persistent key:</p>
-<ol class="arabic simple">
-<li>Populate a <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object with the key’s type, size, policy and other attributes.</li>
-<li>In the attributes object, set the desired lifetime and persistent identifier for the key.</li>
-<li>Create the key with one of the key creation functions. If successful, these functions output the <a class="reference internal" href="ids.html#key-identifiers"><span class="std std-ref">key identifier</span></a> that was specified by the application in step 2.</li>
-</ol>
-<p>To access an existing persistent key: use the key identifier in any API that requires a key.</p>
-<p>To destroy a persistent key: call <a class="reference internal" href="management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> with the key identifier. Destroying a persistent key permanently removes it from memory and storage.</p>
-<p>By default, persistent key material is removed from volatile memory when not in use. Frequently used persistent keys can benefit from caching, depending on the implementation and the application. Caching can be enabled by creating the key with the <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> policy. Cached keys can be removed from volatile memory by calling <a class="reference internal" href="management.html#c.psa_purge_key" title="psa_purge_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_purge_key()</span></code></a>. See also <a class="reference internal" href="../../overview/implementation.html#memory-cleanup"><span class="secref">Memory cleanup</span></a> and <a class="reference internal" href="../../overview/implementation.html#key-material"><span class="secref">Managing key material</span></a>.</p>
-</div>
-<div class="section" id="lifetime-encodings">
-<h2>9.3.3. Lifetime encodings</h2>
-<div class="section" id="psa_key_lifetime_t">
-<span id="c.psa_key_lifetime_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_lifetime_t</span></code> (type)</h3>
-<p>Encoding of key lifetimes.</p>
-<pre class="literal-block">
-typedef uint32_t <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>;
-</pre>
-<p>The lifetime of a key indicates where it is stored and which application and system actions will create and destroy it.</p>
-<p>Lifetime values have the following structure:</p>
-<dl class="docutils">
-<dt>Bits[7:0]: Persistence level</dt>
-<dd><p class="first">This value indicates what device management actions can cause it to be destroyed. In particular, it indicates whether the key is <em>volatile</em> or <em>persistent</em>. See <a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_persistence_t</span></code></a> for more information.</p>
-<p class="last"><a class="reference internal" href="#c.PSA_KEY_LIFETIME_GET_PERSISTENCE" title="PSA_KEY_LIFETIME_GET_PERSISTENCE"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_GET_PERSISTENCE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">lifetime</span></code><code class="docutils literal"><span class="pre">)</span></code> returns the persistence level for a key <code class="docutils literal"><span class="pre">lifetime</span></code> value.</p>
-</dd>
-<dt>Bits[31:8]: Location indicator</dt>
-<dd><p class="first">This value indicates where the key material is stored (or at least where it is accessible in cleartext) and where operations on the key are performed. See <a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_location_t</span></code></a> for more information.</p>
-<p class="last"><a class="reference internal" href="#c.PSA_KEY_LIFETIME_GET_LOCATION" title="PSA_KEY_LIFETIME_GET_LOCATION"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_GET_LOCATION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">lifetime</span></code><code class="docutils literal"><span class="pre">)</span></code> returns the location indicator for a key <code class="docutils literal"><span class="pre">lifetime</span></code> value.</p>
-</dd>
-</dl>
-<p>Volatile keys are automatically destroyed when the application instance terminates or on a power reset of the device. Persistent keys are preserved until the application explicitly destroys them or until an implementation-specific device management event occurs, for example, a factory reset.</p>
-<p>Persistent keys have a key identifier of type <a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_id_t</span></code></a>. This identifier remains valid throughout the lifetime of the key, even if the application instance that created the key terminates.</p>
-<p>This specification defines two basic lifetime values:</p>
-<ul class="simple">
-<li>Keys with the lifetime <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> are volatile. All implementations should support this lifetime.</li>
-<li>Keys with the lifetime <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a> are persistent. All implementations that have access to persistent storage with appropriate security guarantees should support this lifetime.</li>
-</ul>
-</div>
-<div class="section" id="psa_key_persistence_t">
-<span id="c.psa_key_persistence_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_persistence_t</span></code> (type)</h3>
-<p>Encoding of key persistence levels.</p>
-<pre class="literal-block">
-typedef uint8_t <a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t">psa_key_persistence_t</a>;
-</pre>
-<p>What distinguishes different persistence levels is which device management events can cause keys to be destroyed. For example, power reset, transfer of device ownership, or a factory reset are device management events that can affect keys at different persistence levels. The specific management events which affect persistent keys at different levels is outside the scope of the PSA Cryptography specification.</p>
-<p>Values for persistence levels defined by this specification are shown in <span><a class="reference internal" href="#persistence-levels"><span class="numref">Table 3</span></a></span>.</p>
-<table border="1" class="colwidths-given longtable docutils align-left" id="persistence-levels">
-<caption><span class="caption-number">Table 3 </span><span class="caption-text">Key persistence level values</span></caption>
-<colgroup>
-<col width="40%" />
-<col width="60%" />
-</colgroup>
-<thead valign="bottom">
-<tr class="row-odd"><th class="head">Persistence level</th>
-<th class="head">Definition</th>
-</tr>
-</thead>
-<tbody valign="top">
-<tr class="row-even"><td><code class="docutils literal"><span class="pre">0</span> <span class="pre">=</span> </code><a class="reference internal" href="#c.PSA_KEY_PERSISTENCE_VOLATILE" title="PSA_KEY_PERSISTENCE_VOLATILE"><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_VOLATILE</span></code></a></td>
-<td><p class="first">Volatile key.</p>
-<p class="last">A volatile key is automatically destroyed by the implementation when the application instance terminates. In particular, a volatile key is automatically destroyed on a power reset of the device.</p>
-</td>
-</tr>
-<tr class="row-odd"><td><code class="docutils literal"><span class="pre">1</span> <span class="pre">=</span> </code><a class="reference internal" href="#c.PSA_KEY_PERSISTENCE_DEFAULT" title="PSA_KEY_PERSISTENCE_DEFAULT"><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_DEFAULT</span></code></a></td>
-<td><p class="first">Persistent key with a default lifetime.</p>
-<p class="last">Implementations should support this value if they support persistent keys at all. Applications should use this value if they have no specific needs that are only met by implementation-specific features.</p>
-</td>
-</tr>
-<tr class="row-even"><td><code class="docutils literal"><span class="pre">2</span> <span class="pre">–</span> <span class="pre">127</span></code></td>
-<td><p class="first">Persistent key with a PSA-specified lifetime.</p>
-<p class="last">The PSA Cryptography specification does not define the meaning of these values, but other PSA specifications may do so.</p>
-</td>
-</tr>
-<tr class="row-odd"><td><code class="docutils literal"><span class="pre">128</span> <span class="pre">–</span> <span class="pre">254</span></code></td>
-<td><p class="first">Persistent key with a vendor-specified lifetime.</p>
-<p class="last">No PSA specification will define the meaning of these values, so implementations may choose the meaning freely. As a guideline, higher persistence levels should cause a key to survive more management events than lower levels.</p>
-</td>
-</tr>
-<tr class="row-even"><td><code class="docutils literal"><span class="pre">255</span> <span class="pre">=</span> </code><a class="reference internal" href="#c.PSA_KEY_PERSISTENCE_READ_ONLY" title="PSA_KEY_PERSISTENCE_READ_ONLY"><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_READ_ONLY</span></code></a></td>
-<td><p class="first">Read-only or write-once key.</p>
-<p>A key with this persistence level cannot be destroyed. Implementations that support such keys may either allow their creation through the PSA Cryptography API, preferably only to applications with the appropriate privilege, or only expose keys created through implementation-specific means such as a factory ROM engraving process.</p>
-<p class="last">Note that keys that are read-only due to policy restrictions rather than due to physical limitations should not have this persistence level.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">Key persistence levels are 8-bit values. Key management interfaces operate on lifetimes (type <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_lifetime_t</span></code></a>), and encode the persistence value as the lower 8 bits of a 32-bit value.</p>
-</div>
-</div>
-<div class="section" id="psa_key_location_t">
-<span id="c.psa_key_location_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_location_t</span></code> (type)</h3>
-<p>Encoding of key location indicators.</p>
-<pre class="literal-block">
-typedef uint32_t <a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t">psa_key_location_t</a>;
-</pre>
-<p>If an implementation of this API can make calls to external cryptoprocessors such as secure elements, the location of a key indicates which secure element performs the operations on the key. If the key material is not stored persistently inside the secure element, it must be stored in a wrapped form such that only the secure element can access the key material in cleartext.</p>
-<p>Values for location indicators defined by this specification are shown in <span><a class="reference internal" href="#location-indicators"><span class="numref">Table 4</span></a></span>.</p>
-<table border="1" class="colwidths-given longtable docutils align-left" id="location-indicators">
-<caption><span class="caption-number">Table 4 </span><span class="caption-text">Key location indicator values</span></caption>
-<colgroup>
-<col width="25%" />
-<col width="75%" />
-</colgroup>
-<thead valign="bottom">
-<tr class="row-odd"><th class="head">Location indicator</th>
-<th class="head">Definition</th>
-</tr>
-</thead>
-<tbody valign="top">
-<tr class="row-even"><td><code class="docutils literal"><span class="pre">0</span></code></td>
-<td><p class="first">Primary local storage.</p>
-<p class="last">All implementations should support this value. The primary local storage is typically the same storage area that contains the key metadata.</p>
-</td>
-</tr>
-<tr class="row-odd"><td><code class="docutils literal"><span class="pre">1</span></code></td>
-<td><p class="first">Primary secure element.</p>
-<p class="last">Implementations should support this value if there is a secure element attached to the operating environment. As a guideline, secure elements may provide higher resistance against side channel and physical attacks than the primary local storage, but may have restrictions on supported key types, sizes, policies and operations and may have different performance characteristics.</p>
-</td>
-</tr>
-<tr class="row-even"><td><code class="docutils literal"><span class="pre">2</span> <span class="pre">–</span> <span class="pre">0x7fffff</span></code></td>
-<td><p class="first">Other locations defined by a PSA specification.</p>
-<p class="last">The PSA Cryptography API does not currently assign any meaning to these locations, but future versions of this specification or other PSA specifications may do so.</p>
-</td>
-</tr>
-<tr class="row-odd"><td><code class="docutils literal"><span class="pre">0x800000</span> <span class="pre">–</span> <span class="pre">0xffffff</span></code></td>
-<td><p class="first">Vendor-defined locations.</p>
-<p class="last">No PSA specification will assign a meaning to locations in this range.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">Key location indicators are 24-bit values. Key management interfaces operate on lifetimes (type <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_lifetime_t</span></code></a>), and encode the location as the upper 24 bits of a 32-bit value.</p>
-</div>
-</div>
-</div>
-<div class="section" id="lifetime-values">
-<h2>9.3.4. Lifetime values</h2>
-<div class="section" id="PSA_KEY_LIFETIME_VOLATILE">
-<span id="c.PSA_KEY_LIFETIME_VOLATILE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code> (macro)</h3>
-<p>The default lifetime for volatile keys.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE">PSA_KEY_LIFETIME_VOLATILE</a> ((<a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>) 0x00000000)
-</pre>
-<p>A volatile key only exists as long as its identifier is not destroyed. The key material is guaranteed to be erased on a power reset.</p>
-<p>A key with this lifetime is typically stored in the RAM area of the PSA Crypto subsystem. However this is an implementation choice. If an implementation stores data about the key in a non-volatile memory, it must release all the resources associated with the key and erase the key material if the calling application terminates.</p>
-</div>
-<div class="section" id="PSA_KEY_LIFETIME_PERSISTENT">
-<span id="c.PSA_KEY_LIFETIME_PERSISTENT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> (macro)</h3>
-<p>The default lifetime for persistent keys.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT">PSA_KEY_LIFETIME_PERSISTENT</a> ((<a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>) 0x00000001)
-</pre>
-<p>A persistent key remains in storage until it is explicitly destroyed or until the corresponding storage area is wiped. This specification does not define any mechanism to wipe a storage area. Implementations are permitted to provide their own mechanism, for example, to perform a factory reset, to prepare for device refurbishment, or to uninstall an application.</p>
-<p>This lifetime value is the default storage area for the calling application. Implementations can offer other storage areas designated by other lifetime values as implementation-specific extensions.</p>
-</div>
-<div class="section" id="PSA_KEY_PERSISTENCE_VOLATILE">
-<span id="c.PSA_KEY_PERSISTENCE_VOLATILE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_VOLATILE</span></code> (macro)</h3>
-<p>The persistence level of volatile keys.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_PERSISTENCE_VOLATILE" title="PSA_KEY_PERSISTENCE_VOLATILE">PSA_KEY_PERSISTENCE_VOLATILE</a> ((<a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t">psa_key_persistence_t</a>) 0x00)
-</pre>
-<p>See <a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_persistence_t</span></code></a> for more information.</p>
-</div>
-<div class="section" id="PSA_KEY_PERSISTENCE_DEFAULT">
-<span id="c.PSA_KEY_PERSISTENCE_DEFAULT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_DEFAULT</span></code> (macro)</h3>
-<p>The default persistence level for persistent keys.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_PERSISTENCE_DEFAULT" title="PSA_KEY_PERSISTENCE_DEFAULT">PSA_KEY_PERSISTENCE_DEFAULT</a> ((<a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t">psa_key_persistence_t</a>) 0x01)
-</pre>
-<p>See <a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_persistence_t</span></code></a> for more information.</p>
-</div>
-<div class="section" id="PSA_KEY_PERSISTENCE_READ_ONLY">
-<span id="c.PSA_KEY_PERSISTENCE_READ_ONLY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_READ_ONLY</span></code> (macro)</h3>
-<p>A persistence level indicating that a key is never destroyed.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_PERSISTENCE_READ_ONLY" title="PSA_KEY_PERSISTENCE_READ_ONLY">PSA_KEY_PERSISTENCE_READ_ONLY</a> ((<a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t">psa_key_persistence_t</a>) 0xff)
-</pre>
-<p>See <a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_persistence_t</span></code></a> for more information.</p>
-</div>
-<div class="section" id="PSA_KEY_LOCATION_LOCAL_STORAGE">
-<span id="c.PSA_KEY_LOCATION_LOCAL_STORAGE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LOCATION_LOCAL_STORAGE</span></code> (macro)</h3>
-<p>The local storage area for persistent keys.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_LOCATION_LOCAL_STORAGE" title="PSA_KEY_LOCATION_LOCAL_STORAGE">PSA_KEY_LOCATION_LOCAL_STORAGE</a> ((<a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t">psa_key_location_t</a>) 0x000000)
-</pre>
-<p>This storage area is available on all systems that can store persistent keys without delegating the storage to a third-party cryptoprocessor.</p>
-<p>See <a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_location_t</span></code></a> for more information.</p>
-</div>
-<div class="section" id="PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT">
-<span id="c.PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT</span></code> (macro)</h3>
-<p>The default secure element storage area for persistent keys.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT" title="PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT">PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT</a> ((<a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t">psa_key_location_t</a>) 0x000001)
-</pre>
-<p>This storage location is available on systems that have one or more secure elements that are able to store keys.</p>
-<p>Vendor-defined locations must be provided by the system for storing keys in additional secure elements.</p>
-<p>See <a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_location_t</span></code></a> for more information.</p>
-</div>
-</div>
-<div class="section" id="attribute-accessors">
-<h2>9.3.5. Attribute accessors</h2>
-<div class="section" id="psa_set_key_lifetime">
-<span id="c.psa_set_key_lifetime"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_lifetime</span></code> (function)</h3>
-<p>Set the location of a persistent key.</p>
-<pre class="literal-block">
-void <a class="reference internal" href="#c.psa_set_key_lifetime" title="psa_set_key_lifetime">psa_set_key_lifetime</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a> lifetime);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The attribute object to write to.</dd>
-<dt> <code class="docutils literal"><span class="pre">lifetime</span></code></dt>
-<dd>The lifetime for the key. If this is <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>, the key will be volatile, and the key identifier attribute is reset to <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
-<p class="rubric">Description</p>
-<p>To make a key persistent, give it a persistent key identifier by using <a class="reference internal" href="ids.html#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_id()</span></code></a>. By default, a key that has a persistent identifier is stored in the default storage area identifier by <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>. Call this function to choose a storage area, or to explicitly declare the key as volatile.</p>
-<p>This function does not access storage, it merely stores the given value in the attribute object. The persistent key will be written to storage when the attribute object is passed to a key creation function such as <a class="reference internal" href="management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a>.</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p class="last">This is a simple accessor function that is not required to validate its inputs. It can be efficiently implemented as a <code class="docutils literal"><span class="pre">static</span> <span class="pre">inline</span></code> function or a function-like-macro.</p>
-</div>
-</div>
-<div class="section" id="psa_get_key_lifetime">
-<span id="c.psa_get_key_lifetime"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_lifetime</span></code> (function)</h3>
-<p>Retrieve the lifetime from key attributes.</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a> <a class="reference internal" href="#c.psa_get_key_lifetime" title="psa_get_key_lifetime">psa_get_key_lifetime</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The key attribute object to query.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t"><code class="docutils literal"><span class="pre">psa_key_lifetime_t</span></code></a></p>
-<p>The lifetime value stored in the attribute object.</p>
-<p class="rubric">Description</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p class="last">This is a simple accessor function that is not required to validate its inputs. It can be efficiently implemented as a <code class="docutils literal"><span class="pre">static</span> <span class="pre">inline</span></code> function or a function-like-macro.</p>
-</div>
-</div>
-</div>
-<div class="section" id="support-macros">
-<h2>9.3.6. Support macros</h2>
-<div class="section" id="PSA_KEY_LIFETIME_GET_PERSISTENCE">
-<span id="c.PSA_KEY_LIFETIME_GET_PERSISTENCE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_GET_PERSISTENCE</span></code> (macro)</h3>
-<p>Extract the persistence level from a key lifetime.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_LIFETIME_GET_PERSISTENCE" title="PSA_KEY_LIFETIME_GET_PERSISTENCE">PSA_KEY_LIFETIME_GET_PERSISTENCE</a>(lifetime) \
- ((<a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t">psa_key_persistence_t</a>) ((lifetime) & 0x000000ff))
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">lifetime</span></code></dt>
-<dd>The lifetime value to query: a value of type <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_lifetime_t</span></code></a>.</dd>
-</dl>
-</div>
-<div class="section" id="PSA_KEY_LIFETIME_GET_LOCATION">
-<span id="c.PSA_KEY_LIFETIME_GET_LOCATION"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_GET_LOCATION</span></code> (macro)</h3>
-<p>Extract the location indicator from a key lifetime.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_LIFETIME_GET_LOCATION" title="PSA_KEY_LIFETIME_GET_LOCATION">PSA_KEY_LIFETIME_GET_LOCATION</a>(lifetime) \
- ((<a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t">psa_key_location_t</a>) ((lifetime) >> 8))
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">lifetime</span></code></dt>
-<dd>The lifetime value to query: a value of type <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_lifetime_t</span></code></a>.</dd>
-</dl>
-</div>
-<div class="section" id="PSA_KEY_LIFETIME_IS_VOLATILE">
-<span id="c.PSA_KEY_LIFETIME_IS_VOLATILE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_IS_VOLATILE</span></code> (macro)</h3>
-<p>Whether a key lifetime indicates that the key is volatile.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_LIFETIME_IS_VOLATILE" title="PSA_KEY_LIFETIME_IS_VOLATILE">PSA_KEY_LIFETIME_IS_VOLATILE</a>(lifetime) \
- (<a class="reference internal" href="#c.PSA_KEY_LIFETIME_GET_PERSISTENCE" title="PSA_KEY_LIFETIME_GET_PERSISTENCE">PSA_KEY_LIFETIME_GET_PERSISTENCE</a>(lifetime) == <a class="reference internal" href="#c.PSA_KEY_PERSISTENCE_VOLATILE" title="PSA_KEY_PERSISTENCE_VOLATILE">PSA_KEY_PERSISTENCE_VOLATILE</a>)
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">lifetime</span></code></dt>
-<dd>The lifetime value to query: a value of type <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_lifetime_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if the key is volatile, otherwise <code class="docutils literal"><span class="pre">0</span></code>.</p>
-<p class="rubric">Description</p>
-<p>A volatile key is automatically destroyed by the implementation when the application instance terminates. In particular, a volatile key is automatically destroyed on a power reset of the device.</p>
-<p>A key that is not volatile is persistent. Persistent keys are preserved until the application explicitly destroys them or until an implementation-specific device management event occurs, for example, a factory reset.</p>
-</div>
-<div class="section" id="PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION">
-<span id="c.PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION</span></code> (macro)</h3>
-<p>Construct a lifetime from a persistence level and a location.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION" title="PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION">PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION</a>(persistence, location) \
- ((location) << 8 | (persistence))
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">persistence</span></code></dt>
-<dd>The persistence level: a value of type <a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_persistence_t</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">location</span></code></dt>
-<dd>The location indicator: a value of type <a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_location_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The constructed lifetime value.</p>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">9. Key management reference</a><ul class="current">
-<li class="toctree-l2"><a class="reference internal" href="attributes.html">9.1. Key attributes</a></li>
-<li class="toctree-l2"><a class="reference internal" href="types.html">9.2. Key types</a></li>
-<li class="toctree-l2 current"><a class="current reference internal" href="#">9.3. Key lifetimes</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#volatile-keys">9.3.1. Volatile keys</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#persistent-keys">9.3.2. Persistent keys</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#lifetime-encodings">9.3.3. Lifetime encodings</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#lifetime-values">9.3.4. Lifetime values</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#attribute-accessors">9.3.5. Attribute accessors</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#support-macros">9.3.6. Support macros</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="ids.html">9.4. Key identifiers</a></li>
-<li class="toctree-l2"><a class="reference internal" href="policy.html">9.5. Key policies</a></li>
-<li class="toctree-l2"><a class="reference internal" href="management.html">9.6. Key management functions</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/keys/lifetimes.html'" />
diff --git a/docs/1.1.0/html/api/keys/management.html b/docs/1.1.0/html/api/keys/management.html
index 2e277f6..fdf3538 100644
--- a/docs/1.1.0/html/api/keys/management.html
+++ b/docs/1.1.0/html/api/keys/management.html
@@ -1,795 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>9.6. Key management functions — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="10. Cryptographic operation reference" href="../ops/index.html" />
- <link rel="prev" title="9.5. Key policies" href="policy.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="key-management-functions">
-<h1>9.6. Key management functions</h1>
-<div class="section" id="key-creation">
-<span id="id1"></span><h2>9.6.1. Key creation</h2>
-<p>New keys can be created in the following ways:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> creates a key from a data buffer provided by the application.</li>
-<li><a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a> creates a key from randomly generated data.</li>
-<li><a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> creates a key from data generated by a pseudorandom derivation process. See <a class="reference internal" href="../ops/kdf.html#kdf"><span class="secref">Key derivation</span></a>.</li>
-<li><a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a> duplicates an existing key with a different lifetime or with a more restrictive usage policy.</li>
-</ul>
-<p>When creating a key, the attributes for the new key are specified in a <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object. Each key creation function defines how it uses the attributes.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p>The attributes for a key are immutable after the key has been created.</p>
-<p class="last">The application must set the key algorithm policy and the appropriate key usage flags in the attributes in order for the key to be used in any cryptographic operations.</p>
-</div>
-<div class="section" id="psa_import_key">
-<span id="c.psa_import_key"></span><h3><code class="docutils literal"><span class="pre">psa_import_key</span></code> (function)</h3>
-<p>Import a key in binary format.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_import_key" title="psa_import_key">psa_import_key</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- const uint8_t * data,
- size_t data_length,
- <a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd><p class="first">The attributes for the new key.
-This function uses the attributes as follows:</p>
-<ul class="simple">
-<li>The key type is required, and determines how the <code class="docutils literal"><span class="pre">data</span></code> buffer is interpreted.</li>
-<li>The key size is always determined from the <code class="docutils literal"><span class="pre">data</span></code> buffer. If the key size in <code class="docutils literal"><span class="pre">attributes</span></code> is nonzero, it must be equal to the size determined from <code class="docutils literal"><span class="pre">data</span></code>.</li>
-<li>The key permitted-algorithm policy is required for keys that will be used for a cryptographic operation, see <a class="reference internal" href="policy.html#permitted-algorithms"><span class="secref">Permitted algorithms</span></a>.</li>
-<li>The key usage flags define what operations are permitted with the key, see <a class="reference internal" href="policy.html#key-usage-flags"><span class="secref">Key usage flags</span></a>.</li>
-<li>The key lifetime and identifier are required for a persistent key.</li>
-</ul>
-<div class="last admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">This is an input parameter: it is not updated with the final key attributes. The final attributes of the new key can be queried by calling <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a> with the key’s identifier.</p>
-</div>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">data</span></code></dt>
-<dd>Buffer containing the key data.
-The content of this buffer is interpreted according to the type declared in <code class="docutils literal"><span class="pre">attributes</span></code>.
-All implementations must support at least the format described in the documentation of <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> or <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a> for the chosen type.
-Implementations can support other formats, but be conservative in interpreting the key data: it is recommended that implementations reject content if it might be erroneous, for example, if it is the wrong type or is truncated.</dd>
-<dt> <code class="docutils literal"><span class="pre">data_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">data</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>On success, an identifier for the newly created key. <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The implementation does not permit creating a key with the specified attributes due to some implementation-specific policy.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></dt>
-<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The key type is invalid.</li>
-<li>The key size is nonzero, and is incompatible with the key data in <code class="docutils literal"><span class="pre">data</span></code>.</li>
-<li>The key lifetime is invalid.</li>
-<li>The key identifier is not valid for the key lifetime.</li>
-<li>The key usage flags include invalid values.</li>
-<li>The key’s permitted-usage algorithm is invalid.</li>
-<li>The key attributes, as a whole, are invalid.</li>
-<li>The key data is not correctly formatted for the key type.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd>The key attributes, as a whole, are not supported, either by the implementation in general or in the specified storage location.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This function supports any output from <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a>. Refer to the documentation of <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a> for the format of public keys and to the documentation of <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> for the format for other key types.</p>
-<p>The key data determines the key size. The attributes can optionally specify a key size; in this case it must match the size determined from the key data. A key size of <code class="docutils literal"><span class="pre">0</span></code> in <code class="docutils literal"><span class="pre">attributes</span></code> indicates that the key size is solely determined by the key data.</p>
-<p>Implementations must reject an attempt to import a key of size <code class="docutils literal"><span class="pre">0</span></code>.</p>
-<p>This specification defines a single format for each key type. Implementations can optionally support other formats in addition to the standard format. It is recommended that implementations that support other formats ensure that the formats are clearly unambiguous, to minimize the risk that an invalid input is accidentally interpreted according to a different format.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">The PSA Crypto API does not support asymmetric private key objects outside of a key pair. To import a private key, the <code class="docutils literal"><span class="pre">attributes</span></code> must specify the corresponding key pair type. Depending on the key type, either the import format contains the public key data or the implementation will reconstruct the public key from the private key as needed.</p>
-</div>
-</div>
-<div class="section" id="psa_generate_key">
-<span id="c.psa_generate_key"></span><h3><code class="docutils literal"><span class="pre">psa_generate_key</span></code> (function)</h3>
-<p>Generate a key or key pair.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key">psa_generate_key</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd><p class="first">The attributes for the new key.
-This function uses the attributes as follows:</p>
-<ul class="simple">
-<li>The key type is required. It cannot be an asymmetric public key.</li>
-<li>The key size is required. It must be a valid size for the key type.</li>
-<li>The key permitted-algorithm policy is required for keys that will be used for a cryptographic operation, see <a class="reference internal" href="policy.html#permitted-algorithms"><span class="secref">Permitted algorithms</span></a>.</li>
-<li>The key usage flags define what operations are permitted with the key, see <a class="reference internal" href="policy.html#key-usage-flags"><span class="secref">Key usage flags</span></a>.</li>
-<li>The key lifetime and identifier are required for a persistent key.</li>
-</ul>
-<div class="last admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">This is an input parameter: it is not updated with the final key attributes. The final attributes of the new key can be queried by calling <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a> with the key’s identifier.</p>
-</div>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>On success, an identifier for the newly created key. <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The implementation does not permit creating a key with the specified attributes due to some implementation-specific policy.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></dt>
-<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The key type is invalid, or is an asymmetric public key type.</li>
-<li>The key size is not valid for the key type.</li>
-<li>The key lifetime is invalid.</li>
-<li>The key identifier is not valid for the key lifetime.</li>
-<li>The key usage flags include invalid values.</li>
-<li>The key’s permitted-usage algorithm is invalid.</li>
-<li>The key attributes, as a whole, are invalid.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd>The key attributes, as a whole, are not supported, either by the implementation in general or in the specified storage location.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The key is generated randomly. Its location, policy, type and size are taken from <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
-<p>Implementations must reject an attempt to generate a key of size <code class="docutils literal"><span class="pre">0</span></code>.</p>
-<p>The following type-specific considerations apply:</p>
-<ul class="simple">
-<li>For RSA keys (<a class="reference internal" href="types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>), the public exponent is 65537. The modulus is a product of two probabilistic primes between 2^{n-1} and 2^n where n is the bit size specified in the attributes.</li>
-</ul>
-</div>
-<div class="section" id="psa_copy_key">
-<span id="c.psa_copy_key"></span><h3><code class="docutils literal"><span class="pre">psa_copy_key</span></code> (function)</h3>
-<p>Make a copy of a key.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key">psa_copy_key</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> source_key,
- const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * target_key);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">source_key</span></code></dt>
-<dd>The key to copy.
-It must allow the usage <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a>.
-If a private or secret key is being copied outside of a secure element it must also allow <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd><p class="first">The attributes for the new key. This function uses the attributes as follows:</p>
-<ul class="simple">
-<li>The key type and size can be <code class="docutils literal"><span class="pre">0</span></code>. If either is nonzero, it must match the corresponding attribute of the source key.</li>
-<li>The key location (the lifetime and, for persistent keys, the key identifier) is used directly.</li>
-<li>The key policy (usage flags and permitted algorithm) are combined from the source key and <code class="docutils literal"><span class="pre">attributes</span></code> so that both sets of restrictions apply, as described in the documentation of this function.</li>
-</ul>
-<div class="last admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">This is an input parameter: it is not updated with the final key attributes. The final attributes of the new key can be queried by calling <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a> with the key’s identifier.</p>
-</div>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">target_key</span></code></dt>
-<dd>On success, an identifier for the newly created key. <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-If the new key is persistent, the key material and the key’s metadata have been saved to persistent storage.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">source_key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">source_key</span></code> does not have the <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> usage flag.</li>
-<li><code class="docutils literal"><span class="pre">source_key</span></code> does not have the <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> usage flag, and its storage location does not allow copying it to the target key’s storage location.</li>
-<li>The implementation does not permit creating a key with the specified attributes due to some implementation-specific policy.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></dt>
-<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">attributes</span></code> specifies a key type or key size which does not match the attributes of <code class="docutils literal"><span class="pre">source</span> <span class="pre">key</span></code>.</li>
-<li>The lifetime or identifier in <code class="docutils literal"><span class="pre">attributes</span></code> are invalid.</li>
-<li>The key policies from <code class="docutils literal"><span class="pre">source_key</span></code> and those specified in <code class="docutils literal"><span class="pre">attributes</span></code> are incompatible.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The <code class="docutils literal"><span class="pre">source</span> <span class="pre">key</span></code> storage location does not support copying to the target key’s storage location.</li>
-<li>The key attributes, as a whole, are not supported in the target key’s storage location.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>Copy key material from one location to another.</p>
-<p>This function is primarily useful to copy a key from one location to another, as it populates a key using the material from another key which can have a different lifetime.</p>
-<p>This function can be used to share a key with a different party, subject to implementation-defined restrictions on key sharing.</p>
-<p>The policy on the source key must have the usage flag <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> set. This flag is sufficient to permit the copy if the key has the lifetime <a class="reference internal" href="lifetimes.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> or <a class="reference internal" href="lifetimes.html#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>. Some secure elements do not provide a way to copy a key without making it extractable from the secure element. If a key is located in such a secure element, then the key must have both usage flags <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> and <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> in order to make a copy of the key outside the secure element.</p>
-<p>The resulting key can only be used in a way that conforms to both the policy of the original key and the policy specified in the <code class="docutils literal"><span class="pre">attributes</span></code> parameter:</p>
-<ul class="simple">
-<li>The usage flags on the resulting key are the bitwise-and of the usage flags on the source policy and the usage flags in <code class="docutils literal"><span class="pre">attributes</span></code>.</li>
-<li>If both permit the same algorithm or wildcard-based algorithm, the resulting key has the same permitted algorithm.</li>
-<li>If either of the policies permits an algorithm and the other policy allows a wildcard-based permitted algorithm that includes this algorithm, the resulting key uses this permitted algorithm.</li>
-<li>If the policies do not permit any algorithm in common, this function fails with the status <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a>.</li>
-</ul>
-<p>The effect of this function on implementation-defined attributes is implementation-defined.</p>
-</div>
-</div>
-<div class="section" id="key-destruction">
-<span id="id2"></span><h2>9.6.2. Key destruction</h2>
-<div class="section" id="psa_destroy_key">
-<span id="c.psa_destroy_key"></span><h3><code class="docutils literal"><span class="pre">psa_destroy_key</span></code> (function)</h3>
-<p>Destroy a key.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_destroy_key" title="psa_destroy_key">psa_destroy_key</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to erase.
-If this is <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a>, do nothing and return <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-If <code class="docutils literal"><span class="pre">key</span></code> was a valid key identifier, then the key material that it referred to has been erased.
-Alternatively, <code class="docutils literal"><span class="pre">key</span></code> was <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is neither a valid key identifier, nor <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key cannot be erased because it is read-only, either due to a policy or due to physical restrictions.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd>There was an failure in communication with the cryptoprocessor. The key material might still be present in the cryptoprocessor.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd>An unexpected condition which is not a storage corruption or a communication failure occurred. The cryptoprocessor might have been compromised.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd>The storage operation failed. Implementations must make a best effort to erase key material even in this situation, however, it might be impossible to guarantee that the key material is not recoverable in such cases.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd>The storage is corrupted. Implementations must make a best effort to erase key material even in this situation, however, it might be impossible to guarantee that the key material is not recoverable in such cases.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This function destroys a key from both volatile memory and, if applicable, non-volatile storage. Implementations must make a best effort to ensure that that the key material cannot be recovered.</p>
-<p>This function also erases any metadata such as policies and frees resources associated with the key.</p>
-<p>Destroying the key makes the key identifier invalid, and the key identifier must not be used again by the application.</p>
-<p>If a key is currently in use in a multi-part operation, then destroying the key will cause the multi-part operation to fail.</p>
-</div>
-<div class="section" id="psa_purge_key">
-<span id="c.psa_purge_key"></span><h3><code class="docutils literal"><span class="pre">psa_purge_key</span></code> (function)</h3>
-<p>Remove non-essential copies of key material from memory.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_purge_key" title="psa_purge_key">psa_purge_key</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to purge.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The key material has been removed from memory, if the key material is not currently required.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>For keys that have been created with the <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> usage flag, an implementation is permitted to make additional copies of the key material that are not in storage and not for the purpose of ongoing operations.</p>
-<p>This function will remove these extra copies of the key material from memory.</p>
-<p>This function is not required to remove key material from memory in any of the following situations:</p>
-<ul class="simple">
-<li>The key is currently in use in a cryptographic operation.</li>
-<li>The key is volatile.</li>
-</ul>
-<p>See also <a class="reference internal" href="../../overview/implementation.html#key-material"><span class="secref">Managing key material</span></a>.</p>
-</div>
-</div>
-<div class="section" id="key-export">
-<span id="id3"></span><h2>9.6.3. Key export</h2>
-<div class="section" id="psa_export_key">
-<span id="c.psa_export_key"></span><h3><code class="docutils literal"><span class="pre">psa_export_key</span></code> (function)</h3>
-<p>Export a key in binary format.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_export_key" title="psa_export_key">psa_export_key</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- uint8_t * data,
- size_t data_size,
- size_t * data_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to export.
-It must allow the usage <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a>, unless it is a public key.</dd>
-<dt> <code class="docutils literal"><span class="pre">data</span></code></dt>
-<dd>Buffer where the key data is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">data_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">data</span></code> buffer in bytes.
-This must be appropriate for the key:</p>
-<ul class="last simple">
-<li>The required output size is <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">bits</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">type</span></code> is the key type and <code class="docutils literal"><span class="pre">bits</span></code> is the key size in bits.</li>
-<li><a class="reference internal" href="#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported key pair.</li>
-<li><a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported public key.</li>
-<li>This API defines no maximum size for symmetric keys. Arbitrarily large data items can be stored in the key store, for example certificates that correspond to a stored private key or input material for key derivation.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">data_length</span></code></dt>
-<dd>On success, the number of bytes that make up the key data.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*data_length)</span></code> bytes of <code class="docutils literal"><span class="pre">data</span></code> contain the exported key.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> flag.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">data</span></code> buffer is too small.
-<a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The key’s storage location does not support export of the key.</li>
-<li>The implementation does not support export of keys with this key type.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The output of this function can be passed to <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> to create an equivalent object.</p>
-<p>If the implementation of <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> supports other formats beyond the format specified here, the output from <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> must use the representation specified here, not the original representation.</p>
-<p>For standard key types, the output format is as follows:</p>
-<ul>
-<li><p class="first">For symmetric keys, excluding HMAC keys, the format is the raw bytes of the key.</p>
-</li>
-<li><p class="first">For HMAC keys that are shorter than, or equal in size to, the underlying hash algorithm block size, the format is the raw bytes of the key.</p>
-<p>For HMAC keys that are longer than the underlying hash algorithm block size, the format is an <a class="reference internal" href="../../about.html#term-implementation-defined"><span class="scterm">implementation defined</span></a> choice between the following formats:</p>
-<ol class="arabic simple">
-<li>The raw bytes of the key.</li>
-<li>The raw bytes of the hash of the key, using the underlying hash algorithm.</li>
-</ol>
-<p>See also <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_HMAC</span></code></a>.</p>
-</li>
-<li><p class="first">For DES, the key data consists of 8 bytes. The parity bits must be correct.</p>
-</li>
-<li><p class="first">For Triple-DES, the format is the concatenation of the two or three DES keys.</p>
-</li>
-<li><p class="first">For RSA key pairs, with key type <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>, the format is the non-encrypted DER encoding of the representation defined by in <span><em>PKCS #1: RSA Cryptography Specifications Version 2.2</em> <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a></span> as <code class="docutils literal"><span class="pre">RSAPrivateKey</span></code>, version <code class="docutils literal"><span class="pre">0</span></code>.</p>
-<div class="highlight-none"><div class="highlight"><pre><span></span>RSAPrivateKey ::= SEQUENCE {
- version INTEGER, -- must be 0
- modulus INTEGER, -- n
- publicExponent INTEGER, -- e
- privateExponent INTEGER, -- d
- prime1 INTEGER, -- p
- prime2 INTEGER, -- q
- exponent1 INTEGER, -- d mod (p-1)
- exponent2 INTEGER, -- d mod (q-1)
- coefficient INTEGER, -- (inverse of q) mod p
-}
-</pre></div>
-</div>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">Although it is possible to define an RSA key pair or private key using a subset of these elements, the output from <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> for an RSA key pair must include all of these elements.</p>
-</div>
-</li>
-<li><p class="first">For elliptic curve key pairs, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR" title="PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR()</span></code></a> is true, the format is a representation of the private value.</p>
-<ul>
-<li><p class="first">For Weierstrass curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code>, <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a> and <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a>, the content of the <code class="docutils literal"><span class="pre">privateKey</span></code> field of the <code class="docutils literal"><span class="pre">ECPrivateKey</span></code> format defined by <span><em>Elliptic Curve Private Key Structure</em> <a class="reference internal" href="../../about.html#citation-rfc5915"><span class="cite">[RFC5915]</span></a></span>.</p>
-<p>This is a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string in big-endian order where <code class="docutils literal"><span class="pre">m</span></code> is the key size in bits.</p>
-</li>
-<li><p class="first">For curve family <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, the scalar value of the ‘private key’ in little-endian order as defined by <span><em>Elliptic Curves for Security</em> <a class="reference internal" href="../../about.html#citation-rfc7748"><span class="cite">[RFC7748]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-6">§6</a>. The value must have the forced bits set to zero or one as specified by <code class="docutils literal"><span class="pre">decodeScalar25519()</span></code> and <code class="docutils literal"><span class="pre">decodeScalar448()</span></code> in <a class="reference internal" href="../../about.html#citation-rfc7748"><span class="cite">[RFC7748]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-5">§5</a>.</p>
-<p>This is a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string where <code class="docutils literal"><span class="pre">m</span></code> is the key size in bits. This is 32 bytes for Curve25519, and 56 bytes for Curve448.</p>
-</li>
-<li><p class="first">For the Twisted Edwards curve family <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_TWISTED_EDWARDS" title="PSA_ECC_FAMILY_TWISTED_EDWARDS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_TWISTED_EDWARDS</span></code></a>, the private key is defined by <span><em>Edwards-Curve Digital Signature Algorithm (EdDSA)</em> <a class="reference internal" href="../../about.html#citation-rfc8032"><span class="cite">[RFC8032]</span></a></span>.</p>
-<p>This is a 32-byte string for Edwards25519, and a 57-byte string for Edwards448.</p>
-</li>
-</ul>
-</li>
-<li><p class="first">For Diffie-Hellman key exchange key pairs, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_DH_KEY_PAIR" title="PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR()</span></code></a> is true, the format is the representation of the private key <code class="docutils literal"><span class="pre">x</span></code> as a big-endian byte string. The length of the byte string is the private key size in bytes, and leading zeroes are not stripped.</p>
-</li>
-<li><p class="first">For public keys, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY()</span></code></a> is true, the format is the same as for <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a>.</p>
-</li>
-</ul>
-<p>The policy on the key must have the usage flag <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> set.</p>
-</div>
-<div class="section" id="psa_export_public_key">
-<span id="c.psa_export_public_key"></span><h3><code class="docutils literal"><span class="pre">psa_export_public_key</span></code> (function)</h3>
-<p>Export a public key or the public part of a key pair in binary format.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key">psa_export_public_key</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- uint8_t * data,
- size_t data_size,
- size_t * data_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to export.</dd>
-<dt> <code class="docutils literal"><span class="pre">data</span></code></dt>
-<dd>Buffer where the key data is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">data_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">data</span></code> buffer in bytes.
-This must be appropriate for the key:</p>
-<ul class="last simple">
-<li>The required output size is <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">bits</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">type</span></code> is the key type and <code class="docutils literal"><span class="pre">bits</span></code> is the key size in bits.</li>
-<li><a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported public key or public part of a key pair.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">data_length</span></code></dt>
-<dd>On success, the number of bytes that make up the key data.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*data_length)</span></code> bytes of <code class="docutils literal"><span class="pre">data</span></code> contain the exported public key.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">data</span></code> buffer is too small.
-<a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd>The key is neither a public key nor a key pair.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The key’s storage location does not support export of the key.</li>
-<li>The implementation does not support export of keys with this key type.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The output of this function can be passed to <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> to create an object that is equivalent to the public key.</p>
-<p>If the implementation of <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> supports other formats beyond the format specified here, the output from <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a> must use the representation specified here, not the original representation.</p>
-<p>For standard key types, the output format is as follows:</p>
-<ul>
-<li><p class="first">For RSA public keys, with key type <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code></a>, the DER encoding of the representation defined by <span><em>Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</em> <a class="reference internal" href="../../about.html#citation-rfc3279"><span class="cite">[RFC3279]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc3279.html#section-2.3.1">§2.3.1</a> as <code class="docutils literal"><span class="pre">RSAPublicKey</span></code>.</p>
-<div class="highlight-none"><div class="highlight"><pre><span></span>RSAPublicKey ::= SEQUENCE {
- modulus INTEGER, -- n
- publicExponent INTEGER } -- e
-</pre></div>
-</div>
-</li>
-<li><p class="first">For elliptic curve key pairs, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY()</span></code></a> is true, the format depends on the key family:</p>
-<ul>
-<li><p class="first">For Weierstrass curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code>, <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a> and <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a>, the uncompressed representation of an elliptic curve point as an octet string defined in <span><em>SEC 1: Elliptic Curve Cryptography</em> <a class="reference internal" href="../../about.html#citation-sec1"><span class="cite">[SEC1]</span></a></span> §2.3.3. If <code class="docutils literal"><span class="pre">m</span></code> is the bit size associated with the curve, i.e. the bit size of <code class="docutils literal"><span class="pre">q</span></code> for a curve over <code class="docutils literal"><span class="pre">F_q</span></code>. The representation consists of:</p>
-<ul class="simple">
-<li>The byte <code class="docutils literal"><span class="pre">0x04</span></code>;</li>
-<li><code class="docutils literal"><span class="pre">x_P</span></code> as a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string, big-endian;</li>
-<li><code class="docutils literal"><span class="pre">y_P</span></code> as a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string, big-endian.</li>
-</ul>
-</li>
-<li><p class="first">For curve family <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, the scalar value of the ‘public key’ in little-endian order as defined by <span><em>Elliptic Curves for Security</em> <a class="reference internal" href="../../about.html#citation-rfc7748"><span class="cite">[RFC7748]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-6">§6</a>. This is a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string where <code class="docutils literal"><span class="pre">m</span></code> is the key size in bits.</p>
-<ul class="simple">
-<li>This is 32 bytes for Curve25519, computed as <code class="docutils literal"><span class="pre">X25519(private_key,</span> <span class="pre">9)</span></code>.</li>
-<li>This is 56 bytes for Curve448, computed as <code class="docutils literal"><span class="pre">X448(private_key,</span> <span class="pre">5)</span></code>.</li>
-</ul>
-</li>
-<li><p class="first">For curve family <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_TWISTED_EDWARDS" title="PSA_ECC_FAMILY_TWISTED_EDWARDS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_TWISTED_EDWARDS</span></code></a>, the public key is defined by <span><em>Edwards-Curve Digital Signature Algorithm (EdDSA)</em> <a class="reference internal" href="../../about.html#citation-rfc8032"><span class="cite">[RFC8032]</span></a></span>.</p>
-<p>This is a 32-byte string for Edwards25519, and a 57-byte string for Edwards448.</p>
-</li>
-</ul>
-</li>
-<li><p class="first">For Diffie-Hellman key exchange public keys, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code></a> is true, the format is the representation of the public key <code class="docutils literal"><span class="pre">y</span> <span class="pre">=</span> <span class="pre">g^x</span> <span class="pre">mod</span> <span class="pre">p</span></code> as a big-endian byte string. The length of the byte string is the length of the base prime <code class="docutils literal"><span class="pre">p</span></code> in bytes.</p>
-</li>
-</ul>
-<p>Exporting a public key object or the public part of a key pair is always permitted, regardless of the key’s usage flags.</p>
-</div>
-<div class="section" id="PSA_EXPORT_KEY_OUTPUT_SIZE">
-<span id="c.PSA_EXPORT_KEY_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE</span></code> (macro)</h3>
-<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE">PSA_EXPORT_KEY_OUTPUT_SIZE</a>(key_type, key_bits) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>A supported key type.</dd>
-<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
-<dd>The size of the key in bits.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> or <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a> will not fail with <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or <code class="docutils literal"><span class="pre">0</span></code>. If the parameters are not valid, the return value is unspecified.</p>
-<p class="rubric">Description</p>
-<p>The following code illustrates how to allocate enough memory to export a key by querying the key type and size at runtime.</p>
-<pre class="literal-block">
-<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> attributes = <a class="reference internal" href="attributes.html#c.PSA_KEY_ATTRIBUTES_INIT" title="PSA_KEY_ATTRIBUTES_INIT">PSA_KEY_ATTRIBUTES_INIT</a>;
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> status;
-status = <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes">psa_get_key_attributes</a>(key, &attributes);
-if (status != <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a>)
- handle_error(...);
-<a class="reference internal" href="types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> key_type = <a class="reference internal" href="types.html#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(&attributes);
-size_t key_bits = <a class="reference internal" href="types.html#c.psa_get_key_bits" title="psa_get_key_bits">psa_get_key_bits</a>(&attributes);
-size_t buffer_size = <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE">PSA_EXPORT_KEY_OUTPUT_SIZE</a>(key_type, key_bits);
-<a class="reference internal" href="attributes.html#c.psa_reset_key_attributes" title="psa_reset_key_attributes">psa_reset_key_attributes</a>(&attributes);
-uint8_t *buffer = malloc(buffer_size);
-if (buffer == NULL)
- handle_error(...);
-size_t buffer_length;
-status = <a class="reference internal" href="#c.psa_export_key" title="psa_export_key">psa_export_key</a>(key, buffer, buffer_size, &buffer_length);
-if (status != <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a>)
- handle_error(...);
-</pre>
-<p>See also <a class="reference internal" href="#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code></a> and <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE">
-<span id="c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</span></code> (macro)</h3>
-<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</a>(key_type, key_bits) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>A public key or key pair key type.</dd>
-<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
-<dd>The size of the key in bits.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a> will not fail with <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or <code class="docutils literal"><span class="pre">0</span></code>. If the parameters are not valid, the return value is unspecified.</p>
-<p>If the parameters are valid and supported, it is recommended that this macro returns the same result as <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">),</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">)</span></code>.</p>
-<p class="rubric">Description</p>
-<p>The following code illustrates how to allocate enough memory to export a public key by querying the key type and size at runtime.</p>
-<pre class="literal-block">
-<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> attributes = <a class="reference internal" href="attributes.html#c.PSA_KEY_ATTRIBUTES_INIT" title="PSA_KEY_ATTRIBUTES_INIT">PSA_KEY_ATTRIBUTES_INIT</a>;
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> status;
-status = <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes">psa_get_key_attributes</a>(key, &attributes);
-if (status != <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a>)
- handle_error(...);
-<a class="reference internal" href="types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> key_type = <a class="reference internal" href="types.html#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(&attributes);
-size_t key_bits = <a class="reference internal" href="types.html#c.psa_get_key_bits" title="psa_get_key_bits">psa_get_key_bits</a>(&attributes);
-size_t buffer_size = <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</a>(key_type, key_bits);
-<a class="reference internal" href="attributes.html#c.psa_reset_key_attributes" title="psa_reset_key_attributes">psa_reset_key_attributes</a>(&attributes);
-uint8_t *buffer = malloc(buffer_size);
-if (buffer == NULL)
- handle_error(...);
-size_t buffer_length;
-status = <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key">psa_export_public_key</a>(key, buffer, buffer_size, &buffer_length);
-if (status != <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a>)
- handle_error(...);
-</pre>
-<p>See also <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_EXPORT_KEY_PAIR_MAX_SIZE">
-<span id="c.PSA_EXPORT_KEY_PAIR_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code> (macro)</h3>
-<p>Sufficient buffer size for exporting any asymmetric key pair.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE">PSA_EXPORT_KEY_PAIR_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>This value must be a sufficient buffer size when calling <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> to export any asymmetric key pair that is supported by the implementation, regardless of the exact key type and key size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE">
-<span id="c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</h3>
-<p>Sufficient buffer size for exporting any asymmetric public key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>This value must be a sufficient buffer size when calling <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> or <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a> to export any asymmetric public key that is supported by the implementation, regardless of the exact key type and key size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">9. Key management reference</a><ul class="current">
-<li class="toctree-l2"><a class="reference internal" href="attributes.html">9.1. Key attributes</a></li>
-<li class="toctree-l2"><a class="reference internal" href="types.html">9.2. Key types</a></li>
-<li class="toctree-l2"><a class="reference internal" href="lifetimes.html">9.3. Key lifetimes</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ids.html">9.4. Key identifiers</a></li>
-<li class="toctree-l2"><a class="reference internal" href="policy.html">9.5. Key policies</a></li>
-<li class="toctree-l2 current"><a class="current reference internal" href="#">9.6. Key management functions</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#key-creation">9.6.1. Key creation</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#key-destruction">9.6.2. Key destruction</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#key-export">9.6.3. Key export</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/keys/management.html'" />
diff --git a/docs/1.1.0/html/api/keys/policy.html b/docs/1.1.0/html/api/keys/policy.html
index 69c06e0..9e00077 100644
--- a/docs/1.1.0/html/api/keys/policy.html
+++ b/docs/1.1.0/html/api/keys/policy.html
@@ -1,384 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>9.5. Key policies — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="9.6. Key management functions" href="management.html" />
- <link rel="prev" title="9.4. Key identifiers" href="ids.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="key-policies">
-<span id="key-policy"></span><h1>9.5. Key policies</h1>
-<p>All keys have an associated policy that regulates which operations are permitted on the key. A key policy is composed of two elements:</p>
-<ul class="simple">
-<li>A set of usage flags. See <a class="reference internal" href="#key-usage-flags"><span class="secref">Key usage flags</span></a>.</li>
-<li>A specific algorithm that is permitted with the key. See <a class="reference internal" href="#permitted-algorithms"><span class="secref">Permitted algorithms</span></a>.</li>
-</ul>
-<p>The policy is part of the key attributes that are managed by a <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object.</p>
-<p>A highly constrained implementation might not be able to support all the policies that can be expressed through this interface. If an implementation cannot create a key with the required policy, it must return an appropriate error code when the key is created.</p>
-<div class="section" id="permitted-algorithms">
-<span id="id1"></span><h2>9.5.1. Permitted algorithms</h2>
-<p>The permitted algorithm is encoded using a algorithm identifier, as described in <a class="reference internal" href="../ops/algorithms.html#algorithms"><span class="secref">Algorithms</span></a>.</p>
-<p>This specification only defines policies that restrict keys to a single algorithm, which is consistent with both common practice and security good practice.</p>
-<p>The following algorithm policies are supported:</p>
-<ul class="simple">
-<li><a class="reference internal" href="../ops/algorithms.html#c.PSA_ALG_NONE" title="PSA_ALG_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_NONE</span></code></a> does not permit any cryptographic operation with the key. The key can still be used for non-cryptographic actions such as exporting, if permitted by the usage flags.</li>
-<li>A specific algorithm value permits exactly that particular algorithm.</li>
-<li>A signature algorithm constructed with <a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> permits the specified signature scheme with any hash algorithm. In addition, <a class="reference internal" href="../ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a><code class="docutils literal"><span class="pre">)</span></code> also permits the <a class="reference internal" href="../ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a> signature algorithm.</li>
-<li>A raw key agreement algorithm also permits the specified key agreement scheme to be combined with any key derivation algorithm.</li>
-<li>An algorithm built from <a class="reference internal" href="../ops/macs.html#c.PSA_ALG_AT_LEAST_THIS_LENGTH_MAC" title="PSA_ALG_AT_LEAST_THIS_LENGTH_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_AT_LEAST_THIS_LENGTH_MAC()</span></code></a> allows any MAC algorithm from the same base class (for example, CMAC) which computes or verifies a MAC length greater than or equal to the length encoded in the wildcard algorithm.</li>
-<li>An algorithm built from <a class="reference internal" href="../ops/aead.html#c.PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG" title="PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG()</span></code></a> allows any AEAD algorithm from the same base class (for example, CCM) which computes or verifies a tag length greater than or equal to the length encoded in the wildcard algorithm.</li>
-</ul>
-<p>When a key is used in a cryptographic operation, the application must supply the algorithm to use for the operation. This algorithm is checked against the key’s permitted algorithm policy.</p>
-<div class="section" id="psa_set_key_algorithm">
-<span id="c.psa_set_key_algorithm"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_algorithm</span></code> (function)</h3>
-<p>Declare the permitted algorithm policy for a key.</p>
-<pre class="literal-block">
-void <a class="reference internal" href="#c.psa_set_key_algorithm" title="psa_set_key_algorithm">psa_set_key_algorithm</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="../ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The attribute object to write to.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The permitted algorithm to write.</dd>
-</dl>
-<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
-<p class="rubric">Description</p>
-<p>The permitted algorithm policy of a key encodes which algorithm or algorithms are permitted to be used with this key.</p>
-<p>This function overwrites any permitted algorithm policy previously set in <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p class="last">This is a simple accessor function that is not required to validate its inputs. It can be efficiently implemented as a <code class="docutils literal"><span class="pre">static</span> <span class="pre">inline</span></code> function or a function-like-macro.</p>
-</div>
-</div>
-<div class="section" id="psa_get_key_algorithm">
-<span id="c.psa_get_key_algorithm"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_algorithm</span></code> (function)</h3>
-<p>Retrieve the permitted algorithm policy from key attributes.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> <a class="reference internal" href="#c.psa_get_key_algorithm" title="psa_get_key_algorithm">psa_get_key_algorithm</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The key attribute object to query.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a></p>
-<p>The algorithm stored in the attribute object.</p>
-<p class="rubric">Description</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p class="last">This is a simple accessor function that is not required to validate its inputs. It can be efficiently implemented as a <code class="docutils literal"><span class="pre">static</span> <span class="pre">inline</span></code> function or a function-like-macro.</p>
-</div>
-</div>
-</div>
-<div class="section" id="key-usage-flags">
-<span id="id2"></span><h2>9.5.2. Key usage flags</h2>
-<p>The usage flags are encoded in a bitmask, which has the type <a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_usage_t</span></code></a>. Four kinds of usage flag can be specified:</p>
-<ul class="simple">
-<li>The extractable flag <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> determines whether the key material can be extracted.</li>
-<li>The copyable flag <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> determines whether the key material can be copied into a new key, which can have a different lifetime or a more restrictive policy.</li>
-<li>The cacheable flag <a class="reference internal" href="#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> determines whether the implementation is permitted to retain non-essential copies of the key material in RAM. This policy only applies to persistent keys. See also <a class="reference internal" href="../../overview/implementation.html#key-material"><span class="secref">Managing key material</span></a>.</li>
-<li>The other usage flags, for example, <a class="reference internal" href="#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> and <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>, determine whether the corresponding operation is permitted on the key.</li>
-</ul>
-<div class="section" id="psa_key_usage_t">
-<span id="c.psa_key_usage_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_usage_t</span></code> (type)</h3>
-<p>Encoding of permitted usage on a key.</p>
-<pre class="literal-block">
-typedef uint32_t <a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>;
-</pre>
-</div>
-<div class="section" id="PSA_KEY_USAGE_EXPORT">
-<span id="c.PSA_KEY_USAGE_EXPORT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> (macro)</h3>
-<p>Permission to export the key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT">PSA_KEY_USAGE_EXPORT</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000001)
-</pre>
-<p>This flag allows the use of <a class="reference internal" href="management.html#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> to export a key from the cryptoprocessor. A public key or the public part of a key pair can always be exported regardless of the value of this permission flag.</p>
-<p>This flag can also be required to copy a key using <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a> outside of a secure element. See also <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a>.</p>
-<p>If a key does not have export permission, implementations must not allow the key to be exported in plain form from the cryptoprocessor, whether through <a class="reference internal" href="management.html#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> or through a proprietary interface. The key might still be exportable in a wrapped form, i.e. in a form where it is encrypted by another key.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_COPY">
-<span id="c.PSA_KEY_USAGE_COPY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code> (macro)</h3>
-<p>Permission to copy the key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY">PSA_KEY_USAGE_COPY</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000002)
-</pre>
-<p>This flag allows the use of <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a> to make a copy of the key with the same policy or a more restrictive policy.</p>
-<p>For lifetimes for which the key is located in a secure element which enforce the non-exportability of keys, copying a key outside the secure element also requires the usage flag <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a>. Copying the key inside the secure element is permitted with just <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> if the secure element supports it. For keys with the lifetime <a class="reference internal" href="lifetimes.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> or <a class="reference internal" href="lifetimes.html#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>, the usage flag <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> is sufficient to permit the copy.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_CACHE">
-<span id="c.PSA_KEY_USAGE_CACHE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code> (macro)</h3>
-<p>Permission for the implementation to cache the key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE">PSA_KEY_USAGE_CACHE</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000004)
-</pre>
-<p>This flag allows the implementation to make additional copies of the key material that are not in storage and not for the purpose of an ongoing operation. Applications can use it as a hint to keep the key around for repeated access.</p>
-<p>An application can request that cached key material is removed from memory by calling <a class="reference internal" href="management.html#c.psa_purge_key" title="psa_purge_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_purge_key()</span></code></a>.</p>
-<p>The presence of this usage flag when creating a key is a hint:</p>
-<ul class="simple">
-<li>An implementation is not required to cache keys that have this usage flag.</li>
-<li>An implementation must not report an error if it does not cache keys.</li>
-</ul>
-<p>If this usage flag is not present, the implementation must ensure key material is removed from memory as soon as it is not required for an operation or for maintenance of a volatile key.</p>
-<p>This flag must be preserved when reading back the attributes for all keys, regardless of key type or implementation behavior.</p>
-<p>See also <a class="reference internal" href="../../overview/implementation.html#key-material"><span class="secref">Managing key material</span></a>.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_ENCRYPT">
-<span id="c.PSA_KEY_USAGE_ENCRYPT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code> (macro)</h3>
-<p>Permission to encrypt a message with the key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT">PSA_KEY_USAGE_ENCRYPT</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000100)
-</pre>
-<p>This flag allows the key to be used for a symmetric encryption operation, for an AEAD encryption-and-authentication operation, or for an asymmetric encryption operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:</p>
-<ul class="simple">
-<li><a class="reference internal" href="../ops/ciphers.html#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a></li>
-<li><a class="reference internal" href="../ops/ciphers.html#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a></li>
-<li><a class="reference internal" href="../ops/aead.html#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt()</span></code></a></li>
-<li><a class="reference internal" href="../ops/aead.html#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a></li>
-<li><a class="reference internal" href="../ops/pke.html#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_encrypt()</span></code></a></li>
-</ul>
-<p>For a key pair, this concerns the public key.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_DECRYPT">
-<span id="c.PSA_KEY_USAGE_DECRYPT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code> (macro)</h3>
-<p>Permission to decrypt a message with the key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT">PSA_KEY_USAGE_DECRYPT</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000200)
-</pre>
-<p>This flag allows the key to be used for a symmetric decryption operation, for an AEAD decryption-and-verification operation, or for an asymmetric decryption operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:</p>
-<ul class="simple">
-<li><a class="reference internal" href="../ops/ciphers.html#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a></li>
-<li><a class="reference internal" href="../ops/ciphers.html#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a></li>
-<li><a class="reference internal" href="../ops/aead.html#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt()</span></code></a></li>
-<li><a class="reference internal" href="../ops/aead.html#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a></li>
-<li><a class="reference internal" href="../ops/pke.html#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_decrypt()</span></code></a></li>
-</ul>
-<p>For a key pair, this concerns the private key.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_SIGN_MESSAGE">
-<span id="c.PSA_KEY_USAGE_SIGN_MESSAGE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code> (macro)</h3>
-<p>Permission to sign a message with the key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE">PSA_KEY_USAGE_SIGN_MESSAGE</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000400)
-</pre>
-<p>This flag allows the key to be used for a MAC calculation operation or for an asymmetric message signature operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:</p>
-<ul class="simple">
-<li><a class="reference internal" href="../ops/macs.html#c.psa_mac_compute" title="psa_mac_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_compute()</span></code></a></li>
-<li><a class="reference internal" href="../ops/macs.html#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_setup()</span></code></a></li>
-<li><a class="reference internal" href="../ops/sign.html#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a></li>
-</ul>
-<p>For a key pair, this concerns the private key.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_VERIFY_MESSAGE">
-<span id="c.PSA_KEY_USAGE_VERIFY_MESSAGE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code> (macro)</h3>
-<p>Permission to verify a message signature with the key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE">PSA_KEY_USAGE_VERIFY_MESSAGE</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000800)
-</pre>
-<p>This flag allows the key to be used for a MAC verification operation or for an asymmetric message signature verification operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:</p>
-<ul class="simple">
-<li><a class="reference internal" href="../ops/macs.html#c.psa_mac_verify" title="psa_mac_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify()</span></code></a></li>
-<li><a class="reference internal" href="../ops/macs.html#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a></li>
-<li><a class="reference internal" href="../ops/sign.html#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a></li>
-</ul>
-<p>For a key pair, this concerns the public key.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_SIGN_HASH">
-<span id="c.PSA_KEY_USAGE_SIGN_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code> (macro)</h3>
-<p>Permission to sign a message hash with the key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH">PSA_KEY_USAGE_SIGN_HASH</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00001000)
-</pre>
-<p>This flag allows the key to be used to sign a message hash as part of an asymmetric signature operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used when calling <a class="reference internal" href="../ops/sign.html#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a>.</p>
-<p>This flag automatically sets <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>: if an application sets the flag <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a> when creating a key, then the key always has the permissions conveyed by <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>, and the flag <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> will also be present when the application queries the usage flags of the key.</p>
-<p>For a key pair, this concerns the private key.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_VERIFY_HASH">
-<span id="c.PSA_KEY_USAGE_VERIFY_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code> (macro)</h3>
-<p>Permission to verify a message hash with the key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH">PSA_KEY_USAGE_VERIFY_HASH</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00002000)
-</pre>
-<p>This flag allows the key to be used to verify a message hash as part of an asymmetric signature verification operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used when calling <a class="reference internal" href="../ops/sign.html#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>.</p>
-<p>This flag automatically sets <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>: if an application sets the flag <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a> when creating a key, then the key always has the permissions conveyed by <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>, and the flag <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> will also be present when the application queries the usage flags of the key.</p>
-<p>For a key pair, this concerns the public key.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_DERIVE">
-<span id="c.PSA_KEY_USAGE_DERIVE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code> (macro)</h3>
-<p>Permission to derive other keys or produce a password hash from this key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE">PSA_KEY_USAGE_DERIVE</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00004000)
-</pre>
-<p>This flag allows the key to be used for a key derivation operation or for a key agreement operation, if otherwise permitted by the key’s type and policy.</p>
-<p>This flag must be present on keys used with the following APIs:</p>
-<ul class="simple">
-<li><a class="reference internal" href="../ops/ka.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a></li>
-<li><a class="reference internal" href="../ops/ka.html#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a></li>
-</ul>
-<p>If this flag is present on all keys used in calls to <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a> for a key derivation operation, then it permits calling <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_bytes()</span></code></a> or <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> at the end of the operation.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_VERIFY_DERIVATION">
-<span id="c.PSA_KEY_USAGE_VERIFY_DERIVATION"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_DERIVATION</span></code> (macro)</h3>
-<p>Permission to verify the result of a key derivation, including password hashing.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_DERIVATION" title="PSA_KEY_USAGE_VERIFY_DERIVATION">PSA_KEY_USAGE_VERIFY_DERIVATION</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00008000)
-</pre>
-<p>This flag allows the key to be used in a key derivation operation, if otherwise permitted by the key’s type and policy.</p>
-<p>This flag must be present on keys used with <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_verify_key" title="psa_key_derivation_verify_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_verify_key()</span></code></a>.</p>
-<p>If this flag is present on all keys used in calls to <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a> for a key derivation operation, then it permits calling <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_verify_bytes" title="psa_key_derivation_verify_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_verify_bytes()</span></code></a> or <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_verify_key" title="psa_key_derivation_verify_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_verify_key()</span></code></a> at the end of the operation.</p>
-</div>
-<div class="section" id="psa_set_key_usage_flags">
-<span id="c.psa_set_key_usage_flags"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_usage_flags</span></code> (function)</h3>
-<p>Declare usage flags for a key.</p>
-<pre class="literal-block">
-void <a class="reference internal" href="#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags">psa_set_key_usage_flags</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a> usage_flags);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The attribute object to write to.</dd>
-<dt> <code class="docutils literal"><span class="pre">usage_flags</span></code></dt>
-<dd>The usage flags to write.</dd>
-</dl>
-<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
-<p class="rubric">Description</p>
-<p>Usage flags are part of a key’s policy. They encode what kind of operations are permitted on the key. For more details, see <a class="reference internal" href="#key-policy"><span class="secref">Key policies</span></a>.</p>
-<p>This function overwrites any usage flags previously set in <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p class="last">This is a simple accessor function that is not required to validate its inputs. It can be efficiently implemented as a <code class="docutils literal"><span class="pre">static</span> <span class="pre">inline</span></code> function or a function-like-macro.</p>
-</div>
-</div>
-<div class="section" id="psa_get_key_usage_flags">
-<span id="c.psa_get_key_usage_flags"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_usage_flags</span></code> (function)</h3>
-<p>Retrieve the usage flags from key attributes.</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a> <a class="reference internal" href="#c.psa_get_key_usage_flags" title="psa_get_key_usage_flags">psa_get_key_usage_flags</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The key attribute object to query.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t"><code class="docutils literal"><span class="pre">psa_key_usage_t</span></code></a></p>
-<p>The usage flags stored in the attribute object.</p>
-<p class="rubric">Description</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p class="last">This is a simple accessor function that is not required to validate its inputs. It can be efficiently implemented as a <code class="docutils literal"><span class="pre">static</span> <span class="pre">inline</span></code> function or a function-like-macro.</p>
-</div>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">9. Key management reference</a><ul class="current">
-<li class="toctree-l2"><a class="reference internal" href="attributes.html">9.1. Key attributes</a></li>
-<li class="toctree-l2"><a class="reference internal" href="types.html">9.2. Key types</a></li>
-<li class="toctree-l2"><a class="reference internal" href="lifetimes.html">9.3. Key lifetimes</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ids.html">9.4. Key identifiers</a></li>
-<li class="toctree-l2 current"><a class="current reference internal" href="#">9.5. Key policies</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#permitted-algorithms">9.5.1. Permitted algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#key-usage-flags">9.5.2. Key usage flags</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="management.html">9.6. Key management functions</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/keys/policy.html'" />
diff --git a/docs/1.1.0/html/api/keys/types.html b/docs/1.1.0/html/api/keys/types.html
index 55c1c39..166c57a 100644
--- a/docs/1.1.0/html/api/keys/types.html
+++ b/docs/1.1.0/html/api/keys/types.html
@@ -1,1115 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>9.2. Key types — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="9.3. Key lifetimes" href="lifetimes.html" />
- <link rel="prev" title="9.1. Key attributes" href="attributes.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="key-types">
-<span id="id1"></span><h1>9.2. Key types</h1>
-<div class="section" id="key-type-encoding">
-<h2>9.2.1. Key type encoding</h2>
-<div class="section" id="psa_key_type_t">
-<span id="c.psa_key_type_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_type_t</span></code> (type)</h3>
-<p>Encoding of a key type.</p>
-<pre class="literal-block">
-typedef uint16_t <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>;
-</pre>
-<p>This is a structured bitfield that identifies the category and type of key. The range of key type values is divided as follows:</p>
-<dl class="docutils">
-<dt><a class="reference internal" href="#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code></a><code class="docutils literal"> <span class="pre">==</span> <span class="pre">0</span></code></dt>
-<dd>Reserved as an invalid key type.</dd>
-<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x0001</span></code><code class="docutils literal"> <span class="pre">–</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7fff</span></code></dt>
-<dd>Specification-defined key types.
-Key types defined by this standard always have bit 15 clear.
-Unallocated key type values in this range are reserved for future use.</dd>
-<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x8000</span></code><code class="docutils literal"> <span class="pre">–</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xffff</span></code></dt>
-<dd>Implementation-defined key types.
-Implementations that define additional key types must use an encoding with bit 15 set.
-The related support macros will be easier to write if these key encodings also respect the bitwise structure used by standard encodings.</dd>
-</dl>
-<p>The <a class="reference internal" href="../../appendix/encodings.html#appendix-encodings"><span class="secref">Algorithm and key type encoding</span></a> appendix provides a full definition of the key type encoding.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_NONE">
-<span id="c.PSA_KEY_TYPE_NONE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code> (macro)</h3>
-<p>An invalid key type value.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE">PSA_KEY_TYPE_NONE</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x0000)
-</pre>
-<p>Zero is not the encoding of any key type.</p>
-</div>
-</div>
-<div class="section" id="key-categories">
-<h2>9.2.2. Key categories</h2>
-<div class="section" id="PSA_KEY_TYPE_IS_UNSTRUCTURED">
-<span id="c.PSA_KEY_TYPE_IS_UNSTRUCTURED"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code> (macro)</h3>
-<p>Whether a key type is an unstructured array of bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_UNSTRUCTURED" title="PSA_KEY_TYPE_IS_UNSTRUCTURED">PSA_KEY_TYPE_IS_UNSTRUCTURED</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type: a value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This encompasses both symmetric keys and non-key data.</p>
-<p>See <a class="reference internal" href="#symmetric-keys"><span class="secref">Symmetric keys</span></a> for a list of symmetric key types.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_ASYMMETRIC">
-<span id="c.PSA_KEY_TYPE_IS_ASYMMETRIC"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code> (macro)</h3>
-<p>Whether a key type is asymmetric: either a key pair or a public key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_ASYMMETRIC" title="PSA_KEY_TYPE_IS_ASYMMETRIC">PSA_KEY_TYPE_IS_ASYMMETRIC</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type: a value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Description</p>
-<p>See <a class="reference internal" href="#asymmetric-keys"><span class="secref">RSA keys</span></a> for a list of asymmetric key types.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_PUBLIC_KEY">
-<span id="c.PSA_KEY_TYPE_IS_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code> (macro)</h3>
-<p>Whether a key type is the public part of a key pair.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_PUBLIC_KEY">PSA_KEY_TYPE_IS_PUBLIC_KEY</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type: a value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>.</dd>
-</dl>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_KEY_PAIR">
-<span id="c.PSA_KEY_TYPE_IS_KEY_PAIR"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code> (macro)</h3>
-<p>Whether a key type is a key pair containing a private part and a public part.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_KEY_PAIR" title="PSA_KEY_TYPE_IS_KEY_PAIR">PSA_KEY_TYPE_IS_KEY_PAIR</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type: a value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>.</dd>
-</dl>
-</div>
-</div>
-<div class="section" id="symmetric-keys">
-<span id="id2"></span><h2>9.2.3. Symmetric keys</h2>
-<div class="section" id="PSA_KEY_TYPE_RAW_DATA">
-<span id="c.PSA_KEY_TYPE_RAW_DATA"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code> (macro)</h3>
-<p>Raw data.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA">PSA_KEY_TYPE_RAW_DATA</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1001)
-</pre>
-<p>A “key” of this type cannot be used for any cryptographic operation. Applications can use this type to store arbitrary data in the keystore.</p>
-<p>The bit size of a raw key must be a non-zero multiple of 8. The maximum size of a raw key is <a class="reference internal" href="../../about.html#term-implementation-defined"><span class="scterm">IMPLEMENTATION DEFINED</span></a>.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HKDF</span></code></a> (non-secret inputs)</div>
-<div class="line"><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PRF</span></code></a> (non-secret inputs)</div>
-<div class="line"><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code></a> (non-secret inputs)</div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_HMAC">
-<span id="c.PSA_KEY_TYPE_HMAC"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_HMAC</span></code> (macro)</h3>
-<p>HMAC key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC">PSA_KEY_TYPE_HMAC</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1100)
-</pre>
-<p>The key policy determines which underlying hash algorithm the key can be used for.</p>
-<p>The bit size of an HMAC key must be a non-zero multiple of 8. An HMAC key is typically the same size as the output of the underlying hash algorithm. An HMAC key that is longer than the block size of the underlying hash algorithm will be hashed before use.</p>
-<p>When an HMAC key is created that is longer than the block size, it is <a class="reference internal" href="../../about.html#term-implementation-defined"><span class="scterm">implementation defined</span></a> whether the implementation stores the original HMAC key, or the hash of the HMAC key. If the hash of the key is stored, the key size reported by <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a> will be the size of the hashed key.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p><a class="reference internal" href="../ops/hashes.html#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> provides the output size of hash algorithm <code class="docutils literal"><span class="pre">alg</span></code>, in bytes.</p>
-<p class="last"><a class="reference internal" href="../ops/hashes.html#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> provides the block size of hash algorithm <code class="docutils literal"><span class="pre">alg</span></code>, in bytes.</p>
-</div>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/macs.html#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HMAC</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_DERIVE">
-<span id="c.PSA_KEY_TYPE_DERIVE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code> (macro)</h3>
-<p>A secret for key derivation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE">PSA_KEY_TYPE_DERIVE</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1200)
-</pre>
-<p>This key type is for high-entropy secrets only. For low-entropy secrets, <a class="reference internal" href="#c.PSA_KEY_TYPE_PASSWORD" title="PSA_KEY_TYPE_PASSWORD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD</span></code></a> should be used instead.</p>
-<p>These keys can be used in the <a class="reference internal" href="../ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> or <a class="reference internal" href="../ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_PASSWORD" title="PSA_KEY_DERIVATION_INPUT_PASSWORD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_PASSWORD</span></code></a> input step of key derivation algorithms.</p>
-<p>The key policy determines which key derivation algorithm the key can be used for.</p>
-<p>The bit size of a secret for key derivation must be a non-zero multiple of 8. The maximum size of a secret for key derivation is <a class="reference internal" href="../../about.html#term-implementation-defined"><span class="scterm">IMPLEMENTATION DEFINED</span></a>.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HKDF</span></code></a> (secret input)</div>
-<div class="line"><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PRF</span></code></a> (secret input)</div>
-<div class="line"><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code></a> (secret input)</div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_PASSWORD">
-<span id="c.PSA_KEY_TYPE_PASSWORD"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD</span></code> (macro)</h3>
-<p>A low-entropy secret for password hashing or key derivation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_PASSWORD" title="PSA_KEY_TYPE_PASSWORD">PSA_KEY_TYPE_PASSWORD</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1203)
-</pre>
-<p>This key type is suitable for passwords and passphrases which are typically intended to be memorizable by humans, and have a low entropy relative to their size.
-It can be used for randomly generated or derived keys with maximum or near-maximum entropy, but <a class="reference internal" href="#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a> is more suitable for such keys.
-It is not suitable for passwords with extremely low entropy, such as numerical PINs.</p>
-<p>These keys can be used in the <a class="reference internal" href="../ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_PASSWORD" title="PSA_KEY_DERIVATION_INPUT_PASSWORD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_PASSWORD</span></code></a> input step of key derivation algorithms.
-Algorithms that accept such an input were designed to accept low-entropy secret and are known as <em>password hashing</em> or <em>key stretching</em> algorithms.</p>
-<p>These keys cannot be used in the <a class="reference internal" href="../ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> input step of key derivation algorithms, as the algorithms expect such an input to have high entropy.</p>
-<p>The key policy determines which key derivation algorithm the key can be used for, among the permissible subset defined above.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_PBKDF2_HMAC" title="PSA_ALG_PBKDF2_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_PBKDF2_HMAC()</span></code></a> (password input)</div>
-<div class="line"><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_PBKDF2_AES_CMAC_PRF_128" title="PSA_ALG_PBKDF2_AES_CMAC_PRF_128"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_PBKDF2_AES_CMAC_PRF_128</span></code></a> (password input)</div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_PASSWORD_HASH">
-<span id="c.PSA_KEY_TYPE_PASSWORD_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD_HASH</span></code> (macro)</h3>
-<p>A secret value that can be used to verify a password hash.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_PASSWORD_HASH" title="PSA_KEY_TYPE_PASSWORD_HASH">PSA_KEY_TYPE_PASSWORD_HASH</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1205)
-</pre>
-<p>The key policy determines which key derivation algorithm the key can be used for, among the same permissible subset as for <a class="reference internal" href="#c.PSA_KEY_TYPE_PASSWORD" title="PSA_KEY_TYPE_PASSWORD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD</span></code></a>.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_PBKDF2_HMAC" title="PSA_ALG_PBKDF2_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_PBKDF2_HMAC()</span></code></a> (key output and verification)</div>
-<div class="line"><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_PBKDF2_AES_CMAC_PRF_128" title="PSA_ALG_PBKDF2_AES_CMAC_PRF_128"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_PBKDF2_AES_CMAC_PRF_128</span></code></a> (key output and verification)</div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_PEPPER">
-<span id="c.PSA_KEY_TYPE_PEPPER"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PEPPER</span></code> (macro)</h3>
-<p>A secret value that can be used when computing a password hash.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_PEPPER" title="PSA_KEY_TYPE_PEPPER">PSA_KEY_TYPE_PEPPER</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1206)
-</pre>
-<p>The key policy determines which key derivation algorithm the key can be used for, among the subset of algorithms that can use pepper.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_PBKDF2_HMAC" title="PSA_ALG_PBKDF2_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_PBKDF2_HMAC()</span></code></a> (salt input)</div>
-<div class="line"><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_PBKDF2_AES_CMAC_PRF_128" title="PSA_ALG_PBKDF2_AES_CMAC_PRF_128"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_PBKDF2_AES_CMAC_PRF_128</span></code></a> (salt input)</div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_AES">
-<span id="c.PSA_KEY_TYPE_AES"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code> (macro)</h3>
-<p>Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES">PSA_KEY_TYPE_AES</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2400)
-</pre>
-<p>The size of the key is related to the AES algorithm variant. For algorithms except the XTS block cipher mode, the following key sizes are used:</p>
-<ul class="simple">
-<li>AES-128 uses a 16-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">128</span></code></li>
-<li>AES-192 uses a 24-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">192</span></code></li>
-<li>AES-256 uses a 32-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
-</ul>
-<p>For the XTS block cipher mode (<a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_XTS</span></code></a>), the following key sizes are used:</p>
-<ul class="simple">
-<li>AES-128-XTS uses two 16-byte keys : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
-<li>AES-192-XTS uses two 24-byte keys : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">384</span></code></li>
-<li>AES-256-XTS uses two 32-byte keys : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">512</span></code></li>
-</ul>
-<p>The AES block cipher is defined in <span><em>FIPS Publication 197: Advanced Encryption Standard (AES)</em> <a class="reference internal" href="../../about.html#citation-fips197"><span class="cite">[FIPS197]</span></a></span>.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/macs.html#c.PSA_ALG_CBC_MAC" title="PSA_ALG_CBC_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_MAC</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/macs.html#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CMAC</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CTR" title="PSA_ALG_CTR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CTR</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CFB" title="PSA_ALG_CFB"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CFB</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_OFB" title="PSA_ALG_OFB"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_OFB</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_XTS</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CBC_NO_PADDING" title="PSA_ALG_CBC_NO_PADDING"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CBC_PKCS7" title="PSA_ALG_CBC_PKCS7"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_PKCS7</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_ECB_NO_PADDING" title="PSA_ALG_ECB_NO_PADDING"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECB_NO_PADDING</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/aead.html#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CCM</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/aead.html#c.PSA_ALG_GCM" title="PSA_ALG_GCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_GCM</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_ARIA">
-<span id="c.PSA_KEY_TYPE_ARIA"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ARIA</span></code> (macro)</h3>
-<p>Key for a cipher, AEAD or MAC algorithm based on the ARIA block cipher.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_ARIA" title="PSA_KEY_TYPE_ARIA">PSA_KEY_TYPE_ARIA</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2406)
-</pre>
-<p>The size of the key is related to the ARIA algorithm variant. For algorithms except the XTS block cipher mode, the following key sizes are used:</p>
-<ul class="simple">
-<li>ARIA-128 uses a 16-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">128</span></code></li>
-<li>ARIA-192 uses a 24-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">192</span></code></li>
-<li>ARIA-256 uses a 32-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
-</ul>
-<p>For the XTS block cipher mode (<a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_XTS</span></code></a>), the following key sizes are used:</p>
-<ul class="simple">
-<li>ARIA-128-XTS uses two 16-byte keys : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
-<li>ARIA-192-XTS uses two 24-byte keys : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">384</span></code></li>
-<li>ARIA-256-XTS uses two 32-byte keys : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">512</span></code></li>
-</ul>
-<p>The ARIA block cipher is defined in <span><em>A Description of the ARIA Encryption Algorithm</em> <a class="reference internal" href="../../about.html#citation-rfc5794"><span class="cite">[RFC5794]</span></a></span>.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/macs.html#c.PSA_ALG_CBC_MAC" title="PSA_ALG_CBC_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_MAC</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/macs.html#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CMAC</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CTR" title="PSA_ALG_CTR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CTR</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CFB" title="PSA_ALG_CFB"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CFB</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_OFB" title="PSA_ALG_OFB"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_OFB</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_XTS</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CBC_NO_PADDING" title="PSA_ALG_CBC_NO_PADDING"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CBC_PKCS7" title="PSA_ALG_CBC_PKCS7"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_PKCS7</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_ECB_NO_PADDING" title="PSA_ALG_ECB_NO_PADDING"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECB_NO_PADDING</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/aead.html#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CCM</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/aead.html#c.PSA_ALG_GCM" title="PSA_ALG_GCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_GCM</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_DES">
-<span id="c.PSA_KEY_TYPE_DES"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code> (macro)</h3>
-<p>Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES">PSA_KEY_TYPE_DES</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2301)
-</pre>
-<p>The size of the key determines which DES algorithm is used:</p>
-<ul class="simple">
-<li>Single DES uses an 8-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">64</span></code></li>
-<li>2-key 3DES uses a 16-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">128</span></code></li>
-<li>3-key 3DES uses a 24-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">192</span></code></li>
-</ul>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p>Single DES and 2-key 3DES are weak and strongly deprecated and are only recommended for decrypting legacy data.</p>
-<p class="last">3-key 3DES is weak and deprecated and is only recommended for use in legacy protocols.</p>
-</div>
-<p>The DES and 3DES block ciphers are defined in <span><em>NIST Special Publication 800-67: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher</em> <a class="reference internal" href="../../about.html#citation-sp800-67"><span class="cite">[SP800-67]</span></a></span>.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/macs.html#c.PSA_ALG_CBC_MAC" title="PSA_ALG_CBC_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_MAC</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/macs.html#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CMAC</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CTR" title="PSA_ALG_CTR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CTR</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CFB" title="PSA_ALG_CFB"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CFB</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_OFB" title="PSA_ALG_OFB"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_OFB</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_XTS</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CBC_NO_PADDING" title="PSA_ALG_CBC_NO_PADDING"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CBC_PKCS7" title="PSA_ALG_CBC_PKCS7"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_PKCS7</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_ECB_NO_PADDING" title="PSA_ALG_ECB_NO_PADDING"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECB_NO_PADDING</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_CAMELLIA">
-<span id="c.PSA_KEY_TYPE_CAMELLIA"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code> (macro)</h3>
-<p>Key for a cipher, AEAD or MAC algorithm based on the Camellia block cipher.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA">PSA_KEY_TYPE_CAMELLIA</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2403)
-</pre>
-<p>The size of the key is related to the Camellia algorithm variant. For algorithms except the XTS block cipher mode, the following key sizes are used:</p>
-<ul class="simple">
-<li>Camellia-128 uses a 16-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">128</span></code></li>
-<li>Camellia-192 uses a 24-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">192</span></code></li>
-<li>Camellia-256 uses a 32-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
-</ul>
-<p>For the XTS block cipher mode (<a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_XTS</span></code></a>), the following key sizes are used:</p>
-<ul class="simple">
-<li>Camellia-128-XTS uses two 16-byte keys : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
-<li>Camellia-192-XTS uses two 24-byte keys : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">384</span></code></li>
-<li>Camellia-256-XTS uses two 32-byte keys : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">512</span></code></li>
-</ul>
-<p>The Camellia block cipher is defined in <span><em>Specification of Camellia — a 128-bit Block Cipher</em> <a class="reference internal" href="../../about.html#citation-ntt-cam"><span class="cite">[NTT-CAM]</span></a></span> and also described in <span><em>A Description of the Camellia Encryption Algorithm</em> <a class="reference internal" href="../../about.html#citation-rfc3713"><span class="cite">[RFC3713]</span></a></span>.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/macs.html#c.PSA_ALG_CBC_MAC" title="PSA_ALG_CBC_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_MAC</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/macs.html#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CMAC</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CTR" title="PSA_ALG_CTR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CTR</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CFB" title="PSA_ALG_CFB"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CFB</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_OFB" title="PSA_ALG_OFB"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_OFB</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_XTS</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CBC_NO_PADDING" title="PSA_ALG_CBC_NO_PADDING"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CBC_PKCS7" title="PSA_ALG_CBC_PKCS7"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_PKCS7</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_ECB_NO_PADDING" title="PSA_ALG_ECB_NO_PADDING"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECB_NO_PADDING</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/aead.html#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CCM</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/aead.html#c.PSA_ALG_GCM" title="PSA_ALG_GCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_GCM</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_SM4">
-<span id="c.PSA_KEY_TYPE_SM4"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code> (macro)</h3>
-<p>Key for a cipher, AEAD or MAC algorithm based on the SM4 block cipher.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4">PSA_KEY_TYPE_SM4</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2405)
-</pre>
-<p>For algorithms except the XTS block cipher mode, the SM4 key size is 128 bits (16 bytes).</p>
-<p>For the XTS block cipher mode (<a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_XTS</span></code></a>), the SM4 key size is 256 bits (two 16-byte keys).</p>
-<p>The SM4 block cipher is defined in <span><em>GM/T 0002-2012: SM4 block cipher algorithm</em> <a class="reference internal" href="../../about.html#citation-cstc0002"><span class="cite">[CSTC0002]</span></a></span> (English version <a class="reference internal" href="../../about.html#citation-cstc0002-e"><span class="cite">[CSTC0002/E]</span></a>).</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/macs.html#c.PSA_ALG_CBC_MAC" title="PSA_ALG_CBC_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_MAC</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/macs.html#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CMAC</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CTR" title="PSA_ALG_CTR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CTR</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CFB" title="PSA_ALG_CFB"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CFB</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_OFB" title="PSA_ALG_OFB"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_OFB</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_XTS</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CBC_NO_PADDING" title="PSA_ALG_CBC_NO_PADDING"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_CBC_PKCS7" title="PSA_ALG_CBC_PKCS7"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_PKCS7</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_ECB_NO_PADDING" title="PSA_ALG_ECB_NO_PADDING"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECB_NO_PADDING</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/aead.html#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CCM</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/aead.html#c.PSA_ALG_GCM" title="PSA_ALG_GCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_GCM</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_ARC4">
-<span id="c.PSA_KEY_TYPE_ARC4"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code> (macro)</h3>
-<p>Key for the ARC4 stream cipher.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4">PSA_KEY_TYPE_ARC4</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2002)
-</pre>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">The ARC4 cipher is weak and deprecated and is only recommended for use in legacy protocols.</p>
-</div>
-<p>The ARC4 cipher supports key sizes between 40 and 2048 bits, that are multiples of 8. (5 to 256 bytes)</p>
-<p>Use algorithm <a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a> to use this key with the ARC4 cipher.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_CHACHA20">
-<span id="c.PSA_KEY_TYPE_CHACHA20"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code> (macro)</h3>
-<p>Key for the ChaCha20 stream cipher or the ChaCha20-Poly1305 AEAD algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20">PSA_KEY_TYPE_CHACHA20</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2004)
-</pre>
-<p>The ChaCha20 key size is 256 bits (32 bytes).</p>
-<ul class="simple">
-<li>Use algorithm <a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a> to use this key with the ChaCha20 cipher for unauthenticated encryption. See <a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a> for details of this algorithm.</li>
-<li>Use algorithm <a class="reference internal" href="../ops/aead.html#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code></a> to use this key with the ChaCha20 cipher and Poly1305 authenticator for AEAD. See <a class="reference internal" href="../ops/aead.html#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code></a> for details of this algorithm.</li>
-</ul>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/aead.html#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code></a></div>
-</div>
-</div>
-</div>
-<div class="section" id="rsa-keys">
-<span id="asymmetric-keys"></span><h2>9.2.4. RSA keys</h2>
-<div class="section" id="PSA_KEY_TYPE_RSA_KEY_PAIR">
-<span id="c.PSA_KEY_TYPE_RSA_KEY_PAIR"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code> (macro)</h3>
-<p>RSA key pair: both the private and public key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR">PSA_KEY_TYPE_RSA_KEY_PAIR</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x7001)
-</pre>
-<p>The size of an RSA key is the bit size of the modulus.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/pke.html#c.PSA_ALG_RSA_OAEP" title="PSA_ALG_RSA_OAEP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_OAEP</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/pke.html#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_RSA_PSS_ANY_SALT" title="PSA_ALG_RSA_PSS_ANY_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS_ANY_SALT</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_RSA_PUBLIC_KEY">
-<span id="c.PSA_KEY_TYPE_RSA_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code> (macro)</h3>
-<p>RSA public key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x4001)
-</pre>
-<p>The size of an RSA key is the bit size of the modulus.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/pke.html#c.PSA_ALG_RSA_OAEP" title="PSA_ALG_RSA_OAEP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_OAEP</span></code></a> (encryption only)</div>
-<div class="line"><a class="reference internal" href="../ops/pke.html#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code></a> (encryption only)</div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code></a> (signature verification only)</div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a> (signature verification only)</div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code></a> (signature verification only)</div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_RSA_PSS_ANY_SALT" title="PSA_ALG_RSA_PSS_ANY_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS_ANY_SALT</span></code></a> (signature verification only)</div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_RSA">
-<span id="c.PSA_KEY_TYPE_IS_RSA"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code> (macro)</h3>
-<p>Whether a key type is an RSA key. This includes both key pairs and public keys.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_RSA" title="PSA_KEY_TYPE_IS_RSA">PSA_KEY_TYPE_IS_RSA</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type: a value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>.</dd>
-</dl>
-</div>
-</div>
-<div class="section" id="elliptic-curve-keys">
-<h2>9.2.5. Elliptic Curve keys</h2>
-<div class="section" id="psa_ecc_family_t">
-<span id="c.psa_ecc_family_t"></span><h3><code class="docutils literal"><span class="pre">psa_ecc_family_t</span></code> (type)</h3>
-<p>The type of PSA elliptic curve family identifiers.</p>
-<pre class="literal-block">
-typedef uint8_t <a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>;
-</pre>
-<p>The curve identifier is required to create an ECC key using the <a class="reference internal" href="#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR()</span></code></a> or <a class="reference internal" href="#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY()</span></code></a> macros.</p>
-<p>The specific ECC curve within a family is identified by the <code class="docutils literal"><span class="pre">key_bits</span></code> attribute of the key.</p>
-<p>The range of Elliptic curve family identifier values is divided as follows:</p>
-<dl class="docutils">
-<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x00</span></code><code class="docutils literal"> <span class="pre">–</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f</span></code></dt>
-<dd>ECC family identifiers defined by this standard.
-Unallocated values in this range are reserved for future use.</dd>
-<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x80</span></code><code class="docutils literal"> <span class="pre">–</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xff</span></code></dt>
-<dd>Implementations that define additional families must use an encoding in this range.</dd>
-</dl>
-</div>
-<div class="section" id="PSA_KEY_TYPE_ECC_KEY_PAIR">
-<span id="c.PSA_KEY_TYPE_ECC_KEY_PAIR"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code> (macro)</h3>
-<p>Elliptic curve key pair: both the private and public key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR">PSA_KEY_TYPE_ECC_KEY_PAIR</a>(curve) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">curve</span></code></dt>
-<dd>A value of type <a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_ecc_family_t</span></code></a> that identifies the ECC curve family to be used.</dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The size of an elliptic curve key is the bit size associated with the curve, that is, the bit size of <em>q</em> for a curve over a field <em>F</em><sub>q</sub>. See the documentation of each Elliptic curve family for details.</p>
-<p class="rubric">Compatible algorithms</p>
-<p>Elliptic curve key pairs can be used in Asymmetric signature and Key agreement algorithms.</p>
-<p>The set of compatible algorithms depends on the Elliptic curve key family. See the Elliptic curve family for details.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_ECC_PUBLIC_KEY">
-<span id="c.PSA_KEY_TYPE_ECC_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code> (macro)</h3>
-<p>Elliptic curve public key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY">PSA_KEY_TYPE_ECC_PUBLIC_KEY</a>(curve) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">curve</span></code></dt>
-<dd>A value of type <a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_ecc_family_t</span></code></a> that identifies the ECC curve family to be used.</dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The size of an elliptic curve public key is the same as the corresponding private key. See <a class="reference internal" href="#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR()</span></code></a> and the documentation of each Elliptic curve family for details.</p>
-<p class="rubric">Compatible algorithms</p>
-<p>Elliptic curve public keys can be used for verification in Asymmetric signature algorithms.</p>
-<p>The set of compatible algorithms depends on the Elliptic curve key family. See each Elliptic curve family for details.</p>
-</div>
-<div class="section" id="PSA_ECC_FAMILY_SECP_K1">
-<span id="c.PSA_ECC_FAMILY_SECP_K1"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_K1</span></code> (macro)</h3>
-<p>SEC Koblitz curves over prime fields.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_SECP_K1" title="PSA_ECC_FAMILY_SECP_K1">PSA_ECC_FAMILY_SECP_K1</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x17)
-</pre>
-<p>This family comprises the following curves:</p>
-<ul class="simple">
-<li>secp192k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">192</span></code></li>
-<li>secp224k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">225</span></code></li>
-<li>secp256k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
-</ul>
-<p>They are defined in <span><em>SEC 2: Recommended Elliptic Curve Domain Parameters</em> <a class="reference internal" href="../../about.html#citation-sec2"><span class="cite">[SEC2]</span></a></span>.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a> (key pair only)</div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_FAMILY_SECP_R1">
-<span id="c.PSA_ECC_FAMILY_SECP_R1"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_R1</span></code> (macro)</h3>
-<p>SEC random curves over prime fields.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_SECP_R1" title="PSA_ECC_FAMILY_SECP_R1">PSA_ECC_FAMILY_SECP_R1</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x12)
-</pre>
-<p>This family comprises the following curves:</p>
-<ul class="simple">
-<li>secp192r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">192</span></code></li>
-<li>secp224r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">224</span></code></li>
-<li>secp256r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
-<li>secp384r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">384</span></code></li>
-<li>secp521r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">521</span></code></li>
-</ul>
-<p>They are defined in <a class="reference internal" href="../../about.html#citation-sec2"><span class="cite">[SEC2]</span></a>.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a> (key pair only)</div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_FAMILY_SECP_R2">
-<span id="c.PSA_ECC_FAMILY_SECP_R2"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_R2</span></code> (macro)</h3>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">This family of curves is weak and deprecated.</p>
-</div>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_SECP_R2" title="PSA_ECC_FAMILY_SECP_R2">PSA_ECC_FAMILY_SECP_R2</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x1b)
-</pre>
-<p>This family comprises the following curves:</p>
-<ul class="simple">
-<li>secp160r2 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">160</span></code> <em>(Deprecated)</em></li>
-</ul>
-<p>It is defined in the superseded <span><em>SEC 2: Recommended Elliptic Curve Domain Parameters, Version 1.0</em> <a class="reference internal" href="../../about.html#citation-sec2v1"><span class="cite">[SEC2v1]</span></a></span>.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a> (key pair only)</div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_FAMILY_SECT_K1">
-<span id="c.PSA_ECC_FAMILY_SECT_K1"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_K1</span></code> (macro)</h3>
-<p>SEC Koblitz curves over binary fields.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_SECT_K1" title="PSA_ECC_FAMILY_SECT_K1">PSA_ECC_FAMILY_SECT_K1</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x27)
-</pre>
-<p>This family comprises the following curves:</p>
-<ul class="simple">
-<li>sect163k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">163</span></code> <em>(Deprecated)</em></li>
-<li>sect233k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">233</span></code></li>
-<li>sect239k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">239</span></code></li>
-<li>sect283k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">283</span></code></li>
-<li>sect409k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">409</span></code></li>
-<li>sect571k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">571</span></code></li>
-</ul>
-<p>They are defined in <a class="reference internal" href="../../about.html#citation-sec2"><span class="cite">[SEC2]</span></a>.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">The 163-bit curve sect163k1 is weak and deprecated and is only recommended for use in legacy protocols.</p>
-</div>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a> (key pair only)</div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_FAMILY_SECT_R1">
-<span id="c.PSA_ECC_FAMILY_SECT_R1"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_R1</span></code> (macro)</h3>
-<p>SEC random curves over binary fields.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_SECT_R1" title="PSA_ECC_FAMILY_SECT_R1">PSA_ECC_FAMILY_SECT_R1</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x22)
-</pre>
-<p>This family comprises the following curves:</p>
-<ul class="simple">
-<li>sect163r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">163</span></code> <em>(Deprecated)</em></li>
-<li>sect233r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">233</span></code></li>
-<li>sect283r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">283</span></code></li>
-<li>sect409r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">409</span></code></li>
-<li>sect571r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">571</span></code></li>
-</ul>
-<p>They are defined in <a class="reference internal" href="../../about.html#citation-sec2"><span class="cite">[SEC2]</span></a>.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">The 163-bit curve sect163r1 is weak and deprecated and is only recommended for use in legacy protocols.</p>
-</div>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a> (key pair only)</div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_FAMILY_SECT_R2">
-<span id="c.PSA_ECC_FAMILY_SECT_R2"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_R2</span></code> (macro)</h3>
-<p>SEC additional random curves over binary fields.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_SECT_R2" title="PSA_ECC_FAMILY_SECT_R2">PSA_ECC_FAMILY_SECT_R2</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x2b)
-</pre>
-<p>This family comprises the following curves:</p>
-<ul class="simple">
-<li>sect163r2 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">163</span></code> <em>(Deprecated)</em></li>
-</ul>
-<p>It is defined in <a class="reference internal" href="../../about.html#citation-sec2"><span class="cite">[SEC2]</span></a>.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">The 163-bit curve sect163r2 is weak and deprecated and is only recommended for use in legacy protocols.</p>
-</div>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a> (key pair only)</div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_FAMILY_BRAINPOOL_P_R1">
-<span id="c.PSA_ECC_FAMILY_BRAINPOOL_P_R1"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code> (macro)</h3>
-<p>Brainpool P random curves.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1">PSA_ECC_FAMILY_BRAINPOOL_P_R1</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x30)
-</pre>
-<p>This family comprises the following curves:</p>
-<ul class="simple">
-<li>brainpoolP160r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">160</span></code> <em>(Deprecated)</em></li>
-<li>brainpoolP192r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">192</span></code></li>
-<li>brainpoolP224r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">224</span></code></li>
-<li>brainpoolP256r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
-<li>brainpoolP320r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">320</span></code></li>
-<li>brainpoolP384r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">384</span></code></li>
-<li>brainpoolP512r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">512</span></code></li>
-</ul>
-<p>They are defined in <span><em>Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation</em> <a class="reference internal" href="../../about.html#citation-rfc5639"><span class="cite">[RFC5639]</span></a></span>.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">The 160-bit curve brainpoolP160r1 is weak and deprecated and is only recommended for use in legacy protocols.</p>
-</div>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a> (key pair only)</div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_FAMILY_FRP">
-<span id="c.PSA_ECC_FAMILY_FRP"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code> (macro)</h3>
-<p>Curve used primarily in France and elsewhere in Europe.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP">PSA_ECC_FAMILY_FRP</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x33)
-</pre>
-<p>This family comprises one 256-bit curve:</p>
-<ul class="simple">
-<li>FRP256v1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
-</ul>
-<p>This is defined by <span><em>Publication d'un paramétrage de courbe elliptique visant des applications de passeport électronique et de l'administration électronique française</em> <a class="reference internal" href="../../about.html#citation-frp"><span class="cite">[FRP]</span></a></span>.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a> (key pair only)</div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_FAMILY_MONTGOMERY">
-<span id="c.PSA_ECC_FAMILY_MONTGOMERY"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code> (macro)</h3>
-<p>Montgomery curves.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY">PSA_ECC_FAMILY_MONTGOMERY</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x41)
-</pre>
-<p>This family comprises the following Montgomery curves:</p>
-<ul class="simple">
-<li>Curve25519 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">255</span></code></li>
-<li>Curve448 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">448</span></code></li>
-</ul>
-<p>Curve25519 is defined in <span><em>Curve25519: new Diffie-Hellman speed records</em> <a class="reference internal" href="../../about.html#citation-curve25519"><span class="cite">[Curve25519]</span></a></span>. Curve448 is defined in <span><em>Ed448-Goldilocks, a new elliptic curve</em> <a class="reference internal" href="../../about.html#citation-curve448"><span class="cite">[Curve448]</span></a></span>.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a> (key pair only)</div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_FAMILY_TWISTED_EDWARDS">
-<span id="c.PSA_ECC_FAMILY_TWISTED_EDWARDS"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_TWISTED_EDWARDS</span></code> (macro)</h3>
-<p>Twisted Edwards curves.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_TWISTED_EDWARDS" title="PSA_ECC_FAMILY_TWISTED_EDWARDS">PSA_ECC_FAMILY_TWISTED_EDWARDS</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x42)
-</pre>
-<p>This family comprises the following twisted Edwards curves:</p>
-<ul class="simple">
-<li>Edwards25519 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">255</span></code>. This curve is birationally equivalent to Curve25519.</li>
-<li>Edwards448 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">448</span></code>. This curve is birationally equivalent to Curve448.</li>
-</ul>
-<p>Edwards25519 is defined in <span><em>Twisted Edwards curves</em> <a class="reference internal" href="../../about.html#citation-ed25519"><span class="cite">[Ed25519]</span></a></span>. Edwards448 is defined in <span><em>Ed448-Goldilocks, a new elliptic curve</em> <a class="reference internal" href="../../about.html#citation-curve448"><span class="cite">[Curve448]</span></a></span>.</p>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_PURE_EDDSA" title="PSA_ALG_PURE_EDDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_PURE_EDDSA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ED25519PH" title="PSA_ALG_ED25519PH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ED25519PH</span></code></a> (Edwards25519 only)</div>
-<div class="line"><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ED448PH" title="PSA_ALG_ED448PH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ED448PH</span></code></a> (Edwards448 only)</div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_ECC">
-<span id="c.PSA_KEY_TYPE_IS_ECC"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code> (macro)</h3>
-<p>Whether a key type is an elliptic curve key, either a key pair or a public key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_ECC" title="PSA_KEY_TYPE_IS_ECC">PSA_KEY_TYPE_IS_ECC</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type: a value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>.</dd>
-</dl>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_ECC_KEY_PAIR">
-<span id="c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code> (macro)</h3>
-<p>Whether a key type is an elliptic curve key pair.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR" title="PSA_KEY_TYPE_IS_ECC_KEY_PAIR">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type: a value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>.</dd>
-</dl>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY">
-<span id="c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code> (macro)</h3>
-<p>Whether a key type is an elliptic curve public key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type: a value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>.</dd>
-</dl>
-</div>
-<div class="section" id="PSA_KEY_TYPE_ECC_GET_FAMILY">
-<span id="c.PSA_KEY_TYPE_ECC_GET_FAMILY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_GET_FAMILY</span></code> (macro)</h3>
-<p>Extract the curve family from an elliptic curve key type.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_ECC_GET_FAMILY" title="PSA_KEY_TYPE_ECC_GET_FAMILY">PSA_KEY_TYPE_ECC_GET_FAMILY</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>An elliptic curve key type: a value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> such that <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_ECC" title="PSA_KEY_TYPE_IS_ECC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t"><code class="docutils literal"><span class="pre">psa_ecc_family_t</span></code></a></p>
-<p>The elliptic curve family id, if <code class="docutils literal"><span class="pre">type</span></code> is a supported elliptic curve key. Unspecified if <code class="docutils literal"><span class="pre">type</span></code> is not a supported elliptic curve key.</p>
-</div>
-</div>
-<div class="section" id="diffie-hellman-keys">
-<h2>9.2.6. Diffie Hellman keys</h2>
-<div class="section" id="psa_dh_family_t">
-<span id="c.psa_dh_family_t"></span><h3><code class="docutils literal"><span class="pre">psa_dh_family_t</span></code> (type)</h3>
-<p>The type of PSA finite-field Diffie-Hellman group family identifiers.</p>
-<pre class="literal-block">
-typedef uint8_t <a class="reference internal" href="#c.psa_dh_family_t" title="psa_dh_family_t">psa_dh_family_t</a>;
-</pre>
-<p>The group family identifier is required to create a finite-field Diffie-Hellman key using the <a class="reference internal" href="#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR()</span></code></a> or <a class="reference internal" href="#c.PSA_KEY_TYPE_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY()</span></code></a> macros.</p>
-<p>The specific Diffie-Hellman group within a family is identified by the <code class="docutils literal"><span class="pre">key_bits</span></code> attribute of the key.</p>
-<p>The range of Diffie-Hellman group family identifier values is divided as follows:</p>
-<dl class="docutils">
-<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x00</span></code><code class="docutils literal"> <span class="pre">–</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f</span></code></dt>
-<dd>DH group family identifiers defined by this standard.
-Unallocated values in this range are reserved for future use.</dd>
-<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x80</span></code><code class="docutils literal"> <span class="pre">–</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xff</span></code></dt>
-<dd>Implementations that define additional families must use an encoding in this range.</dd>
-</dl>
-</div>
-<div class="section" id="PSA_KEY_TYPE_DH_KEY_PAIR">
-<span id="c.PSA_KEY_TYPE_DH_KEY_PAIR"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code> (macro)</h3>
-<p>Finite-field Diffie-Hellman key pair: both the private key and public key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR">PSA_KEY_TYPE_DH_KEY_PAIR</a>(group) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">group</span></code></dt>
-<dd>A value of type <a class="reference internal" href="#c.psa_dh_family_t" title="psa_dh_family_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_dh_family_t</span></code></a> that identifies the Diffie-Hellman group family to be used.</dd>
-</dl>
-<p class="rubric">Compatible algorithms</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../ops/ka.html#c.PSA_ALG_FFDH" title="PSA_ALG_FFDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_FFDH</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_DH_PUBLIC_KEY">
-<span id="c.PSA_KEY_TYPE_DH_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code> (macro)</h3>
-<p>Finite-field Diffie-Hellman public key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_DH_PUBLIC_KEY">PSA_KEY_TYPE_DH_PUBLIC_KEY</a>(group) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">group</span></code></dt>
-<dd>A value of type <a class="reference internal" href="#c.psa_dh_family_t" title="psa_dh_family_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_dh_family_t</span></code></a> that identifies the Diffie-Hellman group family to be used.</dd>
-</dl>
-<p class="rubric">Compatible algorithms</p>
-<p>None. Finite-field Diffie-Hellman public keys are exported to use in a key agreement algorithm, and the peer key is provided to the <a class="reference internal" href="../ops/ka.html#c.PSA_ALG_FFDH" title="PSA_ALG_FFDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_FFDH</span></code></a> key agreement algorithm as a buffer of key data.</p>
-</div>
-<div class="section" id="PSA_DH_FAMILY_RFC7919">
-<span id="c.PSA_DH_FAMILY_RFC7919"></span><h3><code class="docutils literal"><span class="pre">PSA_DH_FAMILY_RFC7919</span></code> (macro)</h3>
-<p>Finite-field Diffie-Hellman groups defined for TLS in RFC 7919.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_DH_FAMILY_RFC7919" title="PSA_DH_FAMILY_RFC7919">PSA_DH_FAMILY_RFC7919</a> ((<a class="reference internal" href="#c.psa_dh_family_t" title="psa_dh_family_t">psa_dh_family_t</a>) 0x03)
-</pre>
-<p>This family includes groups with the following key sizes (in bits): 2048, 3072, 4096, 6144, 8192.
-An implementation can support all of these sizes or only a subset.</p>
-<p>Keys is this group can only be used with the <a class="reference internal" href="../ops/ka.html#c.PSA_ALG_FFDH" title="PSA_ALG_FFDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_FFDH</span></code></a> key agreement algorithm.</p>
-<p>These groups are defined by <span><em>Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)</em> <a class="reference internal" href="../../about.html#citation-rfc7919"><span class="cite">[RFC7919]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc7919.html#appendix-A">Appendix A</a>.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY">
-<span id="c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code> (macro)</h3>
-<p>The key pair type corresponding to a public key type.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY" title="PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</a>(type) \
- <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A public key type or key pair type.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding key pair type. If <code class="docutils literal"><span class="pre">type</span></code> is not a public key or a key pair, the return value is undefined.</p>
-<p class="rubric">Description</p>
-<p>If <code class="docutils literal"><span class="pre">type</span></code> is a key pair type, it will be left unchanged.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR">
-<span id="c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code> (macro)</h3>
-<p>The public key type corresponding to a key pair type.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</a>(type) \
- <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A public key type or key pair type.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding public key type. If <code class="docutils literal"><span class="pre">type</span></code> is not a public key or a key pair, the return value is undefined.</p>
-<p class="rubric">Description</p>
-<p>If <code class="docutils literal"><span class="pre">type</span></code> is a public key type, it will be left unchanged.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_DH">
-<span id="c.PSA_KEY_TYPE_IS_DH"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code> (macro)</h3>
-<p>Whether a key type is a Diffie-Hellman key, either a key pair or a public key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_DH" title="PSA_KEY_TYPE_IS_DH">PSA_KEY_TYPE_IS_DH</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type: a value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>.</dd>
-</dl>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_DH_KEY_PAIR">
-<span id="c.PSA_KEY_TYPE_IS_DH_KEY_PAIR"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code> (macro)</h3>
-<p>Whether a key type is a Diffie-Hellman key pair.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_DH_KEY_PAIR" title="PSA_KEY_TYPE_IS_DH_KEY_PAIR">PSA_KEY_TYPE_IS_DH_KEY_PAIR</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type: a value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>.</dd>
-</dl>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY">
-<span id="c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code> (macro)</h3>
-<p>Whether a key type is a Diffie-Hellman public key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type: a value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>.</dd>
-</dl>
-</div>
-<div class="section" id="PSA_KEY_TYPE_DH_GET_FAMILY">
-<span id="c.PSA_KEY_TYPE_DH_GET_FAMILY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_GET_FAMILY</span></code> (macro)</h3>
-<p>Extract the group family from a Diffie-Hellman key type.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_DH_GET_FAMILY" title="PSA_KEY_TYPE_DH_GET_FAMILY">PSA_KEY_TYPE_DH_GET_FAMILY</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A Diffie-Hellman key type: a value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> such that <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_DH" title="PSA_KEY_TYPE_IS_DH"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="#c.psa_dh_family_t" title="psa_dh_family_t"><code class="docutils literal"><span class="pre">psa_dh_family_t</span></code></a></p>
-<p>The Diffie-Hellman group family id, if <code class="docutils literal"><span class="pre">type</span></code> is a supported Diffie-Hellman key. Unspecified if <code class="docutils literal"><span class="pre">type</span></code> is not a supported Diffie-Hellman key.</p>
-</div>
-</div>
-<div class="section" id="attribute-accessors">
-<h2>9.2.7. Attribute accessors</h2>
-<div class="section" id="psa_set_key_type">
-<span id="c.psa_set_key_type"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_type</span></code> (function)</h3>
-<p>Declare the type of a key.</p>
-<pre class="literal-block">
-void <a class="reference internal" href="#c.psa_set_key_type" title="psa_set_key_type">psa_set_key_type</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> type);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The attribute object to write to.</dd>
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>The key type to write. If this is <a class="reference internal" href="#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code></a>, the key type in <code class="docutils literal"><span class="pre">attributes</span></code> becomes unspecified.</dd>
-</dl>
-<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
-<p class="rubric">Description</p>
-<p>This function overwrites any key type previously set in <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p class="last">This is a simple accessor function that is not required to validate its inputs. It can be efficiently implemented as a <code class="docutils literal"><span class="pre">static</span> <span class="pre">inline</span></code> function or a function-like-macro.</p>
-</div>
-</div>
-<div class="section" id="psa_get_key_type">
-<span id="c.psa_get_key_type"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_type</span></code> (function)</h3>
-<p>Retrieve the key type from key attributes.</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> <a class="reference internal" href="#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The key attribute object to query.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code></a></p>
-<p>The key type stored in the attribute object.</p>
-<p class="rubric">Description</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p class="last">This is a simple accessor function that is not required to validate its inputs. It can be efficiently implemented as a <code class="docutils literal"><span class="pre">static</span> <span class="pre">inline</span></code> function or a function-like-macro.</p>
-</div>
-</div>
-<div class="section" id="psa_get_key_bits">
-<span id="c.psa_get_key_bits"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_bits</span></code> (function)</h3>
-<p>Retrieve the key size from key attributes.</p>
-<pre class="literal-block">
-size_t <a class="reference internal" href="#c.psa_get_key_bits" title="psa_get_key_bits">psa_get_key_bits</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The key attribute object to query.</dd>
-</dl>
-<p class="rubric">Returns: <code class="docutils literal"><span class="pre">size_t</span></code></p>
-<p>The key size stored in the attribute object, in bits.</p>
-<p class="rubric">Description</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p class="last">This is a simple accessor function that is not required to validate its inputs. It can be efficiently implemented as a <code class="docutils literal"><span class="pre">static</span> <span class="pre">inline</span></code> function or a function-like-macro.</p>
-</div>
-</div>
-<div class="section" id="psa_set_key_bits">
-<span id="c.psa_set_key_bits"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_bits</span></code> (function)</h3>
-<p>Declare the size of a key.</p>
-<pre class="literal-block">
-void <a class="reference internal" href="#c.psa_set_key_bits" title="psa_set_key_bits">psa_set_key_bits</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- size_t bits);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The attribute object to write to.</dd>
-<dt> <code class="docutils literal"><span class="pre">bits</span></code></dt>
-<dd>The key size in bits. If this is <code class="docutils literal"><span class="pre">0</span></code>, the key size in <code class="docutils literal"><span class="pre">attributes</span></code> becomes unspecified. Keys of size <code class="docutils literal"><span class="pre">0</span></code> are not supported.</dd>
-</dl>
-<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
-<p class="rubric">Description</p>
-<p>This function overwrites any key size previously set in <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p class="last">This is a simple accessor function that is not required to validate its inputs. It can be efficiently implemented as a <code class="docutils literal"><span class="pre">static</span> <span class="pre">inline</span></code> function or a function-like-macro.</p>
-</div>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">9. Key management reference</a><ul class="current">
-<li class="toctree-l2"><a class="reference internal" href="attributes.html">9.1. Key attributes</a></li>
-<li class="toctree-l2 current"><a class="current reference internal" href="#">9.2. Key types</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#key-type-encoding">9.2.1. Key type encoding</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#key-categories">9.2.2. Key categories</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#symmetric-keys">9.2.3. Symmetric keys</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#rsa-keys">9.2.4. RSA keys</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#elliptic-curve-keys">9.2.5. Elliptic Curve keys</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#diffie-hellman-keys">9.2.6. Diffie Hellman keys</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#attribute-accessors">9.2.7. Attribute accessors</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="lifetimes.html">9.3. Key lifetimes</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ids.html">9.4. Key identifiers</a></li>
-<li class="toctree-l2"><a class="reference internal" href="policy.html">9.5. Key policies</a></li>
-<li class="toctree-l2"><a class="reference internal" href="management.html">9.6. Key management functions</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/keys/types.html'" />
diff --git a/docs/1.1.0/html/api/library/index.html b/docs/1.1.0/html/api/library/index.html
index 462b59d..068c01a 100644
--- a/docs/1.1.0/html/api/library/index.html
+++ b/docs/1.1.0/html/api/library/index.html
@@ -1,167 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>8. Library management reference — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="8.1. PSA status codes" href="status.html" />
- <link rel="prev" title="7. Usage considerations" href="../../overview/usage.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="library-management-reference">
-<span id="library-management"></span><span id="api-reference"></span><h1>8. Library management reference</h1>
-<div class="toctree-wrapper compound">
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="status.html">8.1. PSA status codes</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="status.html#status-type">8.1.1. Status type</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="status.html#psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code> (type)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="status.html#success-codes">8.1.2. Success codes</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="status.html#common-error-codes">8.1.3. Common error codes</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_GENERIC_ERROR"><code class="docutils literal"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="status.html#error-codes-specific-to-this-api">8.1.4. Error codes specific to this API</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_INVALID_PADDING"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="library.html">8.2. PSA Crypto library</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="library.html#api-version">8.2.1. API version</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="library.html#PSA_CRYPTO_API_VERSION_MAJOR"><code class="docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MAJOR</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="library.html#PSA_CRYPTO_API_VERSION_MINOR"><code class="docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MINOR</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="library.html#library-initialization">8.2.2. Library initialization</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="library.html#psa_crypto_init"><code class="docutils literal"><span class="pre">psa_crypto_init</span></code> (function)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1 current"><a class="current reference internal" href="#">8. Library management reference</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="status.html">8.1. PSA status codes</a></li>
-<li class="toctree-l2"><a class="reference internal" href="library.html">8.2. PSA Crypto library</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/library/index.html'" />
diff --git a/docs/1.1.0/html/api/library/library.html b/docs/1.1.0/html/api/library/library.html
index 13060b1..fee3e2e 100644
--- a/docs/1.1.0/html/api/library/library.html
+++ b/docs/1.1.0/html/api/library/library.html
@@ -1,177 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>8.2. PSA Crypto library — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="9. Key management reference" href="../keys/index.html" />
- <link rel="prev" title="8.1. PSA status codes" href="status.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="psa-crypto-library">
-<h1>8.2. PSA Crypto library</h1>
-<div class="section" id="api-version">
-<span id="id1"></span><h2>8.2.1. API version</h2>
-<div class="section" id="PSA_CRYPTO_API_VERSION_MAJOR">
-<span id="c.PSA_CRYPTO_API_VERSION_MAJOR"></span><h3><code class="docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MAJOR</span></code> (macro)</h3>
-<p>The major version of this implementation of the PSA Crypto API.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_CRYPTO_API_VERSION_MAJOR" title="PSA_CRYPTO_API_VERSION_MAJOR">PSA_CRYPTO_API_VERSION_MAJOR</a> 1
-</pre>
-</div>
-<div class="section" id="PSA_CRYPTO_API_VERSION_MINOR">
-<span id="c.PSA_CRYPTO_API_VERSION_MINOR"></span><h3><code class="docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MINOR</span></code> (macro)</h3>
-<p>The minor version of this implementation of the PSA Crypto API.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_CRYPTO_API_VERSION_MINOR" title="PSA_CRYPTO_API_VERSION_MINOR">PSA_CRYPTO_API_VERSION_MINOR</a> 1
-</pre>
-</div>
-</div>
-<div class="section" id="library-initialization">
-<span id="library-init"></span><h2>8.2.2. Library initialization</h2>
-<div class="section" id="psa_crypto_init">
-<span id="c.psa_crypto_init"></span><h3><code class="docutils literal"><span class="pre">psa_crypto_init</span></code> (function)</h3>
-<p>Library initialization.</p>
-<pre class="literal-block">
-<a class="reference internal" href="status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init">psa_crypto_init</a>(void);
-</pre>
-<p class="rubric">Returns: <a class="reference internal" href="status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>It is recommended that applications call this function before calling any other function in this module.</p>
-<p>Applications are permitted to call this function more than once. Once a call succeeds, subsequent calls are guaranteed to succeed.</p>
-<p>If the application calls any function that returns a <a class="reference internal" href="status.html#c.psa_status_t" title="psa_status_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_status_t</span></code></a> result code before calling <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>, the following will occur:</p>
-<ul class="simple">
-<li>If initialization of the library is essential for secure operation of the function, the implementation must return <a class="reference internal" href="status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a> or other appropriate error.</li>
-<li>If failure to initialize the library does not compromise the security of the function, the implementation must either provide the expected result for the function, or return <a class="reference internal" href="status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a> or other appropriate error.</li>
-</ul>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p>The following scenarios are examples where an implementation can require that the library has been initialized by calling <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>:</p>
-<ul class="last simple">
-<li>A client-server implementation, in which <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a> establishes the communication with the server. No key management or cryptographic operation can be performed until this is done.</li>
-<li>An implementation in which <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a> initializes the random bit generator, and no operations that require the RNG can be performed until this is done. For example, random data, key, IV, or nonce generation; randomized signature or encryption; and algorithms that are implemented with blinding.</li>
-</ul>
-</div>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">The set of functions that depend on successful initialization of the library is <a class="reference internal" href="../../about.html#term-implementation-defined"><span class="scterm">IMPLEMENTATION DEFINED</span></a>. Applications that rely on calling functions before initializing the library might not be portable to other implementations.</p>
-</div>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">8. Library management reference</a><ul class="current">
-<li class="toctree-l2"><a class="reference internal" href="status.html">8.1. PSA status codes</a></li>
-<li class="toctree-l2 current"><a class="current reference internal" href="#">8.2. PSA Crypto library</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#api-version">8.2.1. API version</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#library-initialization">8.2.2. Library initialization</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/library/library.html'" />
diff --git a/docs/1.1.0/html/api/library/status.html b/docs/1.1.0/html/api/library/status.html
index 76e4128..8e34a09 100644
--- a/docs/1.1.0/html/api/library/status.html
+++ b/docs/1.1.0/html/api/library/status.html
@@ -1,367 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>8.1. PSA status codes — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="8.2. PSA Crypto library" href="library.html" />
- <link rel="prev" title="8. Library management reference" href="index.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="psa-status-codes">
-<span id="status-codes"></span><h1>8.1. PSA status codes</h1>
-<p>Some of the API elements defined in this section are common to other PSA APIs. These elements are also defined in <code class="file docutils literal"><span class="pre">psa/error.h</span></code> from <span><em>Arm® Platform Security Architecture Firmware Framework</em> <a class="reference internal" href="../../about.html#citation-ff-m"><span class="cite">[FF-M]</span></a></span>.</p>
-<p>The description of the common error codes in this specification includes additional information that is specific to their use in the Cryptography API.</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p class="last">An implementation is permitted to define the common API elements within the <code class="file docutils literal"><span class="pre">psa/crypto.h</span></code> header, or to define them via inclusion of a <code class="file docutils literal"><span class="pre">psa/error.h</span></code> header file that is shared with other PSA APIs.</p>
-</div>
-<div class="section" id="status-type">
-<h2>8.1.1. Status type</h2>
-<p>This API is also defined in <a class="reference internal" href="../../about.html#citation-ff-m"><span class="cite psa_c psa_c-cite">[FF-M]</span></a>.</p>
-<div class="section" id="psa_status_t">
-<span id="c.psa_status_t"></span><h3><code class="docutils literal"><span class="pre">psa_status_t</span></code> (type)</h3>
-<p>Function return status.</p>
-<pre class="literal-block">
-typedef int32_t <a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>;
-</pre>
-<p>This is either <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>, which is zero, indicating success; or a small negative value indicating that an error occurred. Errors are encoded as one of the <code class="docutils literal"><span class="pre">PSA_ERROR_xxx</span></code> values defined here.</p>
-</div>
-</div>
-<div class="section" id="success-codes">
-<h2>8.1.2. Success codes</h2>
-<p>This API is also defined in <a class="reference internal" href="../../about.html#citation-ff-m"><span class="cite psa_c psa_c-cite">[FF-M]</span></a>.</p>
-<div class="section" id="PSA_SUCCESS">
-<span id="c.PSA_SUCCESS"></span><h3><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code> (macro)</h3>
-<p>The action was completed successfully.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)0)
-</pre>
-</div>
-</div>
-<div class="section" id="common-error-codes">
-<h2>8.1.3. Common error codes</h2>
-<p>These APIs are also defined in <a class="reference internal" href="../../about.html#citation-ff-m"><span class="cite psa_c psa_c-cite">[FF-M]</span></a>.</p>
-<div class="section" id="PSA_ERROR_GENERIC_ERROR">
-<span id="c.PSA_ERROR_GENERIC_ERROR"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code> (macro)</h3>
-<p>An error occurred that does not correspond to any defined failure cause.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_GENERIC_ERROR" title="PSA_ERROR_GENERIC_ERROR">PSA_ERROR_GENERIC_ERROR</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-132)
-</pre>
-<p>Implementations can use this error code if none of the other standard error codes are applicable.</p>
-</div>
-<div class="section" id="PSA_ERROR_NOT_PERMITTED">
-<span id="c.PSA_ERROR_NOT_PERMITTED"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code> (macro)</h3>
-<p>The requested action is denied by a policy.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED">PSA_ERROR_NOT_PERMITTED</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-133)
-</pre>
-<p>It is recommended that implementations return this error code when the parameters are recognized as valid and supported, and a policy explicitly denies the requested operation.</p>
-<p>If a subset of the parameters of a function call identify a forbidden operation, and another subset of the parameters are not valid or not supported, it is unspecified whether the function returns <a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a>, <a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a> or <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ERROR_NOT_SUPPORTED">
-<span id="c.PSA_ERROR_NOT_SUPPORTED"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code> (macro)</h3>
-<p>The requested operation or a parameter is not supported by this implementation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED">PSA_ERROR_NOT_SUPPORTED</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-134)
-</pre>
-<p>It is recommended that implementations return this error code when an enumeration parameter such as a key type, algorithm, etc. is not recognized. If a combination of parameters is recognized and identified as not valid, return <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a> instead.</p>
-</div>
-<div class="section" id="PSA_ERROR_INVALID_ARGUMENT">
-<span id="c.PSA_ERROR_INVALID_ARGUMENT"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code> (macro)</h3>
-<p>The parameters passed to the function are invalid.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT">PSA_ERROR_INVALID_ARGUMENT</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-135)
-</pre>
-<p>Implementations can return this error any time a parameter or combination of parameters are recognized as invalid.</p>
-<p>Implementations must not return this error code to indicate that a key identifier is invalid, but must return <a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a> instead.</p>
-</div>
-<div class="section" id="PSA_ERROR_INVALID_HANDLE">
-<span id="c.PSA_ERROR_INVALID_HANDLE"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code> (macro)</h3>
-<p>The key identifier is not valid.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE">PSA_ERROR_INVALID_HANDLE</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-136)
-</pre>
-<p>See also <a class="reference internal" href="../../overview/functionality.html#key-ids"><span class="secref">Key identifiers</span></a>.</p>
-</div>
-<div class="section" id="PSA_ERROR_BAD_STATE">
-<span id="c.PSA_ERROR_BAD_STATE"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code> (macro)</h3>
-<p>The requested action cannot be performed in the current state.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE">PSA_ERROR_BAD_STATE</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-137)
-</pre>
-<p>Multi-part operations return this error when one of the functions is called out of sequence. Refer to the function descriptions for permitted sequencing of functions.</p>
-<p>Implementations can return this error if the caller has not initialized the library by a call to <a class="reference internal" href="library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</p>
-<p>Implementations must not return this error code to indicate that a key identifier is invalid, but must return <a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a> instead.</p>
-</div>
-<div class="section" id="PSA_ERROR_BUFFER_TOO_SMALL">
-<span id="c.PSA_ERROR_BUFFER_TOO_SMALL"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code> (macro)</h3>
-<p>An output buffer is too small.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL">PSA_ERROR_BUFFER_TOO_SMALL</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-138)
-</pre>
-<p>Applications can call the <code class="docutils literal"><span class="pre">PSA_xxx_SIZE</span></code> macro listed in the function description to determine a sufficient buffer size.</p>
-<p>It is recommended that implementations only return this error code in cases when performing the operation with a larger output buffer would succeed. However, implementations can also return this error if a function has invalid or unsupported parameters in addition to an insufficient output buffer size.</p>
-</div>
-<div class="section" id="PSA_ERROR_ALREADY_EXISTS">
-<span id="c.PSA_ERROR_ALREADY_EXISTS"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code> (macro)</h3>
-<p>Asking for an item that already exists.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS">PSA_ERROR_ALREADY_EXISTS</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-139)
-</pre>
-<p>It is recommended that implementations return this error code when attempting to write to a location where a key is already present.</p>
-</div>
-<div class="section" id="PSA_ERROR_DOES_NOT_EXIST">
-<span id="c.PSA_ERROR_DOES_NOT_EXIST"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code> (macro)</h3>
-<p>Asking for an item that doesn’t exist.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST">PSA_ERROR_DOES_NOT_EXIST</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-140)
-</pre>
-<p>Implementations must not return this error code to indicate that a key identifier is invalid, but must return <a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a> instead.</p>
-</div>
-<div class="section" id="PSA_ERROR_INSUFFICIENT_MEMORY">
-<span id="c.PSA_ERROR_INSUFFICIENT_MEMORY"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code> (macro)</h3>
-<p>There is not enough runtime memory.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY">PSA_ERROR_INSUFFICIENT_MEMORY</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-141)
-</pre>
-<p>If the action is carried out across multiple security realms, this error can refer to available memory in any of the security realms.</p>
-</div>
-<div class="section" id="PSA_ERROR_INSUFFICIENT_STORAGE">
-<span id="c.PSA_ERROR_INSUFFICIENT_STORAGE"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code> (macro)</h3>
-<p>There is not enough persistent storage.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE">PSA_ERROR_INSUFFICIENT_STORAGE</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-142)
-</pre>
-<p>Functions that modify the key storage return this error code if there is insufficient storage space on the host media. In addition, many functions that do not otherwise access storage might return this error code if the implementation requires a mandatory log entry for the requested action and the log storage space is full.</p>
-</div>
-<div class="section" id="PSA_ERROR_INSUFFICIENT_DATA">
-<span id="c.PSA_ERROR_INSUFFICIENT_DATA"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code> (macro)</h3>
-<p>Return this error when there’s insufficient data when attempting to read from a resource.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA">PSA_ERROR_INSUFFICIENT_DATA</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-143)
-</pre>
-</div>
-<div class="section" id="PSA_ERROR_COMMUNICATION_FAILURE">
-<span id="c.PSA_ERROR_COMMUNICATION_FAILURE"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code> (macro)</h3>
-<p>There was a communication failure inside the implementation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE">PSA_ERROR_COMMUNICATION_FAILURE</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-145)
-</pre>
-<p>This can indicate a communication failure between the application and an external cryptoprocessor or between the cryptoprocessor and an external volatile or persistent memory. A communication failure can be transient or permanent depending on the cause.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">If a function returns this error, it is undetermined whether the requested action has completed. Returning <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a> is recommended on successful completion whenever possible, however functions can return <a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a> if the requested action was completed successfully in an external cryptoprocessor but there was a breakdown of communication before the cryptoprocessor could report the status to the application.</p>
-</div>
-</div>
-<div class="section" id="PSA_ERROR_STORAGE_FAILURE">
-<span id="c.PSA_ERROR_STORAGE_FAILURE"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code> (macro)</h3>
-<p>There was a storage failure that might have led to data loss.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE">PSA_ERROR_STORAGE_FAILURE</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-146)
-</pre>
-<p>This error indicates that some persistent storage could not be read or written by the implementation. It does not indicate the following situations, which have specific error codes:</p>
-<ul class="simple">
-<li>A corruption of volatile memory — use <a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a>.</li>
-<li>A communication error between the cryptoprocessor and its external storage — use <a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a>.</li>
-<li>When the storage is in a valid state but is full — use <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a>.</li>
-<li>When the storage or stored data is corrupted — use <a class="reference internal" href="#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a>.</li>
-<li>When the stored data is not valid — use <a class="reference internal" href="#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a>.</li>
-</ul>
-<p>A storage failure does not indicate that any data that was previously read is invalid. However this previously read data might no longer be readable from storage.</p>
-<p>When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore. Depending on the global integrity guarantees offered by the implementation, access to other data might fail even if the data is still readable but its integrity cannot be guaranteed.</p>
-<p>It is recommended to only use this error code to report a permanent storage corruption. However application writers must keep in mind that transient errors while reading the storage might be reported using this error code.</p>
-</div>
-<div class="section" id="PSA_ERROR_HARDWARE_FAILURE">
-<span id="c.PSA_ERROR_HARDWARE_FAILURE"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code> (macro)</h3>
-<p>A hardware failure was detected.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE">PSA_ERROR_HARDWARE_FAILURE</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-147)
-</pre>
-<p>A hardware failure can be transient or permanent depending on the cause.</p>
-</div>
-<div class="section" id="PSA_ERROR_INVALID_SIGNATURE">
-<span id="c.PSA_ERROR_INVALID_SIGNATURE"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code> (macro)</h3>
-<p>The signature, MAC or hash is incorrect.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE">PSA_ERROR_INVALID_SIGNATURE</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-149)
-</pre>
-<p>Verification functions return this error if the verification calculations completed successfully, and the value to be verified was determined to be incorrect.</p>
-<p>If the value to verify has an invalid size, implementations can return either <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a> or <a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a>.</p>
-</div>
-</div>
-<div class="section" id="error-codes-specific-to-this-api">
-<h2>8.1.4. Error codes specific to this API</h2>
-<div class="section" id="PSA_ERROR_INSUFFICIENT_ENTROPY">
-<span id="c.PSA_ERROR_INSUFFICIENT_ENTROPY"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code> (macro)</h3>
-<p>There is not enough entropy to generate random data needed for the requested action.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY">PSA_ERROR_INSUFFICIENT_ENTROPY</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-148)
-</pre>
-<p>This error indicates a failure of a hardware random generator. Application writers must note that this error can be returned not only by functions whose purpose is to generate random data, such as key, IV or nonce generation, but also by functions that execute an algorithm with a randomized result, as well as functions that use randomization of intermediate computations as a countermeasure to certain attacks.</p>
-<p>It is recommended that implementations do not return this error after <a class="reference internal" href="library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a> has succeeded. This can be achieved if the implementation generates sufficient entropy during initialization and subsequently a cryptographically secure pseudorandom generator (PRNG) is used. However, implementations might return this error at any time, for example, if a policy requires the PRNG to be reseeded during normal operation.</p>
-</div>
-<div class="section" id="PSA_ERROR_INVALID_PADDING">
-<span id="c.PSA_ERROR_INVALID_PADDING"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code> (macro)</h3>
-<p>The decrypted padding is incorrect.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_INVALID_PADDING" title="PSA_ERROR_INVALID_PADDING">PSA_ERROR_INVALID_PADDING</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-150)
-</pre>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">In some protocols, when decrypting data, it is essential that the behavior of the application does not depend on whether the padding is correct, down to precise timing. Protocols that use authenticated encryption are recommended for use by applications, rather than plain encryption. If the application must perform a decryption of unauthenticated data, the application writer must take care not to reveal whether the padding is invalid.</p>
-</div>
-<p>Implementations must handle padding carefully, aiming to make it impossible for an external observer to distinguish between valid and invalid padding. In particular, it is recommended that the timing of a decryption operation does not depend on the validity of the padding.</p>
-</div>
-<div class="section" id="PSA_ERROR_CORRUPTION_DETECTED">
-<span id="c.PSA_ERROR_CORRUPTION_DETECTED"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code> (macro)</h3>
-<p>A tampering attempt was detected.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED">PSA_ERROR_CORRUPTION_DETECTED</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-151)
-</pre>
-<p>If an application receives this error code, there is no guarantee that previously accessed or computed data was correct and remains confidential. In this situation, it is recommended that applications perform no further security functions and enter a safe failure state.</p>
-<p>Implementations can return this error code if they detect an invalid state that cannot happen during normal operation and that indicates that the implementation’s security guarantees no longer hold. Depending on the implementation architecture and on its security and safety goals, the implementation might forcibly terminate the application.</p>
-<p>This error code is intended as a last resort when a security breach is detected and it is unsure whether the keystore data is still protected. Implementations must only return this error code to report an alarm from a tampering detector, to indicate that the confidentiality of stored data can no longer be guaranteed, or to indicate that the integrity of previously returned data is now considered compromised. Implementations must not use this error code to indicate a hardware failure that merely makes it impossible to perform the requested operation, instead use <a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a>, <a class="reference internal" href="#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a>, <a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a>, <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a> or other applicable error code.</p>
-<p>This error indicates an attack against the application. Implementations must not return this error code as a consequence of the behavior of the application itself.</p>
-</div>
-<div class="section" id="PSA_ERROR_DATA_CORRUPT">
-<span id="c.PSA_ERROR_DATA_CORRUPT"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code> (macro)</h3>
-<p>Stored data has been corrupted.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT">PSA_ERROR_DATA_CORRUPT</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-152)
-</pre>
-<p>This error indicates that some persistent storage has suffered corruption. It does not indicate the following situations, which have specific error codes:</p>
-<ul class="simple">
-<li>A corruption of volatile memory — use <a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a>.</li>
-<li>A communication error between the cryptoprocessor and its external storage — use <a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a>.</li>
-<li>When the storage is in a valid state but is full — use <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a>.</li>
-<li>When the storage fails for other reasons — use <a class="reference internal" href="#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a>.</li>
-<li>When the stored data is not valid — use <a class="reference internal" href="#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a>.</li>
-</ul>
-<p>Note that a storage corruption does not indicate that any data that was previously read is invalid. However this previously read data might no longer be readable from storage.</p>
-<p>When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore. Depending on the global integrity guarantees offered by the implementation, access to other data might fail even if the data is still readable but its integrity cannot be guaranteed.</p>
-<p>It is recommended to only use this error code to report when a storage component indicates that the stored data is corrupt, or fails an integrity check. For example, in situations that the <span><em>PSA Storage API</em> <a class="reference internal" href="../../about.html#citation-psa-its"><span class="cite">[PSA-ITS]</span></a></span> reports <a class="reference internal" href="#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a> or <a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ERROR_DATA_INVALID">
-<span id="c.PSA_ERROR_DATA_INVALID"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code> (macro)</h3>
-<p>Data read from storage is not valid for the implementation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID">PSA_ERROR_DATA_INVALID</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-153)
-</pre>
-<p>This error indicates that some data read from storage does not have a valid format. It does not indicate the following situations, which have specific error codes:</p>
-<ul class="simple">
-<li>When the storage or stored data is corrupted — use <a class="reference internal" href="#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a>.</li>
-<li>When the storage fails for other reasons — use <a class="reference internal" href="#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a>.</li>
-<li>An invalid argument to the API — use <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a>.</li>
-</ul>
-<p>This error is typically a result of an integration failure, where the implementation reading the data is not compatible with the implementation that stored the data.</p>
-<p>It is recommended to only use this error code to report when data that is successfully read from storage is invalid.</p>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">8. Library management reference</a><ul class="current">
-<li class="toctree-l2 current"><a class="current reference internal" href="#">8.1. PSA status codes</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#status-type">8.1.1. Status type</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#success-codes">8.1.2. Success codes</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#common-error-codes">8.1.3. Common error codes</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#error-codes-specific-to-this-api">8.1.4. Error codes specific to this API</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="library.html">8.2. PSA Crypto library</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/library/status.html'" />
diff --git a/docs/1.1.0/html/api/ops/aead.html b/docs/1.1.0/html/api/ops/aead.html
index a8ba135..feb1e6c 100644
--- a/docs/1.1.0/html/api/ops/aead.html
+++ b/docs/1.1.0/html/api/ops/aead.html
@@ -1,1463 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>10.5. Authenticated encryption with associated data (AEAD) — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="10.6. Key derivation" href="kdf.html" />
- <link rel="prev" title="10.4. Unauthenticated ciphers" href="ciphers.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="authenticated-encryption-with-associated-data-aead">
-<span id="aead"></span><h1>10.5. Authenticated encryption with associated data (AEAD)</h1>
-<p>The single-part AEAD functions are:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt()</span></code></a> to encrypt a message using an authenticated symmetric cipher.</li>
-<li><a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt()</span></code></a> to decrypt a message using an authenticated symmetric cipher.</li>
-</ul>
-<p>These functions follow the interface recommended by <span><em>An Interface and Algorithms for Authenticated Encryption</em> <a class="reference internal" href="../../about.html#citation-rfc5116"><span class="cite">[RFC5116]</span></a></span>.</p>
-<p>The encryption function requires a nonce to be provided. To generate a random nonce, either call <a class="reference internal" href="rng.html#c.psa_generate_random" title="psa_generate_random"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_random()</span></code></a> or use the AEAD multi-part API.</p>
-<p>The <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a> <a class="reference internal" href="../../overview/functionality.html#multi-part-operations"><span class="std std-ref">multi-part operation</span></a> permits alternative initialization parameters and allows messages to be processed in fragments. A multi-part AEAD operation is used as follows:</p>
-<ol class="arabic simple">
-<li>Initialize the <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a> object to zero, or by assigning the value of the associated macro <a class="reference internal" href="#c.PSA_AEAD_OPERATION_INIT" title="PSA_AEAD_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a> to specify the algorithm and key.</li>
-<li>Provide additional parameters:<ul>
-<li>If the algorithm requires it, call <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> to specify the length of the non-encrypted and encrypted inputs to the operation.</li>
-<li>When encrypting, call either <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> to generate or set the nonce.</li>
-<li>When decrypting, call <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> to set the nonce.</li>
-</ul>
-</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> zero or more times with fragments of the non-encrypted additional data.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> zero or more times with fragments of the plaintext or ciphertext to encrypt or decrypt.</li>
-<li>At the end of the message, call the required finishing function:<ul>
-<li>To complete an encryption operation, call <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a> to compute and return authentication tag.</li>
-<li>To complete a decryption operation, call <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> to compute the authentication tag and verify it against a reference value.</li>
-</ul>
-</li>
-</ol>
-<p>To abort the operation or recover from an error, call <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p>Using a multi-part interface to authenticated encryption raises specific issues.</p>
-<ul class="last simple">
-<li>Multi-part authenticated decryption produces intermediate results that are not authenticated. Revealing unauthenticated results, either directly or indirectly through the application’s behavior, can compromise the confidentiality of all inputs that are encrypted with the same key. See the <a class="reference internal" href="#aead-multi-part-warning"><span class="std std-ref">detailed warning</span></a>.</li>
-<li>For encryption, some common algorithms cannot be processed in a streaming fashion. For SIV mode, the whole plaintext must be known before the encryption can start; the multi-part AEAD API is not meant to be usable with SIV mode. For CCM mode, the length of the plaintext must be known before the encryption can start; the application can call the function <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> to provide these lengths before providing input.</li>
-</ul>
-</div>
-<div class="section" id="aead-algorithms">
-<span id="id1"></span><h2>10.5.1. AEAD algorithms</h2>
-<div class="section" id="PSA_ALG_CCM">
-<span id="c.PSA_ALG_CCM"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CCM</span></code> (macro)</h3>
-<p>The <em>Counter with CBC-MAC</em> (CCM) authenticated encryption algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_CCM" title="PSA_ALG_CCM">PSA_ALG_CCM</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05500100)
-</pre>
-<p>CCM is defined for block ciphers that have a 128-bit block size. The underlying block cipher is determined by the key type.</p>
-<p>To use <a class="reference internal" href="#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CCM</span></code></a> with a multi-part AEAD operation, the application must call <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> before providing the nonce, the additional data and plaintext to the operation.</p>
-<p>CCM requires a nonce of between 7 and 13 bytes in length. The length of the nonce affects the maximum length of the plaintext than can be encrypted or decrypted. If the nonce has length <em>N</em>, then the plaintext length <em>pLen</em> is encoded in <em>L</em> = 15 - <em>N</em> octets, this requires that <em>pLen</em> < 2<sup>8L</sup>.</p>
-<p>The value for <em>L</em> that is used with <a class="reference internal" href="#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CCM</span></code></a> depends on the function used to provide the nonce:</p>
-<ul class="simple">
-<li>A call to <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt()</span></code></a>, <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt()</span></code></a>, or <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> will set <em>L</em> to 15 - <code class="docutils literal"><span class="pre">nonce_length</span></code>. If the plaintext length cannot be encoded in <em>L</em> octets, then a <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a> error is returned.</li>
-<li>A call to <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> on a multi-part cipher operation will select <em>L</em> as the smallest integer >= 2 where <em>pLen</em> < 2<sup>8L</sup>, with <em>pLen</em> being the <code class="docutils literal"><span class="pre">plaintext_length</span></code> provided to <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a>. The call to <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> will generate and return a random nonce of length 15 - <em>L</em> bytes.</li>
-</ul>
-<p>CCM supports authentication tag sizes of 4, 6, 8, 10, 12, 14, and 16 bytes. The default tag length is 16. Shortened tag lengths can be requested using <a class="reference internal" href="#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="docutils literal"><span class="pre">PSA_ALG_CCM</span></code></a><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">tag_length</span></code><code class="docutils literal"><span class="pre">)</span></code>, where <code class="docutils literal"><span class="pre">tag_length</span></code> is a valid CCM tag length.</p>
-<p>The CCM block cipher mode is defined in <span><em>Counter with CBC-MAC (CCM)</em> <a class="reference internal" href="../../about.html#citation-rfc3610"><span class="cite">[RFC3610]</span></a></span>.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARIA" title="PSA_KEY_TYPE_ARIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_GCM">
-<span id="c.PSA_ALG_GCM"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_GCM</span></code> (macro)</h3>
-<p>The <em>Galois/Counter Mode</em> (GCM) authenticated encryption algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_GCM" title="PSA_ALG_GCM">PSA_ALG_GCM</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05500200)
-</pre>
-<p>GCM is defined for block ciphers that have a 128-bit block size. The underlying block cipher is determined by the key type.</p>
-<p>GCM requires a nonce of at least 1 byte in length. The maximum supported nonce size is <a class="reference internal" href="../../about.html#term-implementation-defined"><span class="scterm">implementation defined</span></a>. Calling <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> will generate a random 12-byte nonce.</p>
-<p>GCM supports authentication tag sizes of 4, 8, 12, 13, 14, 15, and 16 bytes. The default tag length is 16. Shortened tag lengths can be requested using <a class="reference internal" href="#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="#c.PSA_ALG_GCM" title="PSA_ALG_GCM"><code class="docutils literal"><span class="pre">PSA_ALG_GCM</span></code></a><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">tag_length</span></code><code class="docutils literal"><span class="pre">)</span></code>, where <code class="docutils literal"><span class="pre">tag_length</span></code> is a valid GCM tag length.</p>
-<p>The GCM block cipher mode is defined in <span><em>NIST Special Publication 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em> <a class="reference internal" href="../../about.html#citation-sp800-38d"><span class="cite">[SP800-38D]</span></a></span>.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARIA" title="PSA_KEY_TYPE_ARIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CHACHA20_POLY1305">
-<span id="c.PSA_ALG_CHACHA20_POLY1305"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code> (macro)</h3>
-<p>The ChaCha20-Poly1305 AEAD algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305">PSA_ALG_CHACHA20_POLY1305</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05100500)
-</pre>
-<p>There are two defined variants of ChaCha20-Poly1305:</p>
-<ul class="simple">
-<li>An implementation that supports ChaCha20-Poly1305 must support the variant defined by <span><em>ChaCha20 and Poly1305 for IETF Protocols</em> <a class="reference internal" href="../../about.html#citation-rfc7539"><span class="cite">[RFC7539]</span></a></span>, which has a 96-bit nonce and 32-bit counter.</li>
-<li>An implementation can optionally also support the original variant defined by <span><em>ChaCha, a variant of Salsa20</em> <a class="reference internal" href="../../about.html#citation-chacha20"><span class="cite">[CHACHA20]</span></a></span>, which has a 64-bit nonce and 64-bit counter.</li>
-</ul>
-<p>The variant used for the AEAD encryption or decryption operation, depends on the nonce provided for an AEAD operation using <a class="reference internal" href="#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code></a>:</p>
-<ul class="simple">
-<li>A nonce provided in a call to <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt()</span></code></a>, <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt()</span></code></a> or <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> must be 8 or 12 bytes. The size of nonce will select the appropriate variant of the algorithm.</li>
-<li>A nonce generated by a call to <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> will be 12 bytes, and will use the <a class="reference internal" href="../../about.html#citation-rfc7539"><span class="cite">[RFC7539]</span></a> variant.</li>
-</ul>
-<p>Implementations must support 16-byte tags. It is recommended that truncated tag sizes are rejected.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_AEAD_WITH_SHORTENED_TAG">
-<span id="c.PSA_ALG_AEAD_WITH_SHORTENED_TAG"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG</span></code> (macro)</h3>
-<p>Macro to build a AEAD algorithm with a shortened tag.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG">PSA_ALG_AEAD_WITH_SHORTENED_TAG</a>(aead_alg, tag_length) \
- <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">aead_alg</span></code></dt>
-<dd>An AEAD algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">aead_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">tag_length</span></code></dt>
-<dd>Desired length of the authentication tag in bytes.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding AEAD algorithm with the specified tag length.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">aead_alg</span></code> is not a supported AEAD algorithm or if <code class="docutils literal"><span class="pre">tag_length</span></code> is not valid for the specified AEAD algorithm.</p>
-<p class="rubric">Description</p>
-<p>An AEAD algorithm with a shortened tag is similar to the corresponding AEAD algorithm, but has an authentication tag that consists of fewer bytes. Depending on the algorithm, the tag length might affect the calculation of the ciphertext.</p>
-<p>The AEAD algorithm with a default length tag can be recovered using <a class="reference internal" href="#c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG" title="PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG()</span></code></a>.</p>
-<p class="rubric">Compatible key types</p>
-<p>The resulting AEAD algorithm is compatible with the same key types as the AEAD algorithm used to construct it.</p>
-</div>
-<div class="section" id="PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG">
-<span id="c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG</span></code> (macro)</h3>
-<p>An AEAD algorithm with the default tag length.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG" title="PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG</a>(aead_alg) \
- <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">aead_alg</span></code></dt>
-<dd>An AEAD algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">aead_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding AEAD algorithm with the default tag length for that algorithm.</p>
-<p class="rubric">Description</p>
-<p>This macro can be used to construct the AEAD algorithm with default tag length from an AEAD algorithm with a shortened tag. See also <a class="reference internal" href="#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG()</span></code></a>.</p>
-<p class="rubric">Compatible key types</p>
-<p>The resulting AEAD algorithm is compatible with the same key types as the AEAD algorithm used to construct it.</p>
-</div>
-<div class="section" id="PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG">
-<span id="c.PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG</span></code> (macro)</h3>
-<p>Macro to build an AEAD minimum-tag-length wildcard algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG" title="PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG">PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG</a>(aead_alg, min_tag_length) \
- <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">aead_alg</span></code></dt>
-<dd>An AEAD algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">aead_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">min_tag_length</span></code></dt>
-<dd>Desired minimum length of the authentication tag in bytes. This must be at least <code class="docutils literal"><span class="pre">1</span></code> and at most the largest allowed tag length of the algorithm.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding AEAD wildcard algorithm with the specified minimum tag length.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">aead_alg</span></code> is not a supported AEAD algorithm or if <code class="docutils literal"><span class="pre">min_tag_length</span></code> is less than <code class="docutils literal"><span class="pre">1</span></code> or too large for the specified AEAD algorithm.</p>
-<p class="rubric">Description</p>
-<p>A key with a minimum-tag-length AEAD wildcard algorithm as permitted algorithm policy can be used with all AEAD algorithms sharing the same base algorithm, and where the tag length of the specific algorithm is equal to or larger then the minimum tag length specified by the wildcard algorithm.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">When setting the minimum required tag length to less than the smallest tag length allowed by the base algorithm, this effectively becomes an ‘any-tag-length-allowed’ policy for that base algorithm.</p>
-</div>
-<p>The AEAD algorithm with a default length tag can be recovered using <a class="reference internal" href="#c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG" title="PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG()</span></code></a>.</p>
-<p class="rubric">Compatible key types</p>
-<p>The resulting wildcard AEAD algorithm is compatible with the same key types as the AEAD algorithm used to construct it.</p>
-</div>
-</div>
-<div class="section" id="single-part-aead-functions">
-<h2>10.5.2. Single-part AEAD functions</h2>
-<div class="section" id="psa_aead_encrypt">
-<span id="c.psa_aead_encrypt"></span><h3><code class="docutils literal"><span class="pre">psa_aead_encrypt</span></code> (function)</h3>
-<p>Process an authenticated encryption operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt">psa_aead_encrypt</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- const uint8_t * nonce,
- size_t nonce_length,
- const uint8_t * additional_data,
- size_t additional_data_length,
- const uint8_t * plaintext,
- size_t plaintext_length,
- uint8_t * ciphertext,
- size_t ciphertext_size,
- size_t * ciphertext_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation.
-It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The AEAD algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">nonce</span></code></dt>
-<dd>Nonce or IV to use.</dd>
-<dt> <code class="docutils literal"><span class="pre">nonce_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">nonce</span></code> buffer in bytes. This must be appropriate for the selected algorithm. The default nonce size is <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
-<dt> <code class="docutils literal"><span class="pre">additional_data</span></code></dt>
-<dd>Additional data that will be authenticated but not encrypted.</dd>
-<dt> <code class="docutils literal"><span class="pre">additional_data_length</span></code></dt>
-<dd>Size of <code class="docutils literal"><span class="pre">additional_data</span></code> in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">plaintext</span></code></dt>
-<dd>Data that will be authenticated and encrypted.</dd>
-<dt> <code class="docutils literal"><span class="pre">plaintext_length</span></code></dt>
-<dd>Size of <code class="docutils literal"><span class="pre">plaintext</span></code> in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">ciphertext</span></code></dt>
-<dd>Output buffer for the authenticated and encrypted data. The additional data is not part of this output. For algorithms where the encrypted data and the authentication tag are defined as separate outputs, the authentication tag is appended to the encrypted data.</dd>
-<dt> <code class="docutils literal"><span class="pre">ciphertext_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">ciphertext</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>A sufficient output size is <a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">plaintext_length</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of <code class="docutils literal"><span class="pre">key</span></code>.</li>
-<li><a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">plaintext_length</span></code><code class="docutils literal"><span class="pre">)</span></code> evaluates to the maximum ciphertext size of any supported AEAD encryption.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">ciphertext_length</span></code></dt>
-<dd>On success, the size of the output in the <code class="docutils literal"><span class="pre">ciphertext</span></code> buffer.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*ciphertext_length)</span></code> bytes of <code class="docutils literal"><span class="pre">ciphertext</span></code> contain the output.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">ciphertext</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE()</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not an AEAD algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">nonce_length</span></code> is not valid for use with <code class="docutils literal"><span class="pre">alg</span></code> and <code class="docutils literal"><span class="pre">key</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">additional_data_length</span></code> or <code class="docutils literal"><span class="pre">plaintext_length</span></code> are too large for <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not an AEAD algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">nonce_length</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code> and <code class="docutils literal"><span class="pre">key</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">additional_data_length</span></code> or <code class="docutils literal"><span class="pre">plaintext_length</span></code> are too large for the implementation.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-</div>
-<div class="section" id="psa_aead_decrypt">
-<span id="c.psa_aead_decrypt"></span><h3><code class="docutils literal"><span class="pre">psa_aead_decrypt</span></code> (function)</h3>
-<p>Process an authenticated decryption operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt">psa_aead_decrypt</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- const uint8_t * nonce,
- size_t nonce_length,
- const uint8_t * additional_data,
- size_t additional_data_length,
- const uint8_t * ciphertext,
- size_t ciphertext_length,
- uint8_t * plaintext,
- size_t plaintext_size,
- size_t * plaintext_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation.
-It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The AEAD algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">nonce</span></code></dt>
-<dd>Nonce or IV to use.</dd>
-<dt> <code class="docutils literal"><span class="pre">nonce_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">nonce</span></code> buffer in bytes. This must be appropriate for the selected algorithm. The default nonce size is <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
-<dt> <code class="docutils literal"><span class="pre">additional_data</span></code></dt>
-<dd>Additional data that has been authenticated but not encrypted.</dd>
-<dt> <code class="docutils literal"><span class="pre">additional_data_length</span></code></dt>
-<dd>Size of <code class="docutils literal"><span class="pre">additional_data</span></code> in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">ciphertext</span></code></dt>
-<dd>Data that has been authenticated and encrypted. For algorithms where the encrypted data and the authentication tag are defined as separate inputs, the buffer must contain the encrypted data followed by the authentication tag.</dd>
-<dt> <code class="docutils literal"><span class="pre">ciphertext_length</span></code></dt>
-<dd>Size of <code class="docutils literal"><span class="pre">ciphertext</span></code> in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">plaintext</span></code></dt>
-<dd>Output buffer for the decrypted data.</dd>
-<dt> <code class="docutils literal"><span class="pre">plaintext_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">plaintext</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>A sufficient output size is <a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">ciphertext_length</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of <code class="docutils literal"><span class="pre">key</span></code>.</li>
-<li><a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">ciphertext_length</span></code><code class="docutils literal"><span class="pre">)</span></code> evaluates to the maximum plaintext size of any supported AEAD decryption.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">plaintext_length</span></code></dt>
-<dd>On success, the size of the output in the <code class="docutils literal"><span class="pre">plaintext</span></code> buffer.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*plaintext_length)</span></code> bytes of <code class="docutils literal"><span class="pre">plaintext</span></code> contain the output.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
-<dd>The ciphertext is not authentic.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">plaintext</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE()</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not an AEAD algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">nonce_length</span></code> is not valid for use with <code class="docutils literal"><span class="pre">alg</span></code> and <code class="docutils literal"><span class="pre">key</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">additional_data_length</span></code> or <code class="docutils literal"><span class="pre">ciphertext_length</span></code> are too large for <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not an AEAD algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">nonce_length</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code> and <code class="docutils literal"><span class="pre">key</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">additional_data_length</span></code> or <code class="docutils literal"><span class="pre">plaintext_length</span></code> are too large for the implementation.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-</div>
-</div>
-<div class="section" id="multi-part-aead-operations">
-<h2>10.5.3. Multi-part AEAD operations</h2>
-<div class="admonition warning" id="aead-multi-part-warning">
-<p class="first admonition-title">Warning</p>
-<p>When decrypting using a multi-part AEAD operation, there is no guarantee that the input or output is valid until <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> has returned <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</p>
-<p>A call to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> or <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> returning <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a> <strong>does not</strong> indicate that the input and output is valid.</p>
-<p>Until an application calls <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> and it has returned <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>, the following rules apply to input and output data from a multi-part AEAD operation:</p>
-<ul class="simple">
-<li>Do not trust the input. If the application takes any action that depends on the input data, this action will need to be undone if the input turns out to be invalid.</li>
-<li>Store the output in a confidential location. In particular, the application must not copy the output to a memory or storage space which is shared.</li>
-<li>Do not trust the output. If the application takes any action that depends on the tentative decrypted data, this action will need to be undone if the input turns out to be invalid. Furthermore, if an adversary can observe that this action took place, for example, through timing, they might be able to use this fact as an oracle to decrypt any message encrypted with the same key.</li>
-</ul>
-<p class="last">An application that does not follow these rules might be vulnerable to maliciously constructed AEAD input data.</p>
-</div>
-<div class="section" id="psa_aead_operation_t">
-<span id="c.psa_aead_operation_t"></span><h3><code class="docutils literal"><span class="pre">psa_aead_operation_t</span></code> (type)</h3>
-<p>The type of the state object for multi-part AEAD operations.</p>
-<pre class="literal-block">
-typedef <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a>;
-</pre>
-<p>Before calling any function on an AEAD operation object, the application must initialize it by any of the following means:</p>
-<ul>
-<li><p class="first">Set the object to all-bits-zero, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> operation;
-memset(&operation, 0, sizeof(operation));
-</pre>
-</li>
-<li><p class="first">Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:</p>
-<pre class="literal-block">
-static <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> operation;
-</pre>
-</li>
-<li><p class="first">Initialize the object to the initializer <a class="reference internal" href="#c.PSA_AEAD_OPERATION_INIT" title="PSA_AEAD_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code></a>, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> operation = <a class="reference internal" href="#c.PSA_AEAD_OPERATION_INIT" title="PSA_AEAD_OPERATION_INIT">PSA_AEAD_OPERATION_INIT</a>;
-</pre>
-</li>
-<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_aead_operation_init" title="psa_aead_operation_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_operation_init()</span></code></a> to the object, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> operation;
-operation = <a class="reference internal" href="#c.psa_aead_operation_init" title="psa_aead_operation_init">psa_aead_operation_init</a>();
-</pre>
-</li>
-</ul>
-<p>This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.</p>
-</div>
-<div class="section" id="PSA_AEAD_OPERATION_INIT">
-<span id="c.PSA_AEAD_OPERATION_INIT"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code> (macro)</h3>
-<p>This macro returns a suitable initializer for an AEAD operation object of type <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_AEAD_OPERATION_INIT" title="PSA_AEAD_OPERATION_INIT">PSA_AEAD_OPERATION_INIT</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-</div>
-<div class="section" id="psa_aead_operation_init">
-<span id="c.psa_aead_operation_init"></span><h3><code class="docutils literal"><span class="pre">psa_aead_operation_init</span></code> (function)</h3>
-<p>Return an initial value for an AEAD operation object.</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> <a class="reference internal" href="#c.psa_aead_operation_init" title="psa_aead_operation_init">psa_aead_operation_init</a>(void);
-</pre>
-<p class="rubric">Returns: <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="docutils literal"><span class="pre">psa_aead_operation_t</span></code></a></p>
-</div>
-<div class="section" id="psa_aead_encrypt_setup">
-<span id="c.psa_aead_encrypt_setup"></span><h3><code class="docutils literal"><span class="pre">psa_aead_encrypt_setup</span></code> (function)</h3>
-<p>Set the key for a multi-part authenticated encryption operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup">psa_aead_encrypt_setup</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
- <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a> and not yet in use.</dd>
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
-It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The AEAD algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be inactive.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not an AEAD algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not an AEAD algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The sequence of operations to encrypt a message with authentication is as follows:</p>
-<ol class="arabic simple">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a>, e.g. <a class="reference internal" href="#c.PSA_AEAD_OPERATION_INIT" title="PSA_AEAD_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> to specify the algorithm and key.</li>
-<li>If needed, call <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> to specify the length of the inputs to the subsequent calls to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> and <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>. See the documentation of <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> for details.</li>
-<li>Call either <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> to generate or set the nonce. It is recommended to use <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> unless the protocol being implemented requires a specific nonce value.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> zero, one or more times, passing a fragment of the non-encrypted additional authenticated data each time.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> zero, one or more times, passing a fragment of the message to encrypt each time.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a>.</li>
-</ol>
-<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>. The application can call <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
-<ul class="simple">
-<li>A successful call to <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a>.</li>
-<li>A call to <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</li>
-</ul>
-</div>
-<div class="section" id="psa_aead_decrypt_setup">
-<span id="c.psa_aead_decrypt_setup"></span><h3><code class="docutils literal"><span class="pre">psa_aead_decrypt_setup</span></code> (function)</h3>
-<p>Set the key for a multi-part authenticated decryption operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup">psa_aead_decrypt_setup</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
- <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a> and not yet in use.</dd>
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
-It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The AEAD algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be inactive.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not an AEAD algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not an AEAD algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The sequence of operations to decrypt a message with authentication is as follows:</p>
-<ol class="arabic simple">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a>, e.g. <a class="reference internal" href="#c.PSA_AEAD_OPERATION_INIT" title="PSA_AEAD_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a> to specify the algorithm and key.</li>
-<li>If needed, call <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> to specify the length of the inputs to the subsequent calls to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> and <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>. See the documentation of <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> for details.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> with the nonce for the decryption.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> zero, one or more times, passing a fragment of the non-encrypted additional authenticated data each time.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> zero, one or more times, passing a fragment of the ciphertext to decrypt each time.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a>.</li>
-</ol>
-<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>. The application can call <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
-<ul class="simple">
-<li>A successful call to <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a>.</li>
-<li>A call to <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</li>
-</ul>
-</div>
-<div class="section" id="psa_aead_set_lengths">
-<span id="c.psa_aead_set_lengths"></span><h3><code class="docutils literal"><span class="pre">psa_aead_set_lengths</span></code> (function)</h3>
-<p>Declare the lengths of the message and additional data for AEAD.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths">psa_aead_set_lengths</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
- size_t ad_length,
- size_t plaintext_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active AEAD operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">ad_length</span></code></dt>
-<dd>Size of the non-encrypted additional authenticated data in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">plaintext_length</span></code></dt>
-<dd>Size of the plaintext to encrypt in bytes.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active, and <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> and <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> must not have been called yet.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">ad_length</span></code> or <code class="docutils literal"><span class="pre">plaintext_length</span></code> are too large for the chosen algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">ad_length</span></code> or <code class="docutils literal"><span class="pre">plaintext_length</span></code> are too large for the implementation.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The application must call this function before calling <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a>, if the algorithm for the operation requires it. If the algorithm does not require it, calling this function is optional, but if this function is called then the implementation must enforce the lengths.</p>
-<ul class="simple">
-<li>For <a class="reference internal" href="#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CCM</span></code></a>, calling this function is required.</li>
-<li>For the other AEAD algorithms defined in this specification, calling this function is not required.</li>
-<li>For vendor-defined algorithm, refer to the vendor documentation.</li>
-</ul>
-<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
-</div>
-<div class="section" id="psa_aead_generate_nonce">
-<span id="c.psa_aead_generate_nonce"></span><h3><code class="docutils literal"><span class="pre">psa_aead_generate_nonce</span></code> (function)</h3>
-<p>Generate a random nonce for an authenticated encryption operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce">psa_aead_generate_nonce</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
- uint8_t * nonce,
- size_t nonce_size,
- size_t * nonce_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active AEAD operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">nonce</span></code></dt>
-<dd>Buffer where the generated nonce is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">nonce_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">nonce</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>A sufficient output size is <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of key and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that were used to set up the operation.</li>
-<li><a class="reference internal" href="#c.PSA_AEAD_NONCE_MAX_SIZE" title="PSA_AEAD_NONCE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_NONCE_MAX_SIZE</span></code></a> evaluates to a sufficient output size for any supported AEAD algorithm.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">nonce_length</span></code></dt>
-<dd>On success, the number of bytes of the generated nonce.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*nonce_length)</span></code> bytes of <code class="docutils literal"><span class="pre">nonce</span></code> contain the generated nonce.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be an active AEAD encryption operation, with no nonce set.</li>
-<li>The operation state is not valid: this is an algorithm which requires <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> to be called before setting the nonce.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">nonce</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH()</span></code></a> or <a class="reference internal" href="#c.PSA_AEAD_NONCE_MAX_SIZE" title="PSA_AEAD_NONCE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_NONCE_MAX_SIZE</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This function generates a random nonce for the authenticated encryption operation with an appropriate size for the chosen algorithm, key type and key size.</p>
-<p>Most algorithms generate a default-length nonce, as returned by <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH()</span></code></a>. Some algorithms can return a shorter nonce from <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a>, see the individual algorithm descriptions for details.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> before calling this function. If applicable for the algorithm, the application must call <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> before calling this function.</p>
-<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
-</div>
-<div class="section" id="psa_aead_set_nonce">
-<span id="c.psa_aead_set_nonce"></span><h3><code class="docutils literal"><span class="pre">psa_aead_set_nonce</span></code> (function)</h3>
-<p>Set the nonce for an authenticated encryption or decryption operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce">psa_aead_set_nonce</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
- const uint8_t * nonce,
- size_t nonce_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active AEAD operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">nonce</span></code></dt>
-<dd>Buffer containing the nonce to use.</dd>
-<dt> <code class="docutils literal"><span class="pre">nonce_length</span></code></dt>
-<dd>Size of the nonce in bytes. This must be a valid nonce size for the chosen algorithm. The default nonce size is <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">alg</span></code> are type of key and the algorithm respectively that were used to set up the AEAD operation.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active, with no nonce set.</li>
-<li>The operation state is not valid: this is an algorithm which requires <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> to be called before setting the nonce.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">nonce_length</span></code> is not valid for the chosen algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">nonce_length</span></code> is not supported for use with the operation’s algorithm and key.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This function sets the nonce for the authenticated encryption or decryption operation.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a> before calling this function. If applicable for the algorithm, the application must call <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> before calling this function.</p>
-<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">When encrypting, <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> is recommended instead of using this function, unless implementing a protocol that requires a non-random IV.</p>
-</div>
-</div>
-<div class="section" id="psa_aead_update_ad">
-<span id="c.psa_aead_update_ad"></span><h3><code class="docutils literal"><span class="pre">psa_aead_update_ad</span></code> (function)</h3>
-<p>Pass additional data to an active AEAD operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad">psa_aead_update_ad</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
- const uint8_t * input,
- size_t input_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active AEAD operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the fragment of additional data.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd><p class="first">Success.</p>
-<div class="last admonition warning">
-<p class="first admonition-title">Warning</p>
-<p>When decrypting, do not trust the additional data until <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> succeeds.</p>
-<p class="last">See the <a class="reference internal" href="#aead-multi-part-warning"><span class="std std-ref">detailed warning</span></a>.</p>
-</div>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active, have a nonce set, have lengths set if required by the algorithm, and <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> must not have been called yet.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd>Excess additional data: the total input length to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> is greater than the additional data length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a>, or is too large for the chosen AEAD algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd>The total additional data length is too large for the implementation.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>Additional data is authenticated, but not encrypted.</p>
-<p>This function can be called multiple times to pass successive fragments of the additional data. This function must not be called after passing data to encrypt or decrypt with <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>.</p>
-<p>The following must occur before calling this function:</p>
-<ol class="arabic simple">
-<li>Call either <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a>.</li>
-<li>Set the nonce with <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a>.</li>
-</ol>
-<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
-</div>
-<div class="section" id="psa_aead_update">
-<span id="c.psa_aead_update"></span><h3><code class="docutils literal"><span class="pre">psa_aead_update</span></code> (function)</h3>
-<p>Encrypt or decrypt a message fragment in an active AEAD operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update">psa_aead_update</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
- const uint8_t * input,
- size_t input_length,
- uint8_t * output,
- size_t output_size,
- size_t * output_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active AEAD operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the message fragment to encrypt or decrypt.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
-<dd>Buffer where the output is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>A sufficient output size is <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">input_length</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of key and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that were used to set up the operation.</li>
-<li><a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">input_length</span></code><code class="docutils literal"><span class="pre">)</span></code> evaluates to the maximum output size of any supported AEAD algorithm.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned output.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd><p class="first">Success.
-The first <code class="docutils literal"><span class="pre">(*output_length)</span></code> of <code class="docutils literal"><span class="pre">output</span></code> contains the output data.</p>
-<div class="last admonition warning">
-<p class="first admonition-title">Warning</p>
-<p>When decrypting, do not use the output until <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> succeeds.</p>
-<p class="last">See the <a class="reference internal" href="#aead-multi-part-warning"><span class="std std-ref">detailed warning</span></a>.</p>
-</div>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active, have a nonce set, and have lengths set if required by the algorithm.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">output</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE()</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>Incomplete additional data: the total length of input to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> is less than the additional data length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a>.</li>
-<li>Excess input data: the total length of input to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> is greater than the plaintext length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a>, or is too large for the specific AEAD algorithm.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd>The total input length is too large for the implementation.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The following must occur before calling this function:</p>
-<ol class="arabic simple">
-<li>Call either <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a>. The choice of setup function determines whether this function encrypts or decrypts its input.</li>
-<li>Set the nonce with <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> to pass all the additional data.</li>
-</ol>
-<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
-<p>This function does not require the input to be aligned to any particular block boundary. If the implementation can only process a whole block at a time, it must consume all the input provided, but it might delay the end of the corresponding output until a subsequent call to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>, <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a> or <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> provides sufficient input. The amount of data that can be delayed in this way is bounded by <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-<div class="section" id="psa_aead_finish">
-<span id="c.psa_aead_finish"></span><h3><code class="docutils literal"><span class="pre">psa_aead_finish</span></code> (function)</h3>
-<p>Finish encrypting a message in an AEAD operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish">psa_aead_finish</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
- uint8_t * ciphertext,
- size_t ciphertext_size,
- size_t * ciphertext_length,
- uint8_t * tag,
- size_t tag_size,
- size_t * tag_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active AEAD operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">ciphertext</span></code></dt>
-<dd>Buffer where the last part of the ciphertext is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">ciphertext_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">ciphertext</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>A sufficient output size is <a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of key and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that were used to set up the operation.</li>
-<li><a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE" title="PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported AEAD algorithm.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">ciphertext_length</span></code></dt>
-<dd>On success, the number of bytes of returned ciphertext.</dd>
-<dt> <code class="docutils literal"><span class="pre">tag</span></code></dt>
-<dd>Buffer where the authentication tag is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">tag_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">tag</span></code> buffer in bytes.
-This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>The exact tag size is <a class="reference internal" href="#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are the type and bit-size of the key, and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that were used in the call to <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a>.</li>
-<li><a class="reference internal" href="#c.PSA_AEAD_TAG_MAX_SIZE" title="PSA_AEAD_TAG_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_TAG_MAX_SIZE</span></code></a> evaluates to the maximum tag size of any supported AEAD algorithm.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">tag_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned tag.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*tag_length)</span></code> bytes of <code class="docutils literal"><span class="pre">tag</span></code> contain the authentication tag.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be an active encryption operation with a nonce set.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">ciphertext</span></code> or <code class="docutils literal"><span class="pre">tag</span></code> buffer is too small.
-<a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE" title="PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</span></code></a> can be used to determine the required <code class="docutils literal"><span class="pre">ciphertext</span></code> buffer size.
-<a class="reference internal" href="#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_TAG_LENGTH()</span></code></a> or <a class="reference internal" href="#c.PSA_AEAD_TAG_MAX_SIZE" title="PSA_AEAD_TAG_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_TAG_MAX_SIZE</span></code></a> can be used to determine the required <code class="docutils literal"><span class="pre">tag</span></code> buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>Incomplete additional data: the total length of input to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> is less than the additional data length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a>.</li>
-<li>Incomplete plaintext: the total length of input to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> is less than the plaintext length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The operation must have been set up with <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a>.</p>
-<p>This function finishes the authentication of the additional data formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> with the plaintext formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>.</p>
-<p>This function has two output buffers:</p>
-<ul class="simple">
-<li><code class="docutils literal"><span class="pre">ciphertext</span></code> contains trailing ciphertext that was buffered from preceding calls to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>.</li>
-<li><code class="docutils literal"><span class="pre">tag</span></code> contains the authentication tag.</li>
-</ul>
-<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
-</div>
-<div class="section" id="psa_aead_verify">
-<span id="c.psa_aead_verify"></span><h3><code class="docutils literal"><span class="pre">psa_aead_verify</span></code> (function)</h3>
-<p>Finish authenticating and decrypting a message in an AEAD operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify">psa_aead_verify</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
- uint8_t * plaintext,
- size_t plaintext_size,
- size_t * plaintext_length,
- const uint8_t * tag,
- size_t tag_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active AEAD operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">plaintext</span></code></dt>
-<dd>Buffer where the last part of the plaintext is to be written. This is the remaining data from previous calls to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> that could not be processed until the end of the input.</dd>
-<dt> <code class="docutils literal"><span class="pre">plaintext_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">plaintext</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>A sufficient output size is <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of key and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that were used to set up the operation.</li>
-<li><a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported AEAD algorithm.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">plaintext_length</span></code></dt>
-<dd>On success, the number of bytes of returned plaintext.</dd>
-<dt> <code class="docutils literal"><span class="pre">tag</span></code></dt>
-<dd>Buffer containing the expected authentication tag.</dd>
-<dt> <code class="docutils literal"><span class="pre">tag_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">tag</span></code> buffer in bytes.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-For a decryption operation, it is now safe to use the additional data and the plaintext output.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be an active decryption operation with a nonce set.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
-<dd>The calculated authentication tag does not match the value in <code class="docutils literal"><span class="pre">tag</span></code>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">plaintext</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>Incomplete additional data: the total length of input to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> is less than the additional data length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a>.</li>
-<li>Incomplete ciphertext: the total length of input to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> is less than the plaintext length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The operation must have been set up with <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a>.</p>
-<p>This function finishes the authenticated decryption of the message components:</p>
-<ul class="simple">
-<li>The additional data consisting of the concatenation of the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a>.</li>
-<li>The ciphertext consisting of the concatenation of the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>.</li>
-<li>The tag passed to this function call.</li>
-</ul>
-<p>If the authentication tag is correct, this function outputs any remaining plaintext and reports success. If the authentication tag is not correct, this function returns <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a>.</p>
-<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">Implementations must make the best effort to ensure that the comparison between the actual tag and the expected tag is performed in constant time.</p>
-</div>
-</div>
-<div class="section" id="psa_aead_abort">
-<span id="c.psa_aead_abort"></span><h3><code class="docutils literal"><span class="pre">psa_aead_abort</span></code> (function)</h3>
-<p>Abort an AEAD operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort">psa_aead_abort</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Initialized AEAD operation.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The operation object can now be discarded or reused.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>Aborting an operation frees all associated resources except for the <code class="docutils literal"><span class="pre">operation</span></code> object itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a> again.</p>
-<p>This function can be called any time after the operation object has been initialized as described in <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a>.</p>
-<p>In particular, calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a> after the operation has been terminated by a call to <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>, <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a> or <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> is safe and has no effect.</p>
-</div>
-</div>
-<div class="section" id="support-macros">
-<h2>10.5.4. Support macros</h2>
-<div class="section" id="PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER">
-<span id="c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</span></code> (macro)</h3>
-<p>Whether the specified algorithm is an AEAD mode on a block cipher.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER" title="PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an AEAD algorithm which is an AEAD mode based on a block cipher, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
-<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-</div>
-<div class="section" id="PSA_AEAD_ENCRYPT_OUTPUT_SIZE">
-<span id="c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</h3>
-<p>A sufficient ciphertext buffer size for <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt()</span></code></a>, in bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_SIZE">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</a>(key_type, alg, plaintext_length) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">plaintext_length</span></code></dt>
-<dd>Size of the plaintext in bytes.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The AEAD ciphertext size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.</p>
-<p class="rubric">Description</p>
-<p>If the size of the ciphertext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt()</span></code></a> will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the ciphertext might be smaller.</p>
-<p>See also <a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE">
-<span id="c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient ciphertext buffer size for <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt()</span></code></a>, for any of the supported key types and AEAD algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE</a>(plaintext_length) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">plaintext_length</span></code></dt>
-<dd>Size of the plaintext in bytes.</dd>
-</dl>
-<p class="rubric">Description</p>
-<p>If the size of the ciphertext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_AEAD_DECRYPT_OUTPUT_SIZE">
-<span id="c.PSA_AEAD_DECRYPT_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE</span></code> (macro)</h3>
-<p>A sufficient plaintext buffer size for <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt()</span></code></a>, in bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_SIZE">PSA_AEAD_DECRYPT_OUTPUT_SIZE</a>(key_type, alg, ciphertext_length) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">ciphertext_length</span></code></dt>
-<dd>Size of the ciphertext in bytes.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The AEAD plaintext size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.</p>
-<p class="rubric">Description</p>
-<p>If the size of the plaintext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt()</span></code></a> will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the plaintext might be smaller.</p>
-<p>See also <a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE">
-<span id="c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient plaintext buffer size for <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt()</span></code></a>, for any of the supported key types and AEAD algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</a>(ciphertext_length) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">ciphertext_length</span></code></dt>
-<dd>Size of the ciphertext in bytes.</dd>
-</dl>
-<p class="rubric">Description</p>
-<p>If the size of the plaintext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_AEAD_NONCE_LENGTH">
-<span id="c.PSA_AEAD_NONCE_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH</span></code> (macro)</h3>
-<p>The default nonce size for an AEAD algorithm, in bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH">PSA_AEAD_NONCE_LENGTH</a>(key_type, alg) <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The default nonce size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.</p>
-<p class="rubric">Description</p>
-<p>If the size of the nonce buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>For most AEAD algorithms, <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH()</span></code></a> evaluates to the exact size of the nonce generated by <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a>.</p>
-<p>See also <a class="reference internal" href="#c.PSA_AEAD_NONCE_MAX_SIZE" title="PSA_AEAD_NONCE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_NONCE_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_AEAD_NONCE_MAX_SIZE">
-<span id="c.PSA_AEAD_NONCE_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient buffer size for storing the nonce generated by <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a>, for any of the supported key types and AEAD algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_AEAD_NONCE_MAX_SIZE" title="PSA_AEAD_NONCE_MAX_SIZE">PSA_AEAD_NONCE_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>If the size of the nonce buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_AEAD_UPDATE_OUTPUT_SIZE">
-<span id="c.PSA_AEAD_UPDATE_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code> (macro)</h3>
-<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE">PSA_AEAD_UPDATE_OUTPUT_SIZE</a>(key_type, alg, input_length) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the input in bytes.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>A sufficient output buffer size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.</p>
-<p class="rubric">Description</p>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.</p>
-<p>See also <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE">
-<span id="c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>, for any of the supported key types and AEAD algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE</a>(input_length) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the input in bytes.</dd>
-</dl>
-<p class="rubric">Description</p>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_AEAD_FINISH_OUTPUT_SIZE">
-<span id="c.PSA_AEAD_FINISH_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code> (macro)</h3>
-<p>A sufficient ciphertext buffer size for <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE">PSA_AEAD_FINISH_OUTPUT_SIZE</a>(key_type, alg) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>A sufficient ciphertext buffer size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.</p>
-<p class="rubric">Description</p>
-<p>If the size of the ciphertext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a> will not fail due to an insufficient ciphertext buffer size. The actual size of the output might be smaller in any given call.</p>
-<p>See also <a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE" title="PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_AEAD_FINISH_OUTPUT_MAX_SIZE">
-<span id="c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient ciphertext buffer size for <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a>, for any of the supported key types and AEAD algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE" title="PSA_AEAD_FINISH_OUTPUT_MAX_SIZE">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>If the size of the ciphertext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a> will not fail due to an insufficient ciphertext buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_AEAD_TAG_LENGTH">
-<span id="c.PSA_AEAD_TAG_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code> (macro)</h3>
-<p>The length of a tag for an AEAD algorithm, in bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH">PSA_AEAD_TAG_LENGTH</a>(key_type, key_bits, alg) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>The type of the AEAD key.</dd>
-<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
-<dd>The size of the AEAD key in bits.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The tag length for the specified algorithm and key.
-If the AEAD algorithm does not have an identified tag that can be distinguished from the rest of the ciphertext, return <code class="docutils literal"><span class="pre">0</span></code>. If the AEAD algorithm is not recognized, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for an AEAD algorithm that it recognizes, but does not support.</p>
-<p class="rubric">Description</p>
-<p>This is the size of the tag output from <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a>.</p>
-<p>If the size of the tag buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a> will not fail due to an insufficient tag buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_AEAD_TAG_MAX_SIZE" title="PSA_AEAD_TAG_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_TAG_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_AEAD_TAG_MAX_SIZE">
-<span id="c.PSA_AEAD_TAG_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_TAG_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient buffer size for storing the tag output by <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a>, for any of the supported key types and AEAD algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_AEAD_TAG_MAX_SIZE" title="PSA_AEAD_TAG_MAX_SIZE">PSA_AEAD_TAG_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>If the size of the tag buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_TAG_LENGTH()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_AEAD_VERIFY_OUTPUT_SIZE">
-<span id="c.PSA_AEAD_VERIFY_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code> (macro)</h3>
-<p>A sufficient plaintext buffer size for <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a>, in bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_SIZE">PSA_AEAD_VERIFY_OUTPUT_SIZE</a>(key_type, alg) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>A sufficient plaintext buffer size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.</p>
-<p class="rubric">Description</p>
-<p>If the size of the plaintext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> will not fail due to an insufficient plaintext buffer size. The actual size of the output might be smaller in any given call.</p>
-<p>See also <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE">
-<span id="c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient plaintext buffer size for <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a>, for any of the supported key types and AEAD algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>If the size of the plaintext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
-<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests (Hashes)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
-<li class="toctree-l2 current"><a class="current reference internal" href="#">10.5. Authenticated encryption with associated data (AEAD)</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#aead-algorithms">10.5.1. AEAD algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#single-part-aead-functions">10.5.2. Single-part AEAD functions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#multi-part-aead-operations">10.5.3. Multi-part AEAD operations</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#support-macros">10.5.4. Support macros</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
-<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
-<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
-<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
-</ul>
-</li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/ops/aead.html'" />
diff --git a/docs/1.1.0/html/api/ops/algorithms.html b/docs/1.1.0/html/api/ops/algorithms.html
index 7373bb0..e1e0505 100644
--- a/docs/1.1.0/html/api/ops/algorithms.html
+++ b/docs/1.1.0/html/api/ops/algorithms.html
@@ -1,354 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>10.1. Algorithms — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="10.2. Message digests (Hashes)" href="hashes.html" />
- <link rel="prev" title="10. Cryptographic operation reference" href="index.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="algorithms">
-<span id="id1"></span><h1>10.1. Algorithms</h1>
-<p>This specification encodes algorithms into a structured 32-bit integer value.</p>
-<p>Algorithm identifiers are used for two purposes in this API:</p>
-<ol class="arabic simple">
-<li>To specify a specific algorithm to use in a cryptographic operation. These are all defined in <a class="reference internal" href="index.html#crypto-operations"><span class="secref">Cryptographic operation reference</span></a>.</li>
-<li>To specify the policy for a key, identifying the permitted algorithm for use with the key. This use is described in <a class="reference internal" href="../keys/policy.html#key-policy"><span class="secref">Key policies</span></a>.</li>
-</ol>
-<p>The specific algorithm identifiers are described alongside the cryptographic operation functions to which they apply:</p>
-<ul class="simple">
-<li><a class="reference internal" href="hashes.html#hash-algorithms"><span class="secref">Hash algorithms</span></a></li>
-<li><a class="reference internal" href="macs.html#mac-algorithms"><span class="secref">MAC algorithms</span></a></li>
-<li><a class="reference internal" href="ciphers.html#cipher-algorithms"><span class="secref">Cipher algorithms</span></a></li>
-<li><a class="reference internal" href="aead.html#aead-algorithms"><span class="secref">AEAD algorithms</span></a></li>
-<li><a class="reference internal" href="kdf.html#key-derivation-algorithms"><span class="secref">Key derivation algorithms</span></a></li>
-<li><a class="reference internal" href="sign.html#sign-algorithms"><span class="secref">Asymmetric signature algorithms</span></a></li>
-<li><a class="reference internal" href="pke.html#asymmetric-encryption-algorithms"><span class="secref">Asymmetric encryption algorithms</span></a></li>
-<li><a class="reference internal" href="ka.html#key-agreement-algorithms"><span class="secref">Key agreement algorithms</span></a></li>
-</ul>
-<div class="section" id="algorithm-encoding">
-<h2>10.1.1. Algorithm encoding</h2>
-<div class="section" id="psa_algorithm_t">
-<span id="c.psa_algorithm_t"></span><h3><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code> (type)</h3>
-<p>Encoding of a cryptographic algorithm.</p>
-<pre class="literal-block">
-typedef uint32_t <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>;
-</pre>
-<p>This is a structured bitfield that identifies the category and type of algorithm. The range of algorithm identifier values is divided as follows:</p>
-<dl class="docutils">
-<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x00000000</span></code></dt>
-<dd>Reserved as an invalid algorithm identifier.</dd>
-<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x00000001</span></code><code class="docutils literal"> <span class="pre">–</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7fffffff</span></code></dt>
-<dd>Specification-defined algorithm identifiers.
-Algorithm identifiers defined by this standard always have bit 31 clear.
-Unallocated algorithm identifier values in this range are reserved for future use.</dd>
-<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x80000000</span></code><code class="docutils literal"> <span class="pre">–</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xffffffff</span></code></dt>
-<dd>Implementation-defined algorithm identifiers.
-Implementations that define additional algorithms must use an encoding with bit 31 set.
-The related support macros will be easier to write if these algorithm identifier encodings also respect the bitwise structure used by standard encodings.</dd>
-</dl>
-<p>For algorithms that can be applied to multiple key types, this identifier does not encode the key type. For example, for symmetric ciphers based on a block cipher, <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> encodes the block cipher mode and the padding mode while the block cipher itself is encoded via <a class="reference internal" href="../keys/types.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>.</p>
-<p>The <a class="reference internal" href="../../appendix/encodings.html#appendix-encodings"><span class="secref">Algorithm and key type encoding</span></a> appendix provides a full definition of the algorithm identifier encoding.</p>
-</div>
-<div class="section" id="PSA_ALG_NONE">
-<span id="c.PSA_ALG_NONE"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_NONE</span></code> (macro)</h3>
-<p>An invalid algorithm identifier value.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_NONE" title="PSA_ALG_NONE">PSA_ALG_NONE</a> ((<a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0)
-</pre>
-<p>Zero is not the encoding of any algorithm.</p>
-</div>
-</div>
-<div class="section" id="algorithm-categories">
-<h2>10.1.2. Algorithm categories</h2>
-<div class="section" id="PSA_ALG_IS_HASH">
-<span id="c.PSA_ALG_IS_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a hash algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH">PSA_ALG_IS_HASH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a hash algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See <a class="reference internal" href="hashes.html#hash-algorithms"><span class="secref">Hash algorithms</span></a> for a list of defined hash algorithms.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_MAC">
-<span id="c.PSA_ALG_IS_MAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a MAC algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC">PSA_ALG_IS_MAC</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a MAC algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See <a class="reference internal" href="macs.html#mac-algorithms"><span class="secref">MAC algorithms</span></a> for a list of defined MAC algorithms.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_CIPHER">
-<span id="c.PSA_ALG_IS_CIPHER"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a symmetric cipher algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER">PSA_ALG_IS_CIPHER</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a symmetric cipher algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See <a class="reference internal" href="ciphers.html#cipher-algorithms"><span class="secref">Cipher algorithms</span></a> for a list of defined cipher algorithms.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_AEAD">
-<span id="c.PSA_ALG_IS_AEAD"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code> (macro)</h3>
-<p>Whether the specified algorithm is an authenticated encryption with associated data (AEAD) algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD">PSA_ALG_IS_AEAD</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an AEAD algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See <a class="reference internal" href="aead.html#aead-algorithms"><span class="secref">AEAD algorithms</span></a> for a list of defined AEAD algorithms.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_SIGN">
-<span id="c.PSA_ALG_IS_SIGN"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN</span></code> (macro)</h3>
-<p>Whether the specified algorithm is an asymmetric signature algorithm, also known as public-key signature algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN">PSA_ALG_IS_SIGN</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an asymmetric signature algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See <a class="reference internal" href="sign.html#sign-algorithms"><span class="secref">Asymmetric signature algorithms</span></a> for a list of defined signature algorithms.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION">
-<span id="c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code> (macro)</h3>
-<p>Whether the specified algorithm is an asymmetric encryption algorithm, also known as public-key encryption algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an asymmetric encryption algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See <a class="reference internal" href="pke.html#asymmetric-encryption-algorithms"><span class="secref">Asymmetric encryption algorithms</span></a> for a list of defined asymmetric encryption algorithms.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_KEY_AGREEMENT">
-<span id="c.PSA_ALG_IS_KEY_AGREEMENT"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a key agreement algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT">PSA_ALG_IS_KEY_AGREEMENT</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a key agreement algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See <a class="reference internal" href="ka.html#key-agreement-algorithms"><span class="secref">Key agreement algorithms</span></a> for a list of defined key agreement algorithms.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_KEY_DERIVATION">
-<span id="c.PSA_ALG_IS_KEY_DERIVATION"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a key derivation algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION">PSA_ALG_IS_KEY_DERIVATION</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a key derivation algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See <a class="reference internal" href="kdf.html#key-derivation-algorithms"><span class="secref">Key derivation algorithms</span></a> for a list of defined key derivation algorithms.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_WILDCARD">
-<span id="c.PSA_ALG_IS_WILDCARD"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD</span></code> (macro)</h3>
-<p>Whether the specified algorithm encoding is a wildcard.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD">PSA_ALG_IS_WILDCARD</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a wildcard algorithm encoding.</p>
-<p><code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a non-wildcard algorithm encoding that is suitable for an operation.</p>
-<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>Wildcard algorithm values can only be used to set the permitted algorithm field in a key policy, wildcard values cannot be used to perform an operation.</p>
-<p>See <a class="reference internal" href="sign.html#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> for example of how a wildcard algorithm can be used in a key policy.</p>
-</div>
-<div class="section" id="PSA_ALG_GET_HASH">
-<span id="c.PSA_ALG_GET_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code> (macro)</h3>
-<p>Get the hash used by a composite algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH">PSA_ALG_GET_HASH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The underlying hash algorithm if <code class="docutils literal"><span class="pre">alg</span></code> is a composite algorithm that uses a hash algorithm.</p>
-<p><a class="reference internal" href="#c.PSA_ALG_NONE" title="PSA_ALG_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_NONE</span></code></a> if <code class="docutils literal"><span class="pre">alg</span></code> is not a composite algorithm that uses a hash.</p>
-<p class="rubric">Description</p>
-<p>The following composite algorithms require a hash algorithm:</p>
-<ul class="simple">
-<li><a class="reference internal" href="sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA()</span></code></a></li>
-<li><a class="reference internal" href="kdf.html#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HKDF()</span></code></a></li>
-<li><a class="reference internal" href="macs.html#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HMAC()</span></code></a></li>
-<li><a class="reference internal" href="pke.html#c.PSA_ALG_RSA_OAEP" title="PSA_ALG_RSA_OAEP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_OAEP()</span></code></a></li>
-<li><a class="reference internal" href="sign.html#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN()</span></code></a></li>
-<li><a class="reference internal" href="sign.html#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS()</span></code></a></li>
-<li><a class="reference internal" href="sign.html#c.PSA_ALG_RSA_PSS_ANY_SALT" title="PSA_ALG_RSA_PSS_ANY_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS_ANY_SALT()</span></code></a></li>
-<li><a class="reference internal" href="kdf.html#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PRF()</span></code></a></li>
-<li><a class="reference internal" href="kdf.html#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS()</span></code></a></li>
-<li><a class="reference internal" href="kdf.html#c.PSA_ALG_PBKDF2_HMAC" title="PSA_ALG_PBKDF2_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_PBKDF2_HMAC()</span></code></a></li>
-</ul>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
-<li class="toctree-l2 current"><a class="current reference internal" href="#">10.1. Algorithms</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#algorithm-encoding">10.1.1. Algorithm encoding</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#algorithm-categories">10.1.2. Algorithm categories</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests (Hashes)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
-<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
-<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
-<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
-<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
-</ul>
-</li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/ops/algorithms.html'" />
diff --git a/docs/1.1.0/html/api/ops/ciphers.html b/docs/1.1.0/html/api/ops/ciphers.html
index 509bd73..f1c5a60 100644
--- a/docs/1.1.0/html/api/ops/ciphers.html
+++ b/docs/1.1.0/html/api/ops/ciphers.html
@@ -1,1231 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>10.4. Unauthenticated ciphers — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="10.5. Authenticated encryption with associated data (AEAD)" href="aead.html" />
- <link rel="prev" title="10.3. Message authentication codes (MAC)" href="macs.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="unauthenticated-ciphers">
-<span id="ciphers"></span><h1>10.4. Unauthenticated ciphers</h1>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p>The unauthenticated cipher API is provided to implement legacy protocols and for use cases where the data integrity and authenticity is guaranteed by non-cryptographic means.</p>
-<p class="last">It is recommended that newer protocols use <a class="reference internal" href="aead.html#aead"><span class="secref">Authenticated encryption with associated data (AEAD)</span></a>.</p>
-</div>
-<p>The single-part functions for encrypting or decrypting a message using an unauthenticated symmetric cipher are:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a> to encrypt a message using an unauthenticated symmetric cipher. The encryption function generates a random initialization vector (IV). Use the multi-part API to provide a deterministic IV: this is not secure in general, but can be secure in some conditions that depend on the algorithm.</li>
-<li><a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a> to decrypt a message using an unauthenticated symmetric cipher.</li>
-</ul>
-<p>The <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a> <a class="reference internal" href="../../overview/functionality.html#multi-part-operations"><span class="std std-ref">multi-part operation</span></a> permits alternative initialization parameters and allows messages to be processed in fragments. A multi-part cipher operation is used as follows:</p>
-<ol class="arabic simple">
-<li>Initialize the <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a> object to zero, or by assigning the value of the associated macro <a class="reference internal" href="#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a> to specify the algorithm and key.</li>
-<li>Provide additional parameters:<ul>
-<li>When encrypting data, generate or set an IV, nonce, or similar initial value such as an initial counter value. To generate a random IV, which is recommended in most protocols, call <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a>. To set the IV, call <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a>.</li>
-<li>When decrypting, set the IV or nonce. To set the IV, call <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a>.</li>
-</ul>
-</li>
-<li>Call the <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a> function on successive chunks of the message.</li>
-<li>Call <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a> to complete the operation and return any final output.</li>
-</ol>
-<p>To abort the operation or recover from an error, call <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>.</p>
-<div class="section" id="cipher-algorithms">
-<span id="id1"></span><h2>10.4.1. Cipher algorithms</h2>
-<div class="section" id="PSA_ALG_STREAM_CIPHER">
-<span id="c.PSA_ALG_STREAM_CIPHER"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code> (macro)</h3>
-<p>The stream cipher mode of a stream cipher algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER">PSA_ALG_STREAM_CIPHER</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04800100)
-</pre>
-<p>The underlying stream cipher is determined by the key type. The ARC4 and ChaCha20 ciphers use this algorithm identifier.</p>
-<p class="rubric">ARC4</p>
-<p>To use ARC4, use a key type of <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code></a> and algorithm id <a class="reference internal" href="#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a>.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">The ARC4 cipher is weak and deprecated and is only recommended for use in legacy protocols.</p>
-</div>
-<p>The ARC4 cipher does not use an initialization vector (IV). When using a multi-part cipher operation with the <a class="reference internal" href="#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a> algorithm and an ARC4 key, <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> and <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a> must not be called.</p>
-<p class="rubric">ChaCha20</p>
-<p>To use ChaCha20, use a key type of <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code></a> and algorithm id <a class="reference internal" href="#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a>.</p>
-<p>Implementations must support the variant that is defined in <span><em>ChaCha20 and Poly1305 for IETF Protocols</em> <a class="reference internal" href="../../about.html#citation-rfc7539"><span class="cite">[RFC7539]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc7539.html#section-2.4">§2.4</a>, which has a 96-bit nonce and a 32-bit counter. Implementations can optionally also support the original variant, as defined in <span><em>ChaCha, a variant of Salsa20</em> <a class="reference internal" href="../../about.html#citation-chacha20"><span class="cite">[CHACHA20]</span></a></span>, which has a 64-bit nonce and a 64-bit counter. Except where noted, the <a class="reference internal" href="../../about.html#citation-rfc7539"><span class="cite">[RFC7539]</span></a> variant must be used.</p>
-<p>ChaCha20 defines a nonce and an initial counter to be provided to the encryption and decryption operations. When using a ChaCha20 key with the <a class="reference internal" href="#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a> algorithm, these values are provided using the initialization vector (IV) functions in the following ways:</p>
-<ul class="simple">
-<li>A call to <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a> will generate a random 12-byte nonce, and set the counter value to zero. The random nonce is output as a 12-byte IV value in the output.</li>
-<li>A call to <a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a> will use first 12 bytes of the input buffer as the nonce and set the counter value to zero.</li>
-<li>A call to <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> on a multi-part cipher operation will generate and return a random 12-byte nonce and set the counter value to zero.</li>
-<li>A call to <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a> on a multi-part cipher operation can support the following IV sizes:<ul>
-<li>12 bytes: the provided IV is used as the nonce, and the counter value is set to zero.</li>
-<li>16 bytes: the first four bytes of the IV are used as the counter value (encoded as little-endian), and the remaining 12 bytes is used as the nonce.</li>
-<li>8 bytes: the cipher operation uses the original <a class="reference internal" href="../../about.html#citation-chacha20"><span class="cite">[CHACHA20]</span></a> definition of ChaCha20: the provided IV is used as the 64-bit nonce, and the 64-bit counter value is set to zero.</li>
-<li>It is recommended that implementations do not support other sizes of IV.</li>
-</ul>
-</li>
-</ul>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CTR">
-<span id="c.PSA_ALG_CTR"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CTR</span></code> (macro)</h3>
-<p>A stream cipher built using the Counter (CTR) mode of a block cipher.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_CTR" title="PSA_ALG_CTR">PSA_ALG_CTR</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01000)
-</pre>
-<p>CTR is a stream cipher which is built from a block cipher. The underlying block cipher is determined by the key type. For example, to use AES-128-CTR, use this algorithm with a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a> and a size of 128 bits (16 bytes).</p>
-<p>The CTR block cipher mode is defined in <span><em>NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques</em> <a class="reference internal" href="../../about.html#citation-sp800-38a"><span class="cite">[SP800-38A]</span></a></span>.</p>
-<p>CTR mode requires a <em>counter block</em> which is the same size as the cipher block length. The counter block is updated for each block (or a partial final block) that is encrypted or decrypted.</p>
-<p>A counter block value must only be used once across all messages encrypted using the same key value. This is typically achieved by splitting the counter block into a nonce, which is unique among all message encrypted with the key, and a counter which is incremented for each block of a message.</p>
-<p>For example, when using AES-CTR encryption, which uses a 16-byte block, the application can provide a 12-byte nonce when setting the IV. This leaves 4 bytes for the counter, allowing up to 2^32 blocks (64GB) of message data to be encrypted in each message.</p>
-<p>The first counter block is constructed from the initialization vector (IV). The initial counter block is is constructed in the following ways:</p>
-<ul class="simple">
-<li>A call to <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a> will generate a random counter block value. This is the first block of output.</li>
-<li>A call to <a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a> will use first block of the input buffer as the initial counter block value.</li>
-<li>A call to <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> on a multi-part cipher operation will generate and return a random counter block value.</li>
-<li>A call to <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a> on a multi-part cipher operation requires an IV that is between <code class="docutils literal"><span class="pre">1</span></code> and <em>n</em> bytes in length, where <em>n</em> is the cipher block length. The counter block is initialized using the IV, and padded with zero bytes up to the block length.</li>
-</ul>
-<p>During the counter block update operation, the counter block is treated as a single big-endian encoded integer and the update operation increments this integer by <code class="docutils literal"><span class="pre">1</span></code>.</p>
-<p>This scheme meets the recommendations in Appendix B of <a class="reference internal" href="../../about.html#citation-sp800-38a"><span class="cite psa_c psa_c-cite">[SP800-38A]</span></a>.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">The cipher block length can be determined using <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH()</span></code></a>.</p>
-</div>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARIA" title="PSA_KEY_TYPE_ARIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CFB">
-<span id="c.PSA_ALG_CFB"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CFB</span></code> (macro)</h3>
-<p>A stream cipher built using the Cipher Feedback (CFB) mode of a block cipher.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_CFB" title="PSA_ALG_CFB">PSA_ALG_CFB</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01100)
-</pre>
-<p>The underlying block cipher is determined by the key type. This is the variant of CFB where each iteration encrypts or decrypts a segment of the input that is the same length as the cipher block size. For example, using <a class="reference internal" href="#c.PSA_ALG_CFB" title="PSA_ALG_CFB"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CFB</span></code></a> with a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a> will result in the AES-CFB-128 cipher.</p>
-<p>CFB mode requires an initialization vector (IV) that is the same size as the cipher block length.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">The cipher block length can be determined using <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH()</span></code></a>.</p>
-</div>
-<p>The CFB block cipher mode is defined in <span><em>NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques</em> <a class="reference internal" href="../../about.html#citation-sp800-38a"><span class="cite">[SP800-38A]</span></a></span>, using a segment size <em>s</em> equal to the block size <em>b</em>. The definition in <a class="reference internal" href="../../about.html#citation-sp800-38a"><span class="cite psa_c psa_c-cite">[SP800-38A]</span></a> is extended to allow an incomplete final block of input, in which case the algorithm discards the final bytes of the key stream when encrypting or decrypting the final partial block.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARIA" title="PSA_KEY_TYPE_ARIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_OFB">
-<span id="c.PSA_ALG_OFB"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_OFB</span></code> (macro)</h3>
-<p>A stream cipher built using the Output Feedback (OFB) mode of a block cipher.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_OFB" title="PSA_ALG_OFB">PSA_ALG_OFB</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01200)
-</pre>
-<p>The underlying block cipher is determined by the key type.</p>
-<p>OFB mode requires an initialization vector (IV) that is the same size as the cipher block length. OFB mode requires that the IV is a nonce, and must be unique for each use of the mode with the same key.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">The cipher block length can be determined using <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH()</span></code></a>.</p>
-</div>
-<p>The OFB block cipher mode is defined in <span><em>NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques</em> <a class="reference internal" href="../../about.html#citation-sp800-38a"><span class="cite">[SP800-38A]</span></a></span>.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARIA" title="PSA_KEY_TYPE_ARIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_XTS">
-<span id="c.PSA_ALG_XTS"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_XTS</span></code> (macro)</h3>
-<p>The XEX with Ciphertext Stealing (XTS) cipher mode of a block cipher.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_XTS" title="PSA_ALG_XTS">PSA_ALG_XTS</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0440ff00)
-</pre>
-<p>XTS is a cipher mode which is built from a block cipher, designed for use in disk encryption. It requires at least one full cipher block length of input, but beyond this minimum the input does not need to be a whole number of blocks.</p>
-<p>XTS mode uses two keys for the underlying block cipher. These are provided by using a key that is twice the normal key size for the cipher. For example, to use AES-256-XTS the application must create a key with type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a> and bit size <code class="docutils literal"><span class="pre">512</span></code>.</p>
-<p>XTS mode requires an initialization vector (IV) that is the same size as the cipher block length. The IV for XTS is typically defined to be the sector number of the disk block being encrypted or decrypted.</p>
-<p>The XTS block cipher mode is defined in <span><em>1619-2018 --- IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices</em> <a class="reference internal" href="../../about.html#citation-ieee-xts"><span class="cite">[IEEE-XTS]</span></a></span>.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARIA" title="PSA_KEY_TYPE_ARIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_ECB_NO_PADDING">
-<span id="c.PSA_ALG_ECB_NO_PADDING"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ECB_NO_PADDING</span></code> (macro)</h3>
-<p>The Electronic Codebook (ECB) mode of a block cipher, with no padding.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_ECB_NO_PADDING" title="PSA_ALG_ECB_NO_PADDING">PSA_ALG_ECB_NO_PADDING</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404400)
-</pre>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">ECB mode does not protect the confidentiality of the encrypted data except in extremely narrow circumstances. It is recommended that applications only use ECB if they need to construct an operating mode that the implementation does not provide. Implementations are encouraged to provide the modes that applications need in preference to supporting direct access to ECB.</p>
-</div>
-<p>The underlying block cipher is determined by the key type.</p>
-<p>This symmetric cipher mode can only be used with messages whose lengths are a multiple of the block size of the chosen block cipher.</p>
-<p>ECB mode does not accept an initialization vector (IV). When using a multi-part cipher operation with this algorithm, <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> and <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a> must not be called.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">The cipher block length can be determined using <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH()</span></code></a>.</p>
-</div>
-<p>The ECB block cipher mode is defined in <span><em>NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques</em> <a class="reference internal" href="../../about.html#citation-sp800-38a"><span class="cite">[SP800-38A]</span></a></span>.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARIA" title="PSA_KEY_TYPE_ARIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CBC_NO_PADDING">
-<span id="c.PSA_ALG_CBC_NO_PADDING"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code> (macro)</h3>
-<p>The Cipher Block Chaining (CBC) mode of a block cipher, with no padding.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_CBC_NO_PADDING" title="PSA_ALG_CBC_NO_PADDING">PSA_ALG_CBC_NO_PADDING</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404000)
-</pre>
-<p>The underlying block cipher is determined by the key type.</p>
-<p>This symmetric cipher mode can only be used with messages whose lengths are a multiple of the block size of the chosen block cipher.</p>
-<p>CBC mode requires an initialization vector (IV) that is the same size as the cipher block length.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">The cipher block length can be determined using <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH()</span></code></a>.</p>
-</div>
-<p>The CBC block cipher mode is defined in <span><em>NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques</em> <a class="reference internal" href="../../about.html#citation-sp800-38a"><span class="cite">[SP800-38A]</span></a></span>.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARIA" title="PSA_KEY_TYPE_ARIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CBC_PKCS7">
-<span id="c.PSA_ALG_CBC_PKCS7"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CBC_PKCS7</span></code> (macro)</h3>
-<p>The Cipher Block Chaining (CBC) mode of a block cipher, with PKCS#7 padding.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_CBC_PKCS7" title="PSA_ALG_CBC_PKCS7">PSA_ALG_CBC_PKCS7</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404100)
-</pre>
-<p>The underlying block cipher is determined by the key type.</p>
-<p>CBC mode requires an initialization vector (IV) that is the same size as the cipher block length.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">The cipher block length can be determined using <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH()</span></code></a>.</p>
-</div>
-<p>The CBC block cipher mode is defined in <span><em>NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques</em> <a class="reference internal" href="../../about.html#citation-sp800-38a"><span class="cite">[SP800-38A]</span></a></span>. The padding operation is defined by <span><em>PKCS #7: Cryptographic Message Syntax Version 1.5</em> <a class="reference internal" href="../../about.html#citation-rfc2315"><span class="cite">[RFC2315]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc2315.html#section-10.3">§10.3</a>.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARIA" title="PSA_KEY_TYPE_ARIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code></a></div>
-</div>
-</div>
-</div>
-<div class="section" id="single-part-cipher-functions">
-<h2>10.4.2. Single-part cipher functions</h2>
-<div class="section" id="psa_cipher_encrypt">
-<span id="c.psa_cipher_encrypt"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_encrypt</span></code> (function)</h3>
-<p>Encrypt a message using a symmetric cipher.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt">psa_cipher_encrypt</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- const uint8_t * input,
- size_t input_length,
- uint8_t * output,
- size_t output_size,
- size_t * output_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation.
-It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The cipher algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the message to encrypt.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
-<dd>Buffer where the output is to be written. The output contains the IV followed by the ciphertext proper.</dd>
-<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>A sufficient output size is <a class="reference internal" href="#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">input_length</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of <code class="docutils literal"><span class="pre">key</span></code>.</li>
-<li><a class="reference internal" href="#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">input_length</span></code><code class="docutils literal"><span class="pre">)</span></code> evaluates to the maximum output size of any supported cipher encryption.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
-<dd>On success, the number of bytes that make up the output.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*output_length)</span></code> bytes of <code class="docutils literal"><span class="pre">output</span></code> contain the encrypted output.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">output</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE()</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not a cipher algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li>The <code class="docutils literal"><span class="pre">input_length</span></code> is not valid for the algorithm and key type. For example, the algorithm is a based on block cipher and requires a whole number of blocks, but the total input size is not a multiple of the block size.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> is too large for the implementation.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This function encrypts a message with a random initialization vector (IV).
-The length of the IV is <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of <code class="docutils literal"><span class="pre">key</span></code>.
-The output of <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a> is the IV followed by the ciphertext.</p>
-<p>Use the multi-part operation interface with a <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a> object to provide other forms of IV or to manage the IV and ciphertext independently.</p>
-</div>
-<div class="section" id="psa_cipher_decrypt">
-<span id="c.psa_cipher_decrypt"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_decrypt</span></code> (function)</h3>
-<p>Decrypt a message using a symmetric cipher.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt">psa_cipher_decrypt</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- const uint8_t * input,
- size_t input_length,
- uint8_t * output,
- size_t output_size,
- size_t * output_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
-It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The cipher algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the message to decrypt. This consists of the IV followed by the ciphertext proper.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
-<dd>Buffer where the plaintext is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>A sufficient output size is <a class="reference internal" href="#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">input_length</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of <code class="docutils literal"><span class="pre">key</span></code>.</li>
-<li><a class="reference internal" href="#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">input_length</span></code><code class="docutils literal"><span class="pre">)</span></code> evaluates to the maximum output size of any supported cipher decryption.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
-<dd>On success, the number of bytes that make up the output.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*output_length)</span></code> bytes of <code class="docutils literal"><span class="pre">output</span></code> contain the plaintext.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">output</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE()</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_PADDING" title="PSA_ERROR_INVALID_PADDING"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code></a></dt>
-<dd>The algorithm uses padding, and the input does not contain valid padding.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not a cipher algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li>The <code class="docutils literal"><span class="pre">input_length</span></code> is not valid for the algorithm and key type. For example, the algorithm is a based on block cipher and requires a whole number of blocks, but the total input size is not a multiple of the block size.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> is too large for the implementation.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This function decrypts a message encrypted with a symmetric cipher.</p>
-<p>The input to this function must contain the IV followed by the ciphertext, as output by <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a>. The IV must be <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> bytes in length, where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of <code class="docutils literal"><span class="pre">key</span></code>.</p>
-<p>Use the multi-part operation interface with a <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a> object to decrypt data which is not in the expected input format.</p>
-</div>
-</div>
-<div class="section" id="multi-part-cipher-operations">
-<h2>10.4.3. Multi-part cipher operations</h2>
-<div class="section" id="psa_cipher_operation_t">
-<span id="c.psa_cipher_operation_t"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_operation_t</span></code> (type)</h3>
-<p>The type of the state object for multi-part cipher operations.</p>
-<pre class="literal-block">
-typedef <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a>;
-</pre>
-<p>Before calling any function on a cipher operation object, the application must initialize it by any of the following means:</p>
-<ul>
-<li><p class="first">Set the object to all-bits-zero, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> operation;
-memset(&operation, 0, sizeof(operation));
-</pre>
-</li>
-<li><p class="first">Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:</p>
-<pre class="literal-block">
-static <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> operation;
-</pre>
-</li>
-<li><p class="first">Initialize the object to the initializer <a class="reference internal" href="#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code></a>, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> operation = <a class="reference internal" href="#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT">PSA_CIPHER_OPERATION_INIT</a>;
-</pre>
-</li>
-<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_cipher_operation_init" title="psa_cipher_operation_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_operation_init()</span></code></a> to the object, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> operation;
-operation = <a class="reference internal" href="#c.psa_cipher_operation_init" title="psa_cipher_operation_init">psa_cipher_operation_init</a>();
-</pre>
-</li>
-</ul>
-<p>This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.</p>
-</div>
-<div class="section" id="PSA_CIPHER_OPERATION_INIT">
-<span id="c.PSA_CIPHER_OPERATION_INIT"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code> (macro)</h3>
-<p>This macro returns a suitable initializer for a cipher operation object of type <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT">PSA_CIPHER_OPERATION_INIT</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-</div>
-<div class="section" id="psa_cipher_operation_init">
-<span id="c.psa_cipher_operation_init"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_operation_init</span></code> (function)</h3>
-<p>Return an initial value for a cipher operation object.</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> <a class="reference internal" href="#c.psa_cipher_operation_init" title="psa_cipher_operation_init">psa_cipher_operation_init</a>(void);
-</pre>
-<p class="rubric">Returns: <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a></p>
-</div>
-<div class="section" id="psa_cipher_encrypt_setup">
-<span id="c.psa_cipher_encrypt_setup"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_encrypt_setup</span></code> (function)</h3>
-<p>Set the key for a multi-part symmetric encryption operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup">psa_cipher_encrypt_setup</a>(<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
- <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a> and not yet in use.</dd>
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
-It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The cipher algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be inactive.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not a cipher algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The sequence of operations to encrypt a message with a symmetric cipher is as follows:</p>
-<ol class="arabic simple">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a>, e.g. <a class="reference internal" href="#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> to specify the algorithm and key.</li>
-<li>Call either <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a> to generate or set the initialization vector (IV), if the algorithm requires one. It is recommended to use <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> unless the protocol being implemented requires a specific IV value.</li>
-<li>Call <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a> zero, one or more times, passing a fragment of the message each time.</li>
-<li>Call <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a>.</li>
-</ol>
-<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>. The application can call <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
-<ul class="simple">
-<li>A successful call to <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a>.</li>
-<li>A call to <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>.</li>
-</ul>
-</div>
-<div class="section" id="psa_cipher_decrypt_setup">
-<span id="c.psa_cipher_decrypt_setup"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_decrypt_setup</span></code> (function)</h3>
-<p>Set the key for a multi-part symmetric decryption operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup">psa_cipher_decrypt_setup</a>(<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
- <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a> and not yet in use.</dd>
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
-It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The cipher algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be inactive.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not a cipher algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The sequence of operations to decrypt a message with a symmetric cipher is as follows:</p>
-<ol class="arabic simple">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a>, e.g. <a class="reference internal" href="#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a> to specify the algorithm and key.</li>
-<li>Call <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a> with the initialization vector (IV) for the decryption, if the algorithm requires one. This must match the IV used for the encryption.</li>
-<li>Call <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a> zero, one or more times, passing a fragment of the message each time.</li>
-<li>Call <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a>.</li>
-</ol>
-<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>. The application can call <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
-<ul class="simple">
-<li>A successful call to <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a>.</li>
-<li>A call to <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>.</li>
-</ul>
-</div>
-<div class="section" id="psa_cipher_generate_iv">
-<span id="c.psa_cipher_generate_iv"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_generate_iv</span></code> (function)</h3>
-<p>Generate an initialization vector (IV) for a symmetric encryption operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv">psa_cipher_generate_iv</a>(<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
- uint8_t * iv,
- size_t iv_size,
- size_t * iv_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active cipher operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">iv</span></code></dt>
-<dd>Buffer where the generated IV is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">iv_size</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">iv</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">alg</span></code> are type of key and the algorithm respectively that were used to set up the cipher operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">iv_length</span></code></dt>
-<dd>On success, the number of bytes of the generated IV.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*iv_length)</span></code> bytes of <code class="docutils literal"><span class="pre">iv</span></code> contain the generated IV.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The cipher algorithm does not use an IV.</li>
-<li>The operation state is not valid: it must be active, with no IV set.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">iv</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH()</span></code></a> or <a class="reference internal" href="#c.PSA_CIPHER_IV_MAX_SIZE" title="PSA_CIPHER_IV_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_IV_MAX_SIZE</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This function generates a random IV, nonce or initial counter value for the encryption operation as appropriate for the chosen algorithm, key type and key size.</p>
-<p>The generated IV is always the default length for the key and algorithm: <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code>, where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of key and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that were used to set up the operation. To generate different lengths of IV, use <a class="reference internal" href="rng.html#c.psa_generate_random" title="psa_generate_random"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_random()</span></code></a> and <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a>.</p>
-<p>If the cipher algorithm does not use an IV, calling this function returns a <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a> error. For these algorithms, <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> will be zero.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> before calling this function.</p>
-<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>.</p>
-</div>
-<div class="section" id="psa_cipher_set_iv">
-<span id="c.psa_cipher_set_iv"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_set_iv</span></code> (function)</h3>
-<p>Set the initialization vector (IV) for a symmetric encryption or decryption operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv">psa_cipher_set_iv</a>(<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
- const uint8_t * iv,
- size_t iv_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active cipher operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">iv</span></code></dt>
-<dd>Buffer containing the IV to use.</dd>
-<dt> <code class="docutils literal"><span class="pre">iv_length</span></code></dt>
-<dd>Size of the IV in bytes.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The cipher algorithm does not use an IV.</li>
-<li>The operation state is not valid: it must be an active cipher encrypt operation, with no IV set.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The chosen algorithm does not use an IV.</li>
-<li><code class="docutils literal"><span class="pre">iv_length</span></code> is not valid for the chosen algorithm.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">iv_length</span></code> is not supported for use with the operation’s algorithm and key.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This function sets the IV, nonce or initial counter value for the encryption or decryption operation.</p>
-<p>If the cipher algorithm does not use an IV, calling this function returns a <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a> error. For these algorithms, <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> will be zero.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a> before calling this function.</p>
-<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">When encrypting, <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> is recommended instead of using this function, unless implementing a protocol that requires a non-random IV.</p>
-</div>
-</div>
-<div class="section" id="psa_cipher_update">
-<span id="c.psa_cipher_update"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_update</span></code> (function)</h3>
-<p>Encrypt or decrypt a message fragment in an active cipher operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update">psa_cipher_update</a>(<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
- const uint8_t * input,
- size_t input_length,
- uint8_t * output,
- size_t output_size,
- size_t * output_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active cipher operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the message fragment to encrypt or decrypt.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
-<dd>Buffer where the output is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>A sufficient output size is <a class="reference internal" href="#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">input_length</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of key and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that were used to set up the operation.</li>
-<li><a class="reference internal" href="#c.PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">input_length</span></code><code class="docutils literal"><span class="pre">)</span></code> evaluates to the maximum output size of any supported cipher algorithm.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned output.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*output_length)</span></code> bytes of <code class="docutils literal"><span class="pre">output</span></code> contain the output data.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active, with an IV set if required for the algorithm.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">output</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE()</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd>The total input size passed to this operation is too large for this particular algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd>The total input size passed to this operation is too large for the implementation.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The following must occur before calling this function:</p>
-<ol class="arabic simple">
-<li>Call either <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a>. The choice of setup function determines whether this function encrypts or decrypts its input.</li>
-<li>If the algorithm requires an IV, call <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a>. <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> is recommended when encrypting.</li>
-</ol>
-<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>.</p>
-</div>
-<div class="section" id="psa_cipher_finish">
-<span id="c.psa_cipher_finish"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_finish</span></code> (function)</h3>
-<p>Finish encrypting or decrypting a message in a cipher operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish">psa_cipher_finish</a>(<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
- uint8_t * output,
- size_t output_size,
- size_t * output_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active cipher operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
-<dd>Buffer where the output is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>A sufficient output size is <a class="reference internal" href="#c.PSA_CIPHER_FINISH_OUTPUT_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of key and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that were used to set up the operation.</li>
-<li><a class="reference internal" href="#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported cipher algorithm.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned output.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*output_length)</span></code> bytes of <code class="docutils literal"><span class="pre">output</span></code> contain the final output.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active, with an IV set if required for the algorithm.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">output</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_CIPHER_FINISH_OUTPUT_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_PADDING" title="PSA_ERROR_INVALID_PADDING"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code></a></dt>
-<dd>This is a decryption operation for an algorithm that includes padding, and the ciphertext does not contain valid padding.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd>The total input size passed to this operation is not valid for this particular algorithm. For example, the algorithm is a based on block cipher and requires a whole number of blocks, but the total input size is not a multiple of the block size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The application must call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a> before calling this function. The choice of setup function determines whether this function encrypts or decrypts its input.</p>
-<p>This function finishes the encryption or decryption of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a>.</p>
-<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>.</p>
-</div>
-<div class="section" id="psa_cipher_abort">
-<span id="c.psa_cipher_abort"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_abort</span></code> (function)</h3>
-<p>Abort a cipher operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort">psa_cipher_abort</a>(<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Initialized cipher operation.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The operation object can now be discarded or reused.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>Aborting an operation frees all associated resources except for the <code class="docutils literal"><span class="pre">operation</span></code> object itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a> again.</p>
-<p>This function can be called any time after the operation object has been initialized as described in <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a>.</p>
-<p>In particular, calling <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a> after the operation has been terminated by a call to <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a> is safe and has no effect.</p>
-</div>
-</div>
-<div class="section" id="support-macros">
-<h2>10.4.4. Support macros</h2>
-<div class="section" id="PSA_ALG_IS_STREAM_CIPHER">
-<span id="c.PSA_ALG_IS_STREAM_CIPHER"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_STREAM_CIPHER</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a stream cipher.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_STREAM_CIPHER" title="PSA_ALG_IS_STREAM_CIPHER">PSA_ALG_IS_STREAM_CIPHER</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a stream cipher algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier or if it is not a symmetric cipher algorithm.</p>
-<p class="rubric">Description</p>
-<p>A stream cipher is a symmetric cipher that encrypts or decrypts messages by applying a bitwise-xor with a stream of bytes that is generated from a key.</p>
-</div>
-<div class="section" id="PSA_CIPHER_ENCRYPT_OUTPUT_SIZE">
-<span id="c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</h3>
-<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a>, in bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_SIZE">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE</a>(key_type, alg, input_length) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A cipher algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the input in bytes.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and cipher algorithm that it recognizes, but does not support.</p>
-<p class="rubric">Description</p>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a> will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the output might be smaller.</p>
-<p>See also <a class="reference internal" href="#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE">
-<span id="c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a>, for any of the supported key types and cipher algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</a>(input_length) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the input in bytes.</dd>
-</dl>
-<p class="rubric">Description</p>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_CIPHER_DECRYPT_OUTPUT_SIZE">
-<span id="c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_SIZE</span></code> (macro)</h3>
-<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a>, in bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_SIZE">PSA_CIPHER_DECRYPT_OUTPUT_SIZE</a>(key_type, alg, input_length) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A cipher algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the input in bytes.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and cipher algorithm that it recognizes, but does not support.</p>
-<p class="rubric">Description</p>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a> will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the output might be smaller.</p>
-<p>See also <a class="reference internal" href="#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE">
-<span id="c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a>, for any of the supported key types and cipher algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE</a>(input_length) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the input in bytes.</dd>
-</dl>
-<p class="rubric">Description</p>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_CIPHER_IV_LENGTH">
-<span id="c.PSA_CIPHER_IV_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code> (macro)</h3>
-<p>The default IV size for a cipher algorithm, in bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH">PSA_CIPHER_IV_LENGTH</a>(key_type, alg) <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A cipher algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The default IV size for the specified key type and algorithm.
-If the algorithm does not use an IV, return <code class="docutils literal"><span class="pre">0</span></code>.
-If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>.
-An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and cipher algorithm that it recognizes, but does not support.</p>
-<p class="rubric">Description</p>
-<p>The IV that is generated as part of a call to <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a> is always the default IV length for the algorithm.</p>
-<p>This macro can be used to allocate a buffer of sufficient size to store the IV output from <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> when using a multi-part cipher operation.</p>
-<p>See also <a class="reference internal" href="#c.PSA_CIPHER_IV_MAX_SIZE" title="PSA_CIPHER_IV_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_IV_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_CIPHER_IV_MAX_SIZE">
-<span id="c.PSA_CIPHER_IV_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient buffer size for storing the IV generated by <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a>, for any of the supported key types and cipher algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_CIPHER_IV_MAX_SIZE" title="PSA_CIPHER_IV_MAX_SIZE">PSA_CIPHER_IV_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>If the size of the IV buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_CIPHER_UPDATE_OUTPUT_SIZE">
-<span id="c.PSA_CIPHER_UPDATE_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_SIZE</span></code> (macro)</h3>
-<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a>, in bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_SIZE">PSA_CIPHER_UPDATE_OUTPUT_SIZE</a>(key_type, alg, input_length) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A cipher algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the input in bytes.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and cipher algorithm that it recognizes, but does not support.</p>
-<p class="rubric">Description</p>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a> will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.</p>
-<p>See also <a class="reference internal" href="#c.PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE">
-<span id="c.PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a>, for any of the supported key types and cipher algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE</a>(input_length) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the input in bytes.</dd>
-</dl>
-<p class="rubric">Description</p>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_CIPHER_FINISH_OUTPUT_SIZE">
-<span id="c.PSA_CIPHER_FINISH_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_SIZE</span></code> (macro)</h3>
-<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_CIPHER_FINISH_OUTPUT_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_SIZE">PSA_CIPHER_FINISH_OUTPUT_SIZE</a>(key_type, alg) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A cipher algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and cipher algorithm that it recognizes, but does not support.</p>
-<p class="rubric">Description</p>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a> will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.</p>
-<p>See also <a class="reference internal" href="#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE">
-<span id="c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a>, for any of the supported key types and cipher algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_CIPHER_FINISH_OUTPUT_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_BLOCK_CIPHER_BLOCK_LENGTH">
-<span id="c.PSA_BLOCK_CIPHER_BLOCK_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH</span></code> (macro)</h3>
-<p>The block size of a block cipher.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH">PSA_BLOCK_CIPHER_BLOCK_LENGTH</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A cipher key type: a value of type <a class="reference internal" href="../keys/types.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The block size for a block cipher, or <code class="docutils literal"><span class="pre">1</span></code> for a stream cipher. The return value is undefined if <code class="docutils literal"><span class="pre">type</span></code> is not a supported cipher key type.</p>
-<p class="rubric">Description</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">It is possible to build stream cipher algorithms on top of a block cipher, for example CTR mode (<a class="reference internal" href="#c.PSA_ALG_CTR" title="PSA_ALG_CTR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CTR</span></code></a>). This macro only takes the key type into account, so it cannot be used to determine the size of the data that <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a> might buffer for future processing in general.</p>
-</div>
-<p>See also <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE" title="PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE">
-<span id="c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE</span></code> (macro)</h3>
-<p>The maximum block size of a block cipher supported by the implementation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE" title="PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE">PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>See also <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH()</span></code></a>.</p>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
-<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests (Hashes)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
-<li class="toctree-l2 current"><a class="current reference internal" href="#">10.4. Unauthenticated ciphers</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#cipher-algorithms">10.4.1. Cipher algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#single-part-cipher-functions">10.4.2. Single-part cipher functions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#multi-part-cipher-operations">10.4.3. Multi-part cipher operations</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#support-macros">10.4.4. Support macros</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
-<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
-<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
-<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
-</ul>
-</li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/ops/ciphers.html'" />
diff --git a/docs/1.1.0/html/api/ops/hashes.html b/docs/1.1.0/html/api/ops/hashes.html
index 40d8bb7..d624f48 100644
--- a/docs/1.1.0/html/api/ops/hashes.html
+++ b/docs/1.1.0/html/api/ops/hashes.html
@@ -1,1122 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>10.2. Message digests (Hashes) — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="10.3. Message authentication codes (MAC)" href="macs.html" />
- <link rel="prev" title="10.1. Algorithms" href="algorithms.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="message-digests-hashes">
-<span id="hashes"></span><h1>10.2. Message digests (Hashes)</h1>
-<p>The single-part hash functions are:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.psa_hash_compute" title="psa_hash_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compute()</span></code></a> to calculate the hash of a message.</li>
-<li><a class="reference internal" href="#c.psa_hash_compare" title="psa_hash_compare"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compare()</span></code></a> to compare the hash of a message with a reference value.</li>
-</ul>
-<p>The <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a> <a class="reference internal" href="../../overview/functionality.html#multi-part-operations"><span class="std std-ref">multi-part operation</span></a> allows messages to be processed in fragments. A multi-part hash operation is used as follows:</p>
-<ol class="arabic simple">
-<li>Initialize the <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a> object to zero, or by assigning the value of the associated macro <a class="reference internal" href="#c.PSA_HASH_OPERATION_INIT" title="PSA_HASH_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_OPERATION_INIT</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> to specify the required hash algorithm, call <a class="reference internal" href="#c.psa_hash_clone" title="psa_hash_clone"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_clone()</span></code></a> to duplicate the state of <em>active</em> <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a> object, or call <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a> to restart a hash operation with the output from a previously suspended hash operation.</li>
-<li>Call the <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a> function on successive chunks of the message.</li>
-<li>At the end of the message, call the required finishing function:<ul>
-<li>To suspend the hash operation and extract a hash suspend state, call <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>. The output state can subsequently be used to resume the hash operation.</li>
-<li>To calculate the digest of a message, call <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a>.</li>
-<li>To verify the digest of a message against a reference value, call <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a>.</li>
-</ul>
-</li>
-</ol>
-<p>To abort the operation or recover from an error, call <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>.</p>
-<div class="section" id="hash-algorithms">
-<span id="id1"></span><h2>10.2.1. Hash algorithms</h2>
-<div class="section" id="PSA_ALG_MD2">
-<span id="c.PSA_ALG_MD2"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_MD2</span></code> (macro)</h3>
-<p>The MD2 message-digest algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_MD2" title="PSA_ALG_MD2">PSA_ALG_MD2</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000001)
-</pre>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">The MD2 hash is weak and deprecated and is only recommended for use in legacy protocols.</p>
-</div>
-<p>MD2 is defined in <span><em>The MD2 Message-Digest Algorithm</em> <a class="reference internal" href="../../about.html#citation-rfc1319"><span class="cite">[RFC1319]</span></a></span>.</p>
-</div>
-<div class="section" id="PSA_ALG_MD4">
-<span id="c.PSA_ALG_MD4"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_MD4</span></code> (macro)</h3>
-<p>The MD4 message-digest algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_MD4" title="PSA_ALG_MD4">PSA_ALG_MD4</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000002)
-</pre>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">The MD4 hash is weak and deprecated and is only recommended for use in legacy protocols.</p>
-</div>
-<p>MD4 is defined in <span><em>The MD4 Message-Digest Algorithm</em> <a class="reference internal" href="../../about.html#citation-rfc1320"><span class="cite">[RFC1320]</span></a></span>.</p>
-</div>
-<div class="section" id="PSA_ALG_MD5">
-<span id="c.PSA_ALG_MD5"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_MD5</span></code> (macro)</h3>
-<p>The MD5 message-digest algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_MD5" title="PSA_ALG_MD5">PSA_ALG_MD5</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000003)
-</pre>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">The MD5 hash is weak and deprecated and is only recommended for use in legacy protocols.</p>
-</div>
-<p>MD5 is defined in <span><em>The MD5 Message-Digest Algorithm</em> <a class="reference internal" href="../../about.html#citation-rfc1321"><span class="cite">[RFC1321]</span></a></span>.</p>
-</div>
-<div class="section" id="PSA_ALG_RIPEMD160">
-<span id="c.PSA_ALG_RIPEMD160"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RIPEMD160</span></code> (macro)</h3>
-<p>The RIPEMD-160 message-digest algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160">PSA_ALG_RIPEMD160</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000004)
-</pre>
-<p>RIPEMD-160 is defined in <span><em>RIPEMD-160: A Strengthened Version of RIPEMD</em> <a class="reference internal" href="../../about.html#citation-ripemd"><span class="cite">[RIPEMD]</span></a></span>, and also in <span><em>ISO/IEC 10118-3:2018 IT Security techniques — Hash-functions — Part 3: Dedicated hash-functions</em> <a class="reference internal" href="../../about.html#citation-iso10118"><span class="cite">[ISO10118]</span></a></span>.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA_1">
-<span id="c.PSA_ALG_SHA_1"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_1</span></code> (macro)</h3>
-<p>The SHA-1 message-digest algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1">PSA_ALG_SHA_1</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000005)
-</pre>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">The SHA-1 hash is weak and deprecated and is only recommended for use in legacy protocols.</p>
-</div>
-<p>SHA-1 is defined in <span><em>FIPS Publication 180-4: Secure Hash Standard (SHS)</em> <a class="reference internal" href="../../about.html#citation-fips180-4"><span class="cite">[FIPS180-4]</span></a></span>.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA_224">
-<span id="c.PSA_ALG_SHA_224"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_224</span></code> (macro)</h3>
-<p>The SHA-224 message-digest algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224">PSA_ALG_SHA_224</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000008)
-</pre>
-<p>SHA-224 is defined in <a class="reference internal" href="../../about.html#citation-fips180-4"><span class="cite">[FIPS180-4]</span></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA_256">
-<span id="c.PSA_ALG_SHA_256"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code> (macro)</h3>
-<p>The SHA-256 message-digest algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256">PSA_ALG_SHA_256</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000009)
-</pre>
-<p>SHA-256 is defined in <a class="reference internal" href="../../about.html#citation-fips180-4"><span class="cite">[FIPS180-4]</span></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA_384">
-<span id="c.PSA_ALG_SHA_384"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_384</span></code> (macro)</h3>
-<p>The SHA-384 message-digest algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384">PSA_ALG_SHA_384</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000a)
-</pre>
-<p>SHA-384 is defined in <a class="reference internal" href="../../about.html#citation-fips180-4"><span class="cite">[FIPS180-4]</span></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA_512">
-<span id="c.PSA_ALG_SHA_512"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512</span></code> (macro)</h3>
-<p>The SHA-512 message-digest algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512">PSA_ALG_SHA_512</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000b)
-</pre>
-<p>SHA-512 is defined in <a class="reference internal" href="../../about.html#citation-fips180-4"><span class="cite">[FIPS180-4]</span></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA_512_224">
-<span id="c.PSA_ALG_SHA_512_224"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_224</span></code> (macro)</h3>
-<p>The SHA-512/224 message-digest algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA_512_224" title="PSA_ALG_SHA_512_224">PSA_ALG_SHA_512_224</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000c)
-</pre>
-<p>SHA-512/224 is defined in <a class="reference internal" href="../../about.html#citation-fips180-4"><span class="cite">[FIPS180-4]</span></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA_512_256">
-<span id="c.PSA_ALG_SHA_512_256"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_256</span></code> (macro)</h3>
-<p>The SHA-512/256 message-digest algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256">PSA_ALG_SHA_512_256</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000d)
-</pre>
-<p>SHA-512/256 is defined in <a class="reference internal" href="../../about.html#citation-fips180-4"><span class="cite">[FIPS180-4]</span></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA3_224">
-<span id="c.PSA_ALG_SHA3_224"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_224</span></code> (macro)</h3>
-<p>The SHA3-224 message-digest algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA3_224" title="PSA_ALG_SHA3_224">PSA_ALG_SHA3_224</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000010)
-</pre>
-<p>SHA3-224 is defined in <span><em>FIPS Publication 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</em> <a class="reference internal" href="../../about.html#citation-fips202"><span class="cite">[FIPS202]</span></a></span>.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA3_256">
-<span id="c.PSA_ALG_SHA3_256"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_256</span></code> (macro)</h3>
-<p>The SHA3-256 message-digest algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA3_256" title="PSA_ALG_SHA3_256">PSA_ALG_SHA3_256</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000011)
-</pre>
-<p>SHA3-256 is defined in <a class="reference internal" href="../../about.html#citation-fips202"><span class="cite">[FIPS202]</span></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA3_384">
-<span id="c.PSA_ALG_SHA3_384"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_384</span></code> (macro)</h3>
-<p>The SHA3-384 message-digest algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA3_384" title="PSA_ALG_SHA3_384">PSA_ALG_SHA3_384</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000012)
-</pre>
-<p>SHA3-384 is defined in <a class="reference internal" href="../../about.html#citation-fips202"><span class="cite">[FIPS202]</span></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA3_512">
-<span id="c.PSA_ALG_SHA3_512"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_512</span></code> (macro)</h3>
-<p>The SHA3-512 message-digest algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA3_512" title="PSA_ALG_SHA3_512">PSA_ALG_SHA3_512</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000013)
-</pre>
-<p>SHA3-512 is defined in <a class="reference internal" href="../../about.html#citation-fips202"><span class="cite">[FIPS202]</span></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_SHAKE256_512">
-<span id="c.PSA_ALG_SHAKE256_512"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHAKE256_512</span></code> (macro)</h3>
-<p>The first 512 bits (64 bytes) of the SHAKE256 output.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHAKE256_512" title="PSA_ALG_SHAKE256_512">PSA_ALG_SHAKE256_512</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000015)
-</pre>
-<p>This is the prehashing for Ed448ph (see <a class="reference internal" href="sign.html#c.PSA_ALG_ED448PH" title="PSA_ALG_ED448PH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ED448PH</span></code></a>).</p>
-<p>SHAKE256 is defined in <a class="reference internal" href="../../about.html#citation-fips202"><span class="cite">[FIPS202]</span></a>.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">For other scenarios where a hash function based on SHA3 or SHAKE is required, SHA3-512 is recommended. SHA3-512 has the same output size, and a theoretically higher security strength.</p>
-</div>
-</div>
-<div class="section" id="PSA_ALG_SM3">
-<span id="c.PSA_ALG_SM3"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SM3</span></code> (macro)</h3>
-<p>The SM3 message-digest algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SM3" title="PSA_ALG_SM3">PSA_ALG_SM3</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000014)
-</pre>
-<p>SM3 is defined in <span><em>ISO/IEC 10118-3:2018 IT Security techniques — Hash-functions — Part 3: Dedicated hash-functions</em> <a class="reference internal" href="../../about.html#citation-iso10118"><span class="cite">[ISO10118]</span></a></span>, and also in <span><em>GM/T 0004-2012: SM3 cryptographic hash algorithm</em> <a class="reference internal" href="../../about.html#citation-cstc0004"><span class="cite">[CSTC0004]</span></a></span> (English version <a class="reference internal" href="../../about.html#citation-cstc0004-e"><span class="cite">[CSTC0004/E]</span></a>).</p>
-</div>
-</div>
-<div class="section" id="single-part-hashing-functions">
-<h2>10.2.2. Single-part hashing functions</h2>
-<div class="section" id="psa_hash_compute">
-<span id="c.psa_hash_compute"></span><h3><code class="docutils literal"><span class="pre">psa_hash_compute</span></code> (function)</h3>
-<p>Calculate the hash (digest) of a message.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_compute" title="psa_hash_compute">psa_hash_compute</a>(<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- const uint8_t * input,
- size_t input_length,
- uint8_t * hash,
- size_t hash_size,
- size_t * hash_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The hash algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the message to hash.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash</span></code></dt>
-<dd>Buffer where the hash is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash_size</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer in bytes.
-This must be at least <a class="reference internal" href="#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code>.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash_length</span></code></dt>
-<dd>On success, the number of bytes that make up the hash value. This is always <a class="reference internal" href="#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code>.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*hash_length)</span></code> bytes of <code class="docutils literal"><span class="pre">hash</span></code> contain the hash value.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer is too small.
-<a class="reference internal" href="#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_LENGTH()</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not a hash algorithm.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> is too large for <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a hash algorithm.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> is too large for the implementation.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">To verify the hash of a message against an expected value, use <a class="reference internal" href="#c.psa_hash_compare" title="psa_hash_compare"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compare()</span></code></a> instead.</p>
-</div>
-</div>
-<div class="section" id="psa_hash_compare">
-<span id="c.psa_hash_compare"></span><h3><code class="docutils literal"><span class="pre">psa_hash_compare</span></code> (function)</h3>
-<p>Calculate the hash (digest) of a message and compare it with a reference value.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_compare" title="psa_hash_compare">psa_hash_compare</a>(<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- const uint8_t * input,
- size_t input_length,
- const uint8_t * hash,
- size_t hash_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The hash algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the message to hash.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash</span></code></dt>
-<dd>Buffer containing the expected hash value.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer in bytes.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The expected hash is identical to the actual hash of the input.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
-<dd>The calculated hash of the message does not match the value in <code class="docutils literal"><span class="pre">hash</span></code>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not a hash algorithm.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> is too large for <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a hash algorithm.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> is too large for the implementation.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-</div>
-</div>
-<div class="section" id="multi-part-hashing-operations">
-<span id="hash-mp"></span><h2>10.2.3. Multi-part hashing operations</h2>
-<div class="section" id="psa_hash_operation_t">
-<span id="c.psa_hash_operation_t"></span><h3><code class="docutils literal"><span class="pre">psa_hash_operation_t</span></code> (type)</h3>
-<p>The type of the state object for multi-part hash operations.</p>
-<pre class="literal-block">
-typedef <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a>;
-</pre>
-<p>Before calling any function on a hash operation object, the application must initialize it by any of the following means:</p>
-<ul>
-<li><p class="first">Set the object to all-bits-zero, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> operation;
-memset(&operation, 0, sizeof(operation));
-</pre>
-</li>
-<li><p class="first">Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:</p>
-<pre class="literal-block">
-static <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> operation;
-</pre>
-</li>
-<li><p class="first">Initialize the object to the initializer <a class="reference internal" href="#c.PSA_HASH_OPERATION_INIT" title="PSA_HASH_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_OPERATION_INIT</span></code></a>, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> operation = <a class="reference internal" href="#c.PSA_HASH_OPERATION_INIT" title="PSA_HASH_OPERATION_INIT">PSA_HASH_OPERATION_INIT</a>;
-</pre>
-</li>
-<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_hash_operation_init" title="psa_hash_operation_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_operation_init()</span></code></a> to the object, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> operation;
-operation = <a class="reference internal" href="#c.psa_hash_operation_init" title="psa_hash_operation_init">psa_hash_operation_init</a>();
-</pre>
-</li>
-</ul>
-<p>This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.</p>
-</div>
-<div class="section" id="PSA_HASH_OPERATION_INIT">
-<span id="c.PSA_HASH_OPERATION_INIT"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_OPERATION_INIT</span></code> (macro)</h3>
-<p>This macro returns a suitable initializer for a hash operation object of type <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_HASH_OPERATION_INIT" title="PSA_HASH_OPERATION_INIT">PSA_HASH_OPERATION_INIT</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-</div>
-<div class="section" id="psa_hash_operation_init">
-<span id="c.psa_hash_operation_init"></span><h3><code class="docutils literal"><span class="pre">psa_hash_operation_init</span></code> (function)</h3>
-<p>Return an initial value for a hash operation object.</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> <a class="reference internal" href="#c.psa_hash_operation_init" title="psa_hash_operation_init">psa_hash_operation_init</a>(void);
-</pre>
-<p class="rubric">Returns: <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="docutils literal"><span class="pre">psa_hash_operation_t</span></code></a></p>
-</div>
-<div class="section" id="psa_hash_setup">
-<span id="c.psa_hash_setup"></span><h3><code class="docutils literal"><span class="pre">psa_hash_setup</span></code> (function)</h3>
-<p>Set up a multi-part hash operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup">psa_hash_setup</a>(<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a> and not yet in use.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The hash algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be inactive.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">alg</span></code> is not a hash algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a hash algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The sequence of operations to calculate a hash (message digest) is as follows:</p>
-<ol class="arabic simple">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a>, e.g. <a class="reference internal" href="#c.PSA_HASH_OPERATION_INIT" title="PSA_HASH_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_OPERATION_INIT</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> to specify the algorithm.</li>
-<li>Call <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a> zero, one or more times, passing a fragment of the message each time. The hash that is calculated is the hash of the concatenation of these messages in order.</li>
-<li>To calculate the hash, call <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a>. To compare the hash with an expected value, call <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a>. To suspend the hash operation and extract the current state, call <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</li>
-</ol>
-<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>. The application can call <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
-<ul class="simple">
-<li>A successful call to <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a> or <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a> or <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</li>
-<li>A call to <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>.</li>
-</ul>
-</div>
-<div class="section" id="psa_hash_update">
-<span id="c.psa_hash_update"></span><h3><code class="docutils literal"><span class="pre">psa_hash_update</span></code> (function)</h3>
-<p>Add a message fragment to a multi-part hash operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update">psa_hash_update</a>(<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
- const uint8_t * input,
- size_t input_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active hash operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the message fragment to hash.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd>The total input for the operation is too large for the hash algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd>The total input for the operation is too large for the implementation.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The application must call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> or <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a> before calling this function.</p>
-<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>.</p>
-</div>
-<div class="section" id="psa_hash_finish">
-<span id="c.psa_hash_finish"></span><h3><code class="docutils literal"><span class="pre">psa_hash_finish</span></code> (function)</h3>
-<p>Finish the calculation of the hash of a message.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish">psa_hash_finish</a>(<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
- uint8_t * hash,
- size_t hash_size,
- size_t * hash_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active hash operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash</span></code></dt>
-<dd>Buffer where the hash is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash_size</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that the operation performs.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash_length</span></code></dt>
-<dd>On success, the number of bytes that make up the hash value. This is always <a class="reference internal" href="#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">alg</span></code> is the hash algorithm that the operation performs.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*hash_length)</span></code> bytes of <code class="docutils literal"><span class="pre">hash</span></code> contain the hash value.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer is too small.
-<a class="reference internal" href="#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_LENGTH()</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The application must call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> or <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a> before calling this function. This function calculates the hash of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a>.</p>
-<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p>It is not recommended to use this function when a specific value is expected for the hash. Call <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a> instead with the expected hash value.</p>
-<p class="last">Comparing integrity or authenticity data such as hash values with a function such as <code class="docutils literal"><span class="pre">memcmp()</span></code> is risky because the time taken by the comparison might leak information about the hashed data which could allow an attacker to guess a valid hash and thereby bypass security controls.</p>
-</div>
-</div>
-<div class="section" id="psa_hash_verify">
-<span id="c.psa_hash_verify"></span><h3><code class="docutils literal"><span class="pre">psa_hash_verify</span></code> (function)</h3>
-<p>Finish the calculation of the hash of a message and compare it with an expected value.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify">psa_hash_verify</a>(<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
- const uint8_t * hash,
- size_t hash_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active hash operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash</span></code></dt>
-<dd>Buffer containing the expected hash value.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer in bytes.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The expected hash is identical to the actual hash of the message.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
-<dd>The calculated hash of the message does not match the value in <code class="docutils literal"><span class="pre">hash</span></code>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The application must call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> before calling this function. This function calculates the hash of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a>. It then compares the calculated hash with the expected hash passed as a parameter to this function.</p>
-<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">Implementations must make the best effort to ensure that the comparison between the actual hash and the expected hash is performed in constant time.</p>
-</div>
-</div>
-<div class="section" id="psa_hash_abort">
-<span id="c.psa_hash_abort"></span><h3><code class="docutils literal"><span class="pre">psa_hash_abort</span></code> (function)</h3>
-<p>Abort a hash operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort">psa_hash_abort</a>(<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Initialized hash operation.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The operation object can now be discarded or reused.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>Aborting an operation frees all associated resources except for the <code class="docutils literal"><span class="pre">operation</span></code> object itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> again.</p>
-<p>This function can be called any time after the operation object has been initialized by one of the methods described in <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a>.</p>
-<p>In particular, calling <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a> after the operation has been terminated by a call to <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>, <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a> or <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a> is safe and has no effect.</p>
-</div>
-<div class="section" id="psa_hash_suspend">
-<span id="c.psa_hash_suspend"></span><h3><code class="docutils literal"><span class="pre">psa_hash_suspend</span></code> (function)</h3>
-<p>Halt the hash operation and extract the intermediate state of the hash computation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend">psa_hash_suspend</a>(<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
- uint8_t * hash_state,
- size_t hash_state_size,
- size_t * hash_state_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active hash operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash_state</span></code></dt>
-<dd>Buffer where the hash suspend state is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash_state_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">hash_state</span></code> buffer in bytes.
-This must be appropriate for the selected algorithm:</p>
-<ul class="last simple">
-<li>A sufficient output size is <a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that was used to set up the operation.</li>
-<li><a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported hash algorithm.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">hash_state_length</span></code></dt>
-<dd>On success, the number of bytes that make up the hash suspend state.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*hash_state_length)</span></code> bytes of <code class="docutils literal"><span class="pre">hash_state</span></code> contain the intermediate hash state.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">hash_state</span></code> buffer is too small.
-<a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd>The hash algorithm being computed does not support suspend and resume.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The application must call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> or <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a> before calling this function. This function extracts an intermediate state of the hash computation of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a>.</p>
-<p>This function can be used to halt a hash operation, and then resume the hash operation at a later time, or in another application, by transferring the extracted hash suspend state to a call to <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a>.</p>
-<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>.</p>
-<p>Hash suspend and resume is not defined for the SHA3 family of hash algorithms. <a class="reference internal" href="#hash-suspend-state"><span class="secref">Hash suspend state</span></a> defines the format of the output from <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">Applications must not use any of the hash suspend state as if it was a hash output. Instead, the suspend state must only be used to resume a hash operation, and <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a> or <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a> can then calculate or verify the final hash value.</p>
-</div>
-<p class="rubric">Usage</p>
-<p>The sequence of operations to suspend and resume a hash operation is as follows:</p>
-<ol class="arabic simple">
-<li>Compute the first part of the hash.<ol class="loweralpha">
-<li>Allocate an operation object and initialize it as described in the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> to specify the algorithm.</li>
-<li>Call <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a> zero, one or more times, passing a fragment of the message each time.</li>
-<li>Call <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a> to extract the hash suspend state into a buffer.</li>
-</ol>
-</li>
-<li>Pass the hash state buffer to the application which will resume the operation.</li>
-<li>Compute the rest of the hash.<ol class="loweralpha">
-<li>Allocate an operation object and initialize it as described in the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a> with the extracted hash state.</li>
-<li>Call <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a> zero, one or more times, passing a fragment of the message each time.</li>
-<li>To calculate the hash, call <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a>. To compare the hash with an expected value, call <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a>.</li>
-</ol>
-</li>
-</ol>
-<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> or <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>. The application can call <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a> at any time after the operation has been initialized.</p>
-</div>
-<div class="section" id="psa_hash_resume">
-<span id="c.psa_hash_resume"></span><h3><code class="docutils literal"><span class="pre">psa_hash_resume</span></code> (function)</h3>
-<p>Set up a multi-part hash operation using the hash suspend state from a previously suspended hash operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume">psa_hash_resume</a>(<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
- const uint8_t * hash_state,
- size_t hash_state_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a> and not yet in use.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash_state</span></code></dt>
-<dd>A buffer containing the suspended hash state which is to be resumed. This must be in the format output by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>, which is described in <a class="reference internal" href="#hash-suspend-state-format"><span class="secref">Hash suspend state format</span></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash_state_length</span></code></dt>
-<dd>Length of <code class="docutils literal"><span class="pre">hash_state</span></code> in bytes.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be inactive.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">hash_state</span></code> does not correspond to a valid hash suspend state. See <a class="reference internal" href="#hash-suspend-state-format"><span class="secref">Hash suspend state format</span></a> for the definition.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd>The provided hash suspend state is for an algorithm that is not supported.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>See <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a> for an example of how to use this function to suspend and resume a hash operation.</p>
-<p>After a successful call to <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
-<ul class="simple">
-<li>A successful call to <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a>, <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a> or <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</li>
-<li>A call to <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>.</li>
-</ul>
-</div>
-<div class="section" id="psa_hash_clone">
-<span id="c.psa_hash_clone"></span><h3><code class="docutils literal"><span class="pre">psa_hash_clone</span></code> (function)</h3>
-<p>Clone a hash operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_clone" title="psa_hash_clone">psa_hash_clone</a>(const <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * source_operation,
- <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * target_operation);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">source_operation</span></code></dt>
-<dd>The active hash operation to clone.</dd>
-<dt> <code class="docutils literal"><span class="pre">target_operation</span></code></dt>
-<dd>The operation object to set up. It must be initialized but not active.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-<code class="docutils literal"><span class="pre">target_operation</span></code> is ready to continue the same hash operation as <code class="docutils literal"><span class="pre">source_operation</span></code>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The <code class="docutils literal"><span class="pre">source_operation</span></code> state is not valid: it must be active.</li>
-<li>The <code class="docutils literal"><span class="pre">target_operation</span></code> state is not valid: it must be inactive.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This function copies the state of an ongoing hash operation to a new operation object. In other words, this function is equivalent to calling <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> on <code class="docutils literal"><span class="pre">target_operation</span></code> with the same algorithm that <code class="docutils literal"><span class="pre">source_operation</span></code> was set up for, then <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a> on <code class="docutils literal"><span class="pre">target_operation</span></code> with the same input that that was passed to <code class="docutils literal"><span class="pre">source_operation</span></code>. After this function returns, the two objects are independent, i.e. subsequent calls involving one of the objects do not affect the other object.</p>
-</div>
-</div>
-<div class="section" id="support-macros">
-<h2>10.2.4. Support macros</h2>
-<div class="section" id="PSA_HASH_LENGTH">
-<span id="c.PSA_HASH_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code> (macro)</h3>
-<p>The size of the output of <a class="reference internal" href="#c.psa_hash_compute" title="psa_hash_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compute()</span></code></a> and <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a>, in bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH">PSA_HASH_LENGTH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A hash algorithm or an HMAC algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">||</span> </code><a class="reference internal" href="macs.html#c.PSA_ALG_IS_HMAC" title="PSA_ALG_IS_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HMAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">))</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The hash length for the specified hash algorithm. If the hash algorithm is not recognized, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or the correct size for a hash algorithm that it recognizes, but does not support.</p>
-<p class="rubric">Description</p>
-<p>This is also the hash length that <a class="reference internal" href="#c.psa_hash_compare" title="psa_hash_compare"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compare()</span></code></a> and <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a> expect.</p>
-<p>See also <a class="reference internal" href="#c.PSA_HASH_MAX_SIZE" title="PSA_HASH_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_HASH_MAX_SIZE">
-<span id="c.PSA_HASH_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_MAX_SIZE</span></code> (macro)</h3>
-<p>Maximum size of a hash.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_HASH_MAX_SIZE" title="PSA_HASH_MAX_SIZE">PSA_HASH_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>It is recommended that this value is the maximum size of a hash supported by the implementation, in bytes. The value must not be smaller than this maximum.</p>
-<p>See also <a class="reference internal" href="#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_LENGTH()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_HASH_SUSPEND_OUTPUT_SIZE">
-<span id="c.PSA_HASH_SUSPEND_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE</span></code> (macro)</h3>
-<p>A sufficient hash suspend state buffer size for <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>, in bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE">PSA_HASH_SUSPEND_OUTPUT_SIZE</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A hash algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>A sufficient output size for the algorithm. If the hash algorithm is not recognized, or is not supported by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a hash algorithm that it recognizes, but does not support.</p>
-<p>For a supported hash algorithm <code class="docutils literal"><span class="pre">alg</span></code>, the following expression is true:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE">PSA_HASH_SUSPEND_OUTPUT_SIZE</a>(alg) == <a class="reference internal" href="#c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH" title="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</a> +
- <a class="reference internal" href="#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</a>(alg) +
- <a class="reference internal" href="#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</a>(alg) +
- <a class="reference internal" href="#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH">PSA_HASH_BLOCK_LENGTH</a>(alg) - 1
-</pre>
-<p class="rubric">Description</p>
-<p>If the size of the hash state buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a> will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.</p>
-<p>See also <a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE">
-<span id="c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient hash suspend state buffer size for <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>, for any supported hash algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>If the size of the hash state buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH">
-<span id="c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</span></code> (macro)</h3>
-<p>The size of the <em>algorithm</em> field that is part of the output of <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>, in bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH" title="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</a> ((size_t)4)
-</pre>
-<p>Applications can use this value to unpack the hash suspend state that is output by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH">
-<span id="c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</span></code> (macro)</h3>
-<p>The size of the <em>input-length</em> field that is part of the output of <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>, in bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</a>(alg) \
- <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A hash algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The size, in bytes, of the <em>input-length</em> field of the hash suspend state for the specified hash algorithm. If the hash algorithm is not recognized, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or the correct size for a hash algorithm that it recognizes, but does not support.</p>
-<p>The algorithm-specific values are defined in <a class="reference internal" href="#hash-suspend-state-constants"><span class="secref">Hash suspend state field sizes</span></a>.</p>
-<p class="rubric">Description</p>
-<p>Applications can use this value to unpack the hash suspend state that is output by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH">
-<span id="c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</span></code> (macro)</h3>
-<p>The size of the <em>hash-state</em> field that is part of the output of <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>, in bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</a>(alg) \
- <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A hash algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The size, in bytes, of the <em>hash-state</em> field of the hash suspend state for the specified hash algorithm. If the hash algorithm is not recognized, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or the correct size for a hash algorithm that it recognizes, but does not support.</p>
-<p>The algorithm-specific values are defined in <a class="reference internal" href="#hash-suspend-state-constants"><span class="secref">Hash suspend state field sizes</span></a>.</p>
-<p class="rubric">Description</p>
-<p>Applications can use this value to unpack the hash suspend state that is output by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_HASH_BLOCK_LENGTH">
-<span id="c.PSA_HASH_BLOCK_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code> (macro)</h3>
-<p>The input block size of a hash algorithm, in bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH">PSA_HASH_BLOCK_LENGTH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A hash algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The block size in bytes for the specified hash algorithm. If the hash algorithm is not recognized, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or the correct size for a hash algorithm that it recognizes, but does not support.</p>
-<p class="rubric">Description</p>
-<p>Hash algorithms process their input data in blocks. Hash operations will retain any partial blocks until they have enough input to fill the block or until the operation is finished.</p>
-<p>This affects the output from <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</p>
-</div>
-</div>
-<div class="section" id="hash-suspend-state">
-<span id="id2"></span><h2>10.2.5. Hash suspend state</h2>
-<p>The hash suspend state is output by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a> and input to <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a>.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">Hash suspend and resume is not defined for the SM3 algorithm and the SHA3 family of hash algorithms.</p>
-</div>
-<div class="section" id="hash-suspend-state-format">
-<span id="id3"></span><h3>Hash suspend state format</h3>
-<p>The hash suspend state has the following format:</p>
-<p><em>hash-suspend-state</em> = <em>algorithm</em> || <em>input-length</em> || <em>hash-state</em> || <em>unprocessed-input</em></p>
-<p>The fields in the hash suspend state are defined as follows:</p>
-<dl class="docutils">
-<dt><em>algorithm</em></dt>
-<dd><p class="first">A big-endian 32-bit unsigned integer.</p>
-<p>The PSA Crypto API algorithm identifier value.</p>
-<p class="last">The byte length of the <em>algorithm</em> field can be evaluated using <a class="reference internal" href="#c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH" title="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</span></code></a>.</p>
-</dd>
-<dt><em>input-length</em></dt>
-<dd><p class="first">A big-endian unsigned integer</p>
-<p>The content of this field is algorithm-specific:</p>
-<ul class="simple">
-<li>For MD2, this is the number of bytes in the <em>unprocessed-input</em>.</li>
-<li>For all other hash algorithms, this is the total number of bytes of input to the hash computation. This includes the <em>unprocessed-input</em> bytes.</li>
-</ul>
-<p>The size of this field is algorithm-specific:</p>
-<ul class="simple">
-<li>For MD2: <em>input-length</em> is an 8-bit unsigned integer.</li>
-<li>For MD4, MD5, RIPEMD-160, SHA-1, SHA-224, and SHA-256: <em>input-length</em> is a 64-bit unsigned integer.</li>
-<li>For SHA-512/224, SHA-512/256, SHA-384, and SHA-512: <em>input-length</em> is a 128-bit unsigned integer.</li>
-</ul>
-<p class="last">The length, in bytes, of the <em>input-length</em> field can be calculated using <a class="reference internal" href="#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">alg</span></code> is a hash algorithm.
-See <a class="reference internal" href="#hash-suspend-state-constants"><span class="secref">Hash suspend state field sizes</span></a>.</p>
-</dd>
-<dt><em>hash-state</em></dt>
-<dd><p class="first">An array of bytes</p>
-<p>Algorithm-specific intermediate hash state:</p>
-<ul class="simple">
-<li>For MD2: 16 bytes of internal checksum, then 48 bytes of intermediate digest.</li>
-<li>For MD4 and MD5: 4x 32-bit integers, in little-endian encoding.</li>
-<li>For RIPEMD-160: 5x 32-bit integers, in little-endian encoding.</li>
-<li>For SHA-1: 5x 32-bit integers, in big-endian encoding.</li>
-<li>For SHA-224 and SHA-256: 8x 32-bit integers, in big-endian encoding.</li>
-<li>For SHA-512/224, SHA-512/256, SHA-384, and SHA-512: 8x 64-bit integers, in big-endian encoding.</li>
-</ul>
-<p class="last">The length of this field is specific to the algorithm.
-The length, in bytes, of the <em>hash-state</em> field can be calculated using <a class="reference internal" href="#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">alg</span></code> is a hash algorithm.
-See <a class="reference internal" href="#hash-suspend-state-constants"><span class="secref">Hash suspend state field sizes</span></a>.</p>
-</dd>
-<dt><em>unprocessed-input</em></dt>
-<dd><p class="first">0 to (<em>hash-block-size</em>-1) bytes</p>
-<p>A partial block of unprocessed input data. This is between zero and <em>hash-block-size</em>-1 bytes of data, the length can be calculated by:</p>
-<p><code class="docutils literal"><span class="pre">length(</span></code><em>unprocessed-input</em><code class="docutils literal"><span class="pre">)</span></code> <code class="docutils literal"><span class="pre">=</span></code> <em>input-length</em> <code class="docutils literal"><span class="pre">%</span></code> <em>hash-block-size</em>.</p>
-<p class="last">The <em>hash-block-size</em> is specific to the algorithm.
-The size of a hash block can be calculated using <a class="reference internal" href="#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">alg</span></code> is a hash algorithm.
-See <a class="reference internal" href="#hash-suspend-state-constants"><span class="secref">Hash suspend state field sizes</span></a>.</p>
-</dd>
-</dl>
-</div>
-<div class="section" id="hash-suspend-state-field-sizes">
-<span id="hash-suspend-state-constants"></span><h3>Hash suspend state field sizes</h3>
-<p>The following table defines the algorithm-specific field lengths for the hash suspend state returned by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>. All of the field lengths are in bytes. To compute the field lengths for algorithm <code class="docutils literal"><span class="pre">alg</span></code>, use the following expressions:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH" title="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</span></code></a> returns the length of the <em>algorithm</em> field.</li>
-<li><a class="reference internal" href="#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> returns the length of the <em>input-length</em> field.</li>
-<li><a class="reference internal" href="#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> returns the length of the <em>hash-state</em> field.</li>
-<li><a class="reference internal" href="#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)-1</span></code> is the maximum length of the <em>unprocessed-bytes</em> field.</li>
-<li><a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> returns the maximum size of the hash suspend state.</li>
-</ul>
-<table border="1" class="colwidths-auto docutils align-left">
-<thead valign="bottom">
-<tr class="row-odd"><th class="head">Hash algorithm</th>
-<th class="head"><em>input-length</em> size (bytes)</th>
-<th class="head"><em>hash-state</em> length (bytes)</th>
-<th class="head"><em>unprocessed-bytes</em> length (bytes)</th>
-</tr>
-</thead>
-<tbody valign="top">
-<tr class="row-even"><td><a class="reference internal" href="#c.PSA_ALG_MD2" title="PSA_ALG_MD2"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_MD2</span></code></a></td>
-<td>1</td>
-<td>64</td>
-<td>0 – 15</td>
-</tr>
-<tr class="row-odd"><td><a class="reference internal" href="#c.PSA_ALG_MD4" title="PSA_ALG_MD4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_MD4</span></code></a></td>
-<td>8</td>
-<td>16</td>
-<td>0 – 63</td>
-</tr>
-<tr class="row-even"><td><a class="reference internal" href="#c.PSA_ALG_MD5" title="PSA_ALG_MD5"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_MD5</span></code></a></td>
-<td>8</td>
-<td>16</td>
-<td>0 – 63</td>
-</tr>
-<tr class="row-odd"><td><a class="reference internal" href="#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RIPEMD160</span></code></a></td>
-<td>8</td>
-<td>20</td>
-<td>0 – 63</td>
-</tr>
-<tr class="row-even"><td><a class="reference internal" href="#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_1</span></code></a></td>
-<td>8</td>
-<td>20</td>
-<td>0 – 63</td>
-</tr>
-<tr class="row-odd"><td><a class="reference internal" href="#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_224</span></code></a></td>
-<td>8</td>
-<td>32</td>
-<td>0 – 63</td>
-</tr>
-<tr class="row-even"><td><a class="reference internal" href="#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a></td>
-<td>8</td>
-<td>32</td>
-<td>0 – 63</td>
-</tr>
-<tr class="row-odd"><td><a class="reference internal" href="#c.PSA_ALG_SHA_512_224" title="PSA_ALG_SHA_512_224"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_512_224</span></code></a></td>
-<td>16</td>
-<td>64</td>
-<td>0 – 127</td>
-</tr>
-<tr class="row-even"><td><a class="reference internal" href="#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_512_256</span></code></a></td>
-<td>16</td>
-<td>64</td>
-<td>0 – 127</td>
-</tr>
-<tr class="row-odd"><td><a class="reference internal" href="#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_384</span></code></a></td>
-<td>16</td>
-<td>64</td>
-<td>0 – 127</td>
-</tr>
-<tr class="row-even"><td><a class="reference internal" href="#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_512</span></code></a></td>
-<td>16</td>
-<td>64</td>
-<td>0 – 127</td>
-</tr>
-</tbody>
-</table>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
-<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
-<li class="toctree-l2 current"><a class="current reference internal" href="#">10.2. Message digests (Hashes)</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#hash-algorithms">10.2.1. Hash algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#single-part-hashing-functions">10.2.2. Single-part hashing functions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#multi-part-hashing-operations">10.2.3. Multi-part hashing operations</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#support-macros">10.2.4. Support macros</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#hash-suspend-state">10.2.5. Hash suspend state</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
-<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
-<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
-<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
-<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
-</ul>
-</li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/ops/hashes.html'" />
diff --git a/docs/1.1.0/html/api/ops/index.html b/docs/1.1.0/html/api/ops/index.html
index db4e98a..e1abdb9 100644
--- a/docs/1.1.0/html/api/ops/index.html
+++ b/docs/1.1.0/html/api/ops/index.html
@@ -1,484 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>10. Cryptographic operation reference — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="10.1. Algorithms" href="algorithms.html" />
- <link rel="prev" title="9.6. Key management functions" href="../keys/management.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="cryptographic-operation-reference">
-<span id="crypto-operations"></span><h1>10. Cryptographic operation reference</h1>
-<div class="toctree-wrapper compound">
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="algorithms.html#algorithm-encoding">10.1.1. Algorithm encoding</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_NONE"><code class="docutils literal"><span class="pre">PSA_ALG_NONE</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="algorithms.html#algorithm-categories">10.1.2. Algorithm categories</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_WILDCARD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="hashes.html">10.2. Message digests (Hashes)</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html#hash-algorithms">10.2.1. Hash algorithms</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_MD2"><code class="docutils literal"><span class="pre">PSA_ALG_MD2</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_MD4"><code class="docutils literal"><span class="pre">PSA_ALG_MD4</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_MD5"><code class="docutils literal"><span class="pre">PSA_ALG_MD5</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_RIPEMD160"><code class="docutils literal"><span class="pre">PSA_ALG_RIPEMD160</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA_1"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_1</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA_224"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_224</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA_384"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_384</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA_512"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA_512_224"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_224</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA_512_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_256</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA3_224"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_224</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA3_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_256</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA3_384"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_384</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA3_512"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_512</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHAKE256_512"><code class="docutils literal"><span class="pre">PSA_ALG_SHAKE256_512</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SM3"><code class="docutils literal"><span class="pre">PSA_ALG_SM3</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html#single-part-hashing-functions">10.2.2. Single-part hashing functions</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_compute"><code class="docutils literal"><span class="pre">psa_hash_compute</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_compare"><code class="docutils literal"><span class="pre">psa_hash_compare</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html#multi-part-hashing-operations">10.2.3. Multi-part hashing operations</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_operation_t"><code class="docutils literal"><span class="pre">psa_hash_operation_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_HASH_OPERATION_INIT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_operation_init"><code class="docutils literal"><span class="pre">psa_hash_operation_init</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_setup"><code class="docutils literal"><span class="pre">psa_hash_setup</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_update"><code class="docutils literal"><span class="pre">psa_hash_update</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_finish"><code class="docutils literal"><span class="pre">psa_hash_finish</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_verify"><code class="docutils literal"><span class="pre">psa_hash_verify</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_abort"><code class="docutils literal"><span class="pre">psa_hash_abort</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_suspend"><code class="docutils literal"><span class="pre">psa_hash_suspend</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_resume"><code class="docutils literal"><span class="pre">psa_hash_resume</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_clone"><code class="docutils literal"><span class="pre">psa_hash_clone</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html#support-macros">10.2.4. Support macros</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html#hash-suspend-state">10.2.5. Hash suspend state</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#hash-suspend-state-format">Hash suspend state format</a></li>
-<li class="toctree-l3"><a class="reference internal" href="hashes.html#hash-suspend-state-field-sizes">Hash suspend state field sizes</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="macs.html#mac-algorithms">10.3.1. MAC algorithms</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_HMAC</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_CBC_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_CBC_MAC</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_CMAC"><code class="docutils literal"><span class="pre">PSA_ALG_CMAC</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_TRUNCATED_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_TRUNCATED_MAC</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_FULL_LENGTH_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_FULL_LENGTH_MAC</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_AT_LEAST_THIS_LENGTH_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_AT_LEAST_THIS_LENGTH_MAC</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="macs.html#single-part-mac-functions">10.3.2. Single-part MAC functions</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_compute"><code class="docutils literal"><span class="pre">psa_mac_compute</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_verify"><code class="docutils literal"><span class="pre">psa_mac_verify</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="macs.html#multi-part-mac-operations">10.3.3. Multi-part MAC operations</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_operation_t"><code class="docutils literal"><span class="pre">psa_mac_operation_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_MAC_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_MAC_OPERATION_INIT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_operation_init"><code class="docutils literal"><span class="pre">psa_mac_operation_init</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_sign_setup"><code class="docutils literal"><span class="pre">psa_mac_sign_setup</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_verify_setup"><code class="docutils literal"><span class="pre">psa_mac_verify_setup</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_update"><code class="docutils literal"><span class="pre">psa_mac_update</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_sign_finish"><code class="docutils literal"><span class="pre">psa_mac_sign_finish</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_verify_finish"><code class="docutils literal"><span class="pre">psa_mac_verify_finish</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_abort"><code class="docutils literal"><span class="pre">psa_mac_abort</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="macs.html#support-macros">10.3.4. Support macros</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_IS_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HMAC</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_MAC_LENGTH"><code class="docutils literal"><span class="pre">PSA_MAC_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_MAC_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_MAC_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html#cipher-algorithms">10.4.1. Cipher algorithms</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_STREAM_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_CTR"><code class="docutils literal"><span class="pre">PSA_ALG_CTR</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_CFB"><code class="docutils literal"><span class="pre">PSA_ALG_CFB</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_OFB"><code class="docutils literal"><span class="pre">PSA_ALG_OFB</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_XTS"><code class="docutils literal"><span class="pre">PSA_ALG_XTS</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_ECB_NO_PADDING"><code class="docutils literal"><span class="pre">PSA_ALG_ECB_NO_PADDING</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_CBC_NO_PADDING"><code class="docutils literal"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_CBC_PKCS7"><code class="docutils literal"><span class="pre">PSA_ALG_CBC_PKCS7</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html#single-part-cipher-functions">10.4.2. Single-part cipher functions</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_encrypt"><code class="docutils literal"><span class="pre">psa_cipher_encrypt</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_decrypt"><code class="docutils literal"><span class="pre">psa_cipher_decrypt</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html#multi-part-cipher-operations">10.4.3. Multi-part cipher operations</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_operation_t"><code class="docutils literal"><span class="pre">psa_cipher_operation_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_operation_init"><code class="docutils literal"><span class="pre">psa_cipher_operation_init</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_encrypt_setup"><code class="docutils literal"><span class="pre">psa_cipher_encrypt_setup</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_decrypt_setup"><code class="docutils literal"><span class="pre">psa_cipher_decrypt_setup</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_generate_iv"><code class="docutils literal"><span class="pre">psa_cipher_generate_iv</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_set_iv"><code class="docutils literal"><span class="pre">psa_cipher_set_iv</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_update"><code class="docutils literal"><span class="pre">psa_cipher_update</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_finish"><code class="docutils literal"><span class="pre">psa_cipher_finish</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_abort"><code class="docutils literal"><span class="pre">psa_cipher_abort</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html#support-macros">10.4.4. Support macros</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_IS_STREAM_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_STREAM_CIPHER</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_IV_LENGTH"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_IV_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_UPDATE_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_FINISH_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="aead.html#aead-algorithms">10.5.1. AEAD algorithms</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_CCM"><code class="docutils literal"><span class="pre">PSA_ALG_CCM</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_GCM"><code class="docutils literal"><span class="pre">PSA_ALG_GCM</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_CHACHA20_POLY1305"><code class="docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="aead.html#single-part-aead-functions">10.5.2. Single-part AEAD functions</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_encrypt"><code class="docutils literal"><span class="pre">psa_aead_encrypt</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_decrypt"><code class="docutils literal"><span class="pre">psa_aead_decrypt</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="aead.html#multi-part-aead-operations">10.5.3. Multi-part AEAD operations</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_operation_t"><code class="docutils literal"><span class="pre">psa_aead_operation_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_operation_init"><code class="docutils literal"><span class="pre">psa_aead_operation_init</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_encrypt_setup"><code class="docutils literal"><span class="pre">psa_aead_encrypt_setup</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_decrypt_setup"><code class="docutils literal"><span class="pre">psa_aead_decrypt_setup</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_set_lengths"><code class="docutils literal"><span class="pre">psa_aead_set_lengths</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_generate_nonce"><code class="docutils literal"><span class="pre">psa_aead_generate_nonce</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_set_nonce"><code class="docutils literal"><span class="pre">psa_aead_set_nonce</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_update_ad"><code class="docutils literal"><span class="pre">psa_aead_update_ad</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_update"><code class="docutils literal"><span class="pre">psa_aead_update</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_finish"><code class="docutils literal"><span class="pre">psa_aead_finish</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_verify"><code class="docutils literal"><span class="pre">psa_aead_verify</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_abort"><code class="docutils literal"><span class="pre">psa_aead_abort</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="aead.html#support-macros">10.5.4. Support macros</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_NONCE_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_NONCE_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_TAG_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_TAG_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_TAG_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="kdf.html">10.6. Key derivation</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html#key-derivation-algorithms">10.6.1. Key derivation algorithms</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_HKDF</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PRF</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_PBKDF2_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_PBKDF2_HMAC</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_PBKDF2_AES_CMAC_PRF_128"><code class="docutils literal"><span class="pre">PSA_ALG_PBKDF2_AES_CMAC_PRF_128</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html#input-step-types">10.6.2. Input step types</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_step_t"><code class="docutils literal"><span class="pre">psa_key_derivation_step_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_SECRET"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_PASSWORD"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_PASSWORD</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_LABEL"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_CONTEXT"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_CONTEXT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_SALT"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_INFO"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_SEED"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_COST"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_COST</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html#key-derivation-functions">10.6.3. Key derivation functions</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_operation_t"><code class="docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_operation_init"><code class="docutils literal"><span class="pre">psa_key_derivation_operation_init</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_setup"><code class="docutils literal"><span class="pre">psa_key_derivation_setup</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_get_capacity"><code class="docutils literal"><span class="pre">psa_key_derivation_get_capacity</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_set_capacity"><code class="docutils literal"><span class="pre">psa_key_derivation_set_capacity</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_input_bytes"><code class="docutils literal"><span class="pre">psa_key_derivation_input_bytes</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_input_integer"><code class="docutils literal"><span class="pre">psa_key_derivation_input_integer</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_input_key"><code class="docutils literal"><span class="pre">psa_key_derivation_input_key</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_output_bytes"><code class="docutils literal"><span class="pre">psa_key_derivation_output_bytes</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_output_key"><code class="docutils literal"><span class="pre">psa_key_derivation_output_key</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_verify_bytes"><code class="docutils literal"><span class="pre">psa_key_derivation_verify_bytes</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_verify_key"><code class="docutils literal"><span class="pre">psa_key_derivation_verify_key</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_abort"><code class="docutils literal"><span class="pre">psa_key_derivation_abort</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html#support-macros">10.6.4. Support macros</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_IS_KEY_DERIVATION_STRETCHING"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION_STRETCHING</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_IS_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HKDF</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_IS_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PRF</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_IS_PBKDF2_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_PBKDF2_HMAC</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="sign.html#asymmetric-signature-algorithms">10.7.1. Asymmetric signature algorithms</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_RSA_PSS_ANY_SALT"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PSS_ANY_SALT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_ECDSA_ANY"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_PURE_EDDSA"><code class="docutils literal"><span class="pre">PSA_ALG_PURE_EDDSA</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_ED25519PH"><code class="docutils literal"><span class="pre">PSA_ALG_ED25519PH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_ED448PH"><code class="docutils literal"><span class="pre">PSA_ALG_ED448PH</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="sign.html#asymmetric-signature-functions">10.7.2. Asymmetric signature functions</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#psa_sign_message"><code class="docutils literal"><span class="pre">psa_sign_message</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#psa_verify_message"><code class="docutils literal"><span class="pre">psa_verify_message</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#psa_sign_hash"><code class="docutils literal"><span class="pre">psa_sign_hash</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#psa_verify_hash"><code class="docutils literal"><span class="pre">psa_verify_hash</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="sign.html#support-macros">10.7.3. Support macros</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_RSA_PSS_ANY_SALT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS_ANY_SALT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_RSA_PSS_STANDARD_SALT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS_STANDARD_SALT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDSA</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_HASH_EDDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_EDDSA</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_HASH_AND_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_ANY_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_SIGN_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_SIGNATURE_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="pke.html#asymmetric-encryption-algorithms">10.8.1. Asymmetric encryption algorithms</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ALG_RSA_OAEP"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_OAEP</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="pke.html#asymmetric-encryption-functions">10.8.2. Asymmetric encryption functions</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="pke.html#psa_asymmetric_encrypt"><code class="docutils literal"><span class="pre">psa_asymmetric_encrypt</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="pke.html#psa_asymmetric_decrypt"><code class="docutils literal"><span class="pre">psa_asymmetric_decrypt</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="pke.html#support-macros">10.8.3. Support macros</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ALG_IS_RSA_OAEP"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_OAEP</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="ka.html">10.9. Key agreement</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="ka.html#key-agreement-algorithms">10.9.1. Key agreement algorithms</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_FFDH"><code class="docutils literal"><span class="pre">PSA_ALG_FFDH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_ECDH"><code class="docutils literal"><span class="pre">PSA_ALG_ECDH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="ka.html#standalone-key-agreement">10.9.2. Standalone key agreement</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="ka.html#psa_raw_key_agreement"><code class="docutils literal"><span class="pre">psa_raw_key_agreement</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="ka.html#combining-key-agreement-and-key-derivation">10.9.3. Combining key agreement and key derivation</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="ka.html#psa_key_derivation_key_agreement"><code class="docutils literal"><span class="pre">psa_key_derivation_key_agreement</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="ka.html#support-macros">10.9.4. Support macros</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_IS_FFDH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_FFDH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_IS_ECDH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="rng.html#random-number-generation">10.10.1. Random number generation</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="rng.html#psa_generate_random"><code class="docutils literal"><span class="pre">psa_generate_random</span></code> (function)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
-<li class="toctree-l1 current"><a class="current reference internal" href="#">10. Cryptographic operation reference</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests (Hashes)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
-<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
-<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
-<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
-<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
-</ul>
-</li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/ops/index.html'" />
diff --git a/docs/1.1.0/html/api/ops/ka.html b/docs/1.1.0/html/api/ops/ka.html
index a7edfe6..829668d 100644
--- a/docs/1.1.0/html/api/ops/ka.html
+++ b/docs/1.1.0/html/api/ops/ka.html
@@ -1,498 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>10.9. Key agreement — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="10.10. Other cryptographic services" href="rng.html" />
- <link rel="prev" title="10.8. Asymmetric encryption" href="pke.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="key-agreement">
-<span id="id1"></span><h1>10.9. Key agreement</h1>
-<p>Two functions are provided for a Diffie-Hellman-style key agreement where each party combines its own private key with the peer’s public key.</p>
-<ul class="simple">
-<li>The recommended approach is to use a <a class="reference internal" href="kdf.html#kdf"><span class="std std-ref">key derivation operation</span></a> with the <a class="reference internal" href="#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a> input function, which calculates a shared secret for the key derivation function.</li>
-<li>Where an application needs direct access to the shared secret, it can call <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a> instead. Note that in general the shared secret is not directly suitable for use as a key because it is biased.</li>
-</ul>
-<div class="section" id="key-agreement-algorithms">
-<span id="id2"></span><h2>10.9.1. Key agreement algorithms</h2>
-<div class="section" id="PSA_ALG_FFDH">
-<span id="c.PSA_ALG_FFDH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_FFDH</span></code> (macro)</h3>
-<p>The finite-field Diffie-Hellman (DH) key agreement algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_FFDH" title="PSA_ALG_FFDH">PSA_ALG_FFDH</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x09010000)
-</pre>
-<p>This algorithm can be used directly in a call to <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a>, or combined with a key derivation operation using <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT()</span></code></a> for use with <a class="reference internal" href="#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a>.</p>
-<p>When used as a key’s permitted algorithm policy, the following uses are permitted:</p>
-<ul class="simple">
-<li>In a call to <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a>, with algorithm <a class="reference internal" href="#c.PSA_ALG_FFDH" title="PSA_ALG_FFDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_FFDH</span></code></a>.</li>
-<li>In a call to <a class="reference internal" href="#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a>, with any combined key agreement and key derivation algorithm constructed with <a class="reference internal" href="#c.PSA_ALG_FFDH" title="PSA_ALG_FFDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_FFDH</span></code></a>.</li>
-</ul>
-<p>When used as part of a multi-part key derivation operation, this implements a Diffie-Hellman key agreement scheme using a single Diffie-Hellman key-pair for each participant. This includes the <em>dhEphem</em>, <em>dhOneFlow</em>, and <em>dhStatic</em> schemes. The input step <a class="reference internal" href="kdf.html#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is used when providing the secret and peer keys to the operation.</p>
-<p>The shared secret produced by this key agreement algorithm is <code class="docutils literal"><span class="pre">g^{ab}</span></code> in big-endian format. It is <code class="docutils literal"><span class="pre">ceiling(m</span> <span class="pre">/</span> <span class="pre">8)</span></code> bytes long where <code class="docutils literal"><span class="pre">m</span></code> is the size of the prime <code class="docutils literal"><span class="pre">p</span></code> in bits.</p>
-<p>This key agreement scheme is defined by <span><em>NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography</em> <a class="reference internal" href="../../about.html#citation-sp800-56a"><span class="cite">[SP800-56A]</span></a></span> §5.7.1.1 under the name FFC DH.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR()</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_ECDH">
-<span id="c.PSA_ALG_ECDH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ECDH</span></code> (macro)</h3>
-<p>The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH">PSA_ALG_ECDH</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x09020000)
-</pre>
-<p>This algorithm can be used directly in a call to <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a>, or combined with a key derivation operation using <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT()</span></code></a> for use with <a class="reference internal" href="#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a>.</p>
-<p>When used as a key’s permitted algorithm policy, the following uses are permitted:</p>
-<ul class="simple">
-<li>In a call to <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a>, with algorithm <a class="reference internal" href="#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a>.</li>
-<li>In a call to <a class="reference internal" href="#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a>, with any combined key agreement and key derivation algorithm constructed with <a class="reference internal" href="#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a>.</li>
-</ul>
-<p>When used as part of a multi-part key derivation operation, this implements a Diffie-Hellman key agreement scheme using a single elliptic curve key-pair for each participant. This includes the <em>Ephemeral unified model</em>, the <em>Static unified model</em>, and the <em>One-pass Diffie-Hellman</em> schemes. The input step <a class="reference internal" href="kdf.html#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is used when providing the secret and peer keys to the operation.</p>
-<p>The shared secret produced by key agreement is the x-coordinate of the shared secret point. It is always <code class="docutils literal"><span class="pre">ceiling(m</span> <span class="pre">/</span> <span class="pre">8)</span></code> bytes long where <code class="docutils literal"><span class="pre">m</span></code> is the bit size associated with the curve, i.e. the bit size of the order of the curve’s coordinate field. When <code class="docutils literal"><span class="pre">m</span></code> is not a multiple of 8, the byte containing the most significant bit of the shared secret is padded with zero bits. The byte order is either little-endian or big-endian depending on the curve type.</p>
-<ul>
-<li><p class="first">For Montgomery curves (curve family <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>), the shared secret is the x-coordinate of <code class="docutils literal"><span class="pre">Z</span> <span class="pre">=</span> <span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> in little-endian byte order.</p>
-<ul class="simple">
-<li>For Curve25519, this is the X25519 function defined in <span><em>Curve25519: new Diffie-Hellman speed records</em> <a class="reference internal" href="../../about.html#citation-curve25519"><span class="cite">[Curve25519]</span></a></span>. The bit size <code class="docutils literal"><span class="pre">m</span></code> is 255.</li>
-<li>For Curve448, this is the X448 function defined in <span><em>Ed448-Goldilocks, a new elliptic curve</em> <a class="reference internal" href="../../about.html#citation-curve448"><span class="cite">[Curve448]</span></a></span>. The bit size <code class="docutils literal"><span class="pre">m</span></code> is 448.</li>
-</ul>
-</li>
-<li><p class="first">For Weierstrass curves (curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code>, <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a> and <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a>) the shared secret is the x-coordinate of <code class="docutils literal"><span class="pre">Z</span> <span class="pre">=</span> <span class="pre">h</span> <span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">h</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> in big-endian byte order. This is the Elliptic Curve Cryptography Cofactor Diffie-Hellman primitive defined by <span><em>SEC 1: Elliptic Curve Cryptography</em> <a class="reference internal" href="../../about.html#citation-sec1"><span class="cite">[SEC1]</span></a></span> §3.3.2 as, and also as ECC CDH by <span><em>NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography</em> <a class="reference internal" href="../../about.html#citation-sp800-56a"><span class="cite">[SP800-56A]</span></a></span> §5.7.1.2.</p>
-<ul class="simple">
-<li>Over prime fields (curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a> and <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a>), the bit size is <code class="docutils literal"><span class="pre">m</span> <span class="pre">=</span> <span class="pre">ceiling(log_2(p))</span></code> for the field <code class="docutils literal"><span class="pre">F_p</span></code>.</li>
-<li>Over binary fields (curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code>), the bit size is <code class="docutils literal"><span class="pre">m</span></code> for the field <code class="docutils literal"><span class="pre">F_{2^m}</span></code>.</li>
-</ul>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">The cofactor Diffie-Hellman primitive is equivalent to the standard elliptic curve Diffie-Hellman calculation <code class="docutils literal"><span class="pre">Z</span> <span class="pre">=</span> <span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> (<a class="reference internal" href="../../about.html#citation-sec1"><span class="cite psa_c psa_c-cite">[SEC1]</span></a> §3.3.1) for curves where the cofactor <code class="docutils literal"><span class="pre">h</span></code> is <code class="docutils literal"><span class="pre">1</span></code>. This is true for all curves in the <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a>, and <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a> families.</p>
-</div>
-</li>
-</ul>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">family</span></code><code class="docutils literal"><span class="pre">)</span></code></div>
-</div>
-<p>where <code class="docutils literal"><span class="pre">family</span></code> is a Weierstrass or Montgomery Elliptic curve family. That is, one of the following values:</p>
-<ul class="simple">
-<li><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code></li>
-<li><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code></li>
-<li><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a></li>
-<li><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a></li>
-<li><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a></li>
-</ul>
-</div>
-<div class="section" id="PSA_ALG_KEY_AGREEMENT">
-<span id="c.PSA_ALG_KEY_AGREEMENT"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT</span></code> (macro)</h3>
-<p>Macro to build a combined algorithm that chains a key agreement with a key derivation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT">PSA_ALG_KEY_AGREEMENT</a>(ka_alg, kdf_alg) \
- <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">ka_alg</span></code></dt>
-<dd>A key agreement algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">ka_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">kdf_alg</span></code></dt>
-<dd>A key derivation algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">kdf_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding key agreement and derivation algorithm.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">ka_alg</span></code> is not a supported key agreement algorithm or <code class="docutils literal"><span class="pre">kdf_alg</span></code> is not a supported key derivation algorithm.</p>
-<p class="rubric">Description</p>
-<p>A combined key agreement algorithm is used with a multi-part key derivation operation, using a call to <a class="reference internal" href="#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a>.</p>
-<p>The component parts of a key agreement algorithm can be extracted using <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE()</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT_GET_KDF" title="PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF()</span></code></a>.</p>
-<p class="rubric">Compatible key types</p>
-<p>The resulting combined key agreement algorithm is compatible with the same key types as the raw key agreement algorithm used to construct it.</p>
-</div>
-</div>
-<div class="section" id="standalone-key-agreement">
-<h2>10.9.2. Standalone key agreement</h2>
-<div class="section" id="psa_raw_key_agreement">
-<span id="c.psa_raw_key_agreement"></span><h3><code class="docutils literal"><span class="pre">psa_raw_key_agreement</span></code> (function)</h3>
-<p>Perform a key agreement and return the raw shared secret.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement">psa_raw_key_agreement</a>(<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> private_key,
- const uint8_t * peer_key,
- size_t peer_key_length,
- uint8_t * output,
- size_t output_size,
- size_t * output_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The key agreement algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">private_key</span></code></dt>
-<dd>Identifier of the private key to use.
-It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">peer_key</span></code></dt>
-<dd>Public key of the peer. The peer key must be in the same format that <a class="reference internal" href="../keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> accepts for the public key type corresponding to the type of <code class="docutils literal"><span class="pre">private_key</span></code>. That is, this function performs the equivalent of <a class="reference internal" href="../keys/management.html#c.psa_import_key" title="psa_import_key"><code class="docutils literal"><span class="pre">psa_import_key</span></code></a><code class="docutils literal"><span class="pre">(...,</span> </code><code class="docutils literal"><span class="pre">peer_key</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">peer_key_length</span></code><code class="docutils literal"><span class="pre">)</span></code>, with key attributes indicating the public key type corresponding to the type of <code class="docutils literal"><span class="pre">private_key</span></code>. For example, for ECC keys, this means that peer_key is interpreted as a point on the curve that the private key is on. The standard formats for public keys are documented in the documentation of <a class="reference internal" href="../keys/management.html#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">peer_key_length</span></code></dt>
-<dd>Size of <code class="docutils literal"><span class="pre">peer_key</span></code> in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
-<dd>Buffer where the raw shared secret is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes.
-This must be appropriate for the keys:</p>
-<ul class="last simple">
-<li>The required output size is <a class="reference internal" href="#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">bits</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">type</span></code> is the type of <code class="docutils literal"><span class="pre">private_key</span></code> and <code class="docutils literal"><span class="pre">bits</span></code> is the bit-size of either <code class="docutils literal"><span class="pre">private_key</span></code> or the <code class="docutils literal"><span class="pre">peer_key</span></code>.</li>
-<li><a class="reference internal" href="#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported raw key agreement algorithm.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned output.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*output_length)</span></code> bytes of <code class="docutils literal"><span class="pre">output</span></code> contain the raw shared secret.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">private_key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">private_key</span></code> does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">output</span></code> buffer is too small.
-<a class="reference internal" href="#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not a key agreement algorithm.</li>
-<li><code class="docutils literal"><span class="pre">private_key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">peer_key</span></code> is not a valid public key corresponding to <code class="docutils literal"><span class="pre">private_key</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a key agreement algorithm.</li>
-<li><code class="docutils literal"><span class="pre">private_key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">The raw result of a key agreement algorithm such as finite-field Diffie-Hellman or elliptic curve Diffie-Hellman has biases, and is not suitable for use as key material. Instead it is recommended that the result is used as input to a key derivation algorithm. To chain a key agreement with a key derivation, use <a class="reference internal" href="#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a> and other functions from the key derivation interface.</p>
-</div>
-</div>
-</div>
-<div class="section" id="combining-key-agreement-and-key-derivation">
-<h2>10.9.3. Combining key agreement and key derivation</h2>
-<div class="section" id="psa_key_derivation_key_agreement">
-<span id="c.psa_key_derivation_key_agreement"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_key_agreement</span></code> (function)</h3>
-<p>Perform a key agreement and use the shared secret as input to a key derivation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement">psa_key_derivation_key_agreement</a>(<a class="reference internal" href="kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
- <a class="reference internal" href="kdf.html#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a> step,
- <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> private_key,
- const uint8_t * peer_key,
- size_t peer_key_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd><p class="first">The key derivation operation object to use. It must have been set up with <a class="reference internal" href="kdf.html#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> with a key agreement and derivation algorithm <code class="docutils literal"><span class="pre">alg</span></code>: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true and <a class="reference internal" href="#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is false.</p>
-<p class="last">The operation must be ready for an input of the type given by <code class="docutils literal"><span class="pre">step</span></code>.</p>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">step</span></code></dt>
-<dd>Which step the input data is for.</dd>
-<dt> <code class="docutils literal"><span class="pre">private_key</span></code></dt>
-<dd>Identifier of the private key to use.
-It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">peer_key</span></code></dt>
-<dd>Public key of the peer. The peer key must be in the same format that <a class="reference internal" href="../keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> accepts for the public key type corresponding to the type of <code class="docutils literal"><span class="pre">private_key</span></code>. That is, this function performs the equivalent of <a class="reference internal" href="../keys/management.html#c.psa_import_key" title="psa_import_key"><code class="docutils literal"><span class="pre">psa_import_key</span></code></a><code class="docutils literal"><span class="pre">(...,</span> </code><code class="docutils literal"><span class="pre">peer_key</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">peer_key_length</span></code><code class="docutils literal"><span class="pre">)</span></code>, with key attributes indicating the public key type corresponding to the type of <code class="docutils literal"><span class="pre">private_key</span></code>. For example, for ECC keys, this means that peer_key is interpreted as a point on the curve that the private key is on. The standard formats for public keys are documented in the documentation of <a class="reference internal" href="../keys/management.html#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">peer_key_length</span></code></dt>
-<dd>Size of <code class="docutils literal"><span class="pre">peer_key</span></code> in bytes.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid for this key agreement <code class="docutils literal"><span class="pre">step</span></code>.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">private_key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">private_key</span></code> does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a> flag, or it does not permit the operation’s algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation’s algorithm is not a key agreement algorithm.</li>
-<li><code class="docutils literal"><span class="pre">step</span></code> does not allow an input resulting from a key agreement.</li>
-<li><code class="docutils literal"><span class="pre">private_key</span></code> is not compatible with the operation’s algorithm.</li>
-<li><code class="docutils literal"><span class="pre">peer_key</span></code> is not a valid public key corresponding to <code class="docutils literal"><span class="pre">private_key</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">private_key</span></code> is not supported for use with the operation’s algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>A key agreement algorithm takes two inputs: a private key <code class="docutils literal"><span class="pre">private_key</span></code>, and a public key <code class="docutils literal"><span class="pre">peer_key</span></code>. The result of this function is passed as input to the key derivation operation. The output of this key derivation can be extracted by reading from the resulting operation to produce keys and other cryptographic material.</p>
-<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="kdf.html#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
-</div>
-</div>
-<div class="section" id="support-macros">
-<h2>10.9.4. Support macros</h2>
-<div class="section" id="PSA_ALG_KEY_AGREEMENT_GET_BASE">
-<span id="c.PSA_ALG_KEY_AGREEMENT_GET_BASE"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE</span></code> (macro)</h3>
-<p>Get the raw key agreement algorithm from a full key agreement algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE">PSA_ALG_KEY_AGREEMENT_GET_BASE</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A key agreement algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The underlying raw key agreement algorithm if <code class="docutils literal"><span class="pre">alg</span></code> is a key agreement algorithm.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">alg</span></code> is not a key agreement algorithm or if it is not supported by the implementation.</p>
-<p class="rubric">Description</p>
-<p>See also <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT()</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT_GET_KDF" title="PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_KEY_AGREEMENT_GET_KDF">
-<span id="c.PSA_ALG_KEY_AGREEMENT_GET_KDF"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF</span></code> (macro)</h3>
-<p>Get the key derivation algorithm used in a full key agreement algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT_GET_KDF" title="PSA_ALG_KEY_AGREEMENT_GET_KDF">PSA_ALG_KEY_AGREEMENT_GET_KDF</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A key agreement algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The underlying key derivation algorithm if <code class="docutils literal"><span class="pre">alg</span></code> is a key agreement algorithm.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">alg</span></code> is not a key agreement algorithm or if it is not supported by the implementation.</p>
-<p class="rubric">Description</p>
-<p>See also <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT()</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_RAW_KEY_AGREEMENT">
-<span id="c.PSA_ALG_IS_RAW_KEY_AGREEMENT"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a raw key agreement algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT">PSA_ALG_IS_RAW_KEY_AGREEMENT</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a raw key agreement algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>A raw key agreement algorithm is one that does not specify a key derivation function. Usually, raw key agreement algorithms are constructed directly with a <code class="docutils literal"><span class="pre">PSA_ALG_xxx</span></code> macro while non-raw key agreement algorithms are constructed with <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT()</span></code></a>.</p>
-<p>The raw key agreement algorithm can be extracted from a full key agreement algorithm identifier using <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_FFDH">
-<span id="c.PSA_ALG_IS_FFDH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_FFDH</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a finite field Diffie-Hellman algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_FFDH" title="PSA_ALG_IS_FFDH">PSA_ALG_IS_FFDH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a finite field Diffie-Hellman algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key agreement algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>This includes the raw finite field Diffie-Hellman algorithm as well as finite-field Diffie-Hellman followed by any supported key derivation algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_ECDH">
-<span id="c.PSA_ALG_IS_ECDH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDH</span></code> (macro)</h3>
-<p>Whether the specified algorithm is an elliptic curve Diffie-Hellman algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_ECDH" title="PSA_ALG_IS_ECDH">PSA_ALG_IS_ECDH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an elliptic curve Diffie-Hellman algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key agreement algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>This includes the raw elliptic curve Diffie-Hellman algorithm as well as elliptic curve Diffie-Hellman followed by any supporter key derivation algorithm.</p>
-</div>
-<div class="section" id="PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE">
-<span id="c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE</span></code> (macro)</h3>
-<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE</a>(key_type, key_bits) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>A supported key type.</dd>
-<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
-<dd>The size of the key in bits.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>A sufficient output buffer size for the specified key type and size. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and size that it recognizes, but does not support. If the parameters are not valid, the return value is unspecified.</p>
-<p class="rubric">Description</p>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a> will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.</p>
-<p>See also <a class="reference internal" href="#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE">
-<span id="c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
-<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a>, for any of the supported key types and key agreement algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</a> \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
-<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests (Hashes)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
-<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
-<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
-<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
-<li class="toctree-l2 current"><a class="current reference internal" href="#">10.9. Key agreement</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#key-agreement-algorithms">10.9.1. Key agreement algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#standalone-key-agreement">10.9.2. Standalone key agreement</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#combining-key-agreement-and-key-derivation">10.9.3. Combining key agreement and key derivation</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#support-macros">10.9.4. Support macros</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
-</ul>
-</li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/ops/ka.html'" />
diff --git a/docs/1.1.0/html/api/ops/kdf.html b/docs/1.1.0/html/api/ops/kdf.html
index 503f49e..a045471 100644
--- a/docs/1.1.0/html/api/ops/kdf.html
+++ b/docs/1.1.0/html/api/ops/kdf.html
@@ -1,1293 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>10.6. Key derivation — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="10.7. Asymmetric signature" href="sign.html" />
- <link rel="prev" title="10.5. Authenticated encryption with associated data (AEAD)" href="aead.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="key-derivation">
-<span id="kdf"></span><h1>10.6. Key derivation</h1>
-<p>A key derivation encodes a deterministic method to generate a finite stream of bytes. This data stream is computed by the cryptoprocessor and extracted in chunks. If two key derivation operations are constructed with the same parameters, then they produce the same output.</p>
-<p>A key derivation consists of two phases:</p>
-<ol class="arabic simple">
-<li>Input collection. This is sometimes known as <em>extraction</em>: the operation “extracts” information from the inputs to generate a pseudorandom intermediate secret value.</li>
-<li>Output generation. This is sometimes known as <em>expansion</em>: the operation “expands” the intermediate secret value to the desired output length.</li>
-</ol>
-<p>The specification defines a <a class="reference internal" href="../../overview/functionality.html#multi-part-operations"><span class="std std-ref">multi-part operation</span></a> API for key derivation that allows:</p>
-<ul class="simple">
-<li>Multiple key and non-key outputs to be produced from a single derivation operation object.</li>
-<li>Key and non-key outputs can be extracted from the key derivation object, or compared with existing key and non-key values.</li>
-<li>Algorithms that require high-entropy secret inputs. For example <a class="reference internal" href="#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HKDF</span></code></a>.</li>
-<li>Algorithms that work with low-entropy secret inputs, or passwords. For example <a class="reference internal" href="#c.PSA_ALG_PBKDF2_HMAC" title="PSA_ALG_PBKDF2_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_PBKDF2_HMAC()</span></code></a>.</li>
-</ul>
-<p>An implementation with <a class="reference internal" href="../../about.html#term-isolation"><span class="term">isolation</span></a> has the following properties:</p>
-<ul class="simple">
-<li>The intermediate state of the key derivation is not visible to the caller.</li>
-<li>If an output of the derivation is a non-exportable key, then this key cannot be recovered outside the isolation boundary.</li>
-<li>If an output of the derivation is compared using <a class="reference internal" href="#c.psa_key_derivation_verify_bytes" title="psa_key_derivation_verify_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_verify_bytes()</span></code></a> or <a class="reference internal" href="#c.psa_key_derivation_verify_key" title="psa_key_derivation_verify_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_verify_key()</span></code></a>, then the output is not visible to the caller.</li>
-</ul>
-<p>Applications use the <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a> type to create key derivation operations. The operation object is used as follows:</p>
-<ol class="arabic">
-<li><p class="first">Initialize a <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a> object to zero or to <a class="reference internal" href="#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code></a>.</p>
-</li>
-<li><p class="first">Call <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> to select a key derivation algorithm.</p>
-</li>
-<li><p class="first">Call the functions <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a> or <a class="reference internal" href="ka.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a> to provide the secret inputs, and <a class="reference internal" href="#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_bytes()</span></code></a> or <a class="reference internal" href="#c.psa_key_derivation_input_integer" title="psa_key_derivation_input_integer"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_integer()</span></code></a> to provide the non-secret inputs, to the key derivation algorithm. Many key derivation algorithms take multiple inputs; the <code class="docutils literal"><span class="pre">step</span></code> parameter to these functions indicates which input is being provided. The documentation for each key derivation algorithm describes the expected inputs for that algorithm and in what order to pass them.</p>
-</li>
-<li><p class="first">Optionally, call <a class="reference internal" href="#c.psa_key_derivation_set_capacity" title="psa_key_derivation_set_capacity"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_set_capacity()</span></code></a> to set a limit on the amount of data that can be output from the key derivation operation.</p>
-</li>
-<li><p class="first">Call an output or verification function:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> to create a derived key.</li>
-<li><a class="reference internal" href="#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_bytes()</span></code></a> to export the derived data.</li>
-<li><a class="reference internal" href="#c.psa_key_derivation_verify_key" title="psa_key_derivation_verify_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_verify_key()</span></code></a> to compare a derived key with an existing key value.</li>
-<li><a class="reference internal" href="#c.psa_key_derivation_verify_bytes" title="psa_key_derivation_verify_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_verify_bytes()</span></code></a> to compare derived data with a buffer.</li>
-</ul>
-<p>These functions can be called multiple times to read successive output from the key derivation, until the stream is exhausted when its capacity has been reached.</p>
-</li>
-<li><p class="first">Key derivation does not finish in the same way as other multi-part operations. Call <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a> to release the key derivation operation memory when the object is no longer required.</p>
-</li>
-</ol>
-<p>To recover from an error, call <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a> to release the key derivation operation memory.</p>
-<p>A key derivation operation cannot be rewound. Once a part of the stream has been output, it cannot be output again. This ensures that the same part of the output will not be used for different purposes.</p>
-<div class="section" id="key-derivation-algorithms">
-<span id="id1"></span><h2>10.6.1. Key derivation algorithms</h2>
-<div class="section" id="PSA_ALG_HKDF">
-<span id="c.PSA_ALG_HKDF"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_HKDF</span></code> (macro)</h3>
-<p>Macro to build an HKDF algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF">PSA_ALG_HKDF</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding HKDF algorithm. For example, <a class="reference internal" href="#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_HKDF</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"><span class="pre">)</span></code> is HKDF using HMAC-SHA-256.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="rubric">Description</p>
-<p>This is the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) specified by <span><em>HMAC-based Extract-and-Expand Key Derivation Function (HKDF)</em> <a class="reference internal" href="../../about.html#citation-rfc5869"><span class="cite">[RFC5869]</span></a></span>.</p>
-<p>This key derivation algorithm uses the following inputs:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SALT" title="PSA_KEY_DERIVATION_INPUT_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code></a> is the salt used in the “extract” step. It is optional; if omitted, the derivation uses an empty salt.</li>
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is the secret key used in the “extract” step.</li>
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_INFO" title="PSA_KEY_DERIVATION_INPUT_INFO"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code></a> is the info string used in the “expand” step.</li>
-</ul>
-<p>If <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SALT" title="PSA_KEY_DERIVATION_INPUT_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code></a> is provided, it must be before <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a>. <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_INFO" title="PSA_KEY_DERIVATION_INPUT_INFO"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code></a> can be provided at any time after setup and before starting to generate output.</p>
-<p>Each input may only be passed once.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a> (for the secret key)</div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a> (for the other inputs)</div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_TLS12_PRF">
-<span id="c.PSA_ALG_TLS12_PRF"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PRF</span></code> (macro)</h3>
-<p>Macro to build a TLS-1.2 PRF algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF">PSA_ALG_TLS12_PRF</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding TLS-1.2 PRF algorithm. For example, <a class="reference internal" href="#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PRF</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"><span class="pre">)</span></code> represents the TLS 1.2 PRF using HMAC-SHA-256.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="rubric">Description</p>
-<p>TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule, specified in <span><em>The Transport Layer Security (TLS) Protocol Version 1.2</em> <a class="reference internal" href="../../about.html#citation-rfc5246"><span class="cite">[RFC5246]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc5246.html#section-5">§5</a>. It is based on HMAC and can be used with either SHA-256 or SHA-384.</p>
-<p>This key derivation algorithm uses the following inputs, which must be passed in the order given here:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SEED" title="PSA_KEY_DERIVATION_INPUT_SEED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code></a> is the seed.</li>
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is the secret key.</li>
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_LABEL" title="PSA_KEY_DERIVATION_INPUT_LABEL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code></a> is the label.</li>
-</ul>
-<p>Each input may only be passed once.</p>
-<p>For the application to TLS-1.2 key expansion:</p>
-<ul class="simple">
-<li>The seed is the concatenation of <code class="docutils literal"><span class="pre">ServerHello.Random</span> <span class="pre">+</span> <span class="pre">ClientHello.Random</span></code>.</li>
-<li>The label is <code class="docutils literal"><span class="pre">"key</span> <span class="pre">expansion"</span></code>.</li>
-</ul>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a> (for the secret key)</div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a> (for the other inputs)</div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_TLS12_PSK_TO_MS">
-<span id="c.PSA_ALG_TLS12_PSK_TO_MS"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code> (macro)</h3>
-<p>Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS">PSA_ALG_TLS12_PSK_TO_MS</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding TLS-1.2 PSK to MS algorithm. For example, <a class="reference internal" href="#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"><span class="pre">)</span></code> represents the TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="rubric">Description</p>
-<p>In a pure-PSK handshake in TLS 1.2, the master secret (MS) is derived from the pre-shared key (PSK) through the application of padding (<span><em>Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)</em> <a class="reference internal" href="../../about.html#citation-rfc4279"><span class="cite">[RFC4279]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc4279.html#section-2">§2</a>) and the TLS-1.2 PRF (<span><em>The Transport Layer Security (TLS) Protocol Version 1.2</em> <a class="reference internal" href="../../about.html#citation-rfc5246"><span class="cite">[RFC5246]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc5246.html#section-5">§5</a>). The latter is based on HMAC and can be used with either SHA-256 or SHA-384.</p>
-<p>This key derivation algorithm uses the following inputs, which must be passed in the order given here:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SEED" title="PSA_KEY_DERIVATION_INPUT_SEED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code></a> is the seed.</li>
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is the PSK. The PSK must not be larger than <a class="reference internal" href="#c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE" title="PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</span></code></a>.</li>
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_LABEL" title="PSA_KEY_DERIVATION_INPUT_LABEL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code></a> is the label.</li>
-</ul>
-<p>Each input may only be passed once.</p>
-<p>For the application to TLS-1.2:</p>
-<ul class="simple">
-<li>The seed, which is forwarded to the TLS-1.2 PRF, is the concatenation of the <code class="docutils literal"><span class="pre">ClientHello.Random</span> <span class="pre">+</span> <span class="pre">ServerHello.Random</span></code>.</li>
-<li>The label is <code class="docutils literal"><span class="pre">"master</span> <span class="pre">secret"</span></code> or <code class="docutils literal"><span class="pre">"extended</span> <span class="pre">master</span> <span class="pre">secret"</span></code>.</li>
-</ul>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a> (for the PSK)</div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a> (for the other inputs)</div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_PBKDF2_HMAC">
-<span id="c.PSA_ALG_PBKDF2_HMAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_PBKDF2_HMAC</span></code> (macro)</h3>
-<p>Macro to build a PBKDF2-HMAC password-hashing or key-stretching algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_PBKDF2_HMAC" title="PSA_ALG_PBKDF2_HMAC">PSA_ALG_PBKDF2_HMAC</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding PBKDF2-HMAC-XXX algorithm. For example, <a class="reference internal" href="#c.PSA_ALG_PBKDF2_HMAC" title="PSA_ALG_PBKDF2_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_PBKDF2_HMAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"><span class="pre">)</span></code> is the algorithm identifier for PBKDF2-HMAC-SHA-256.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="rubric">Description</p>
-<p>PBKDF2 is specified by <span><em>PKCS #5: Password-Based Cryptography Specification Version 2.1</em> <a class="reference internal" href="../../about.html#citation-rfc8018"><span class="cite">[RFC8018]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc8018.html#section-5.2">§5.2</a>. This macro constructs a PBKDF2 algorithm that uses a pseudo-random function based on HMAC with the specified hash.</p>
-<p>This key derivation algorithm uses the following inputs, which must be provided in the following order:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_COST" title="PSA_KEY_DERIVATION_INPUT_COST"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_COST</span></code></a> is the iteration count.
-This input step must be used exactly once.</li>
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SALT" title="PSA_KEY_DERIVATION_INPUT_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code></a> is the salt.
-This input step must be used one or more times; if used several times, the inputs will be concatenated.
-This can be used to build the final salt from multiple sources, both public and secret (also known as pepper).</li>
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_PASSWORD" title="PSA_KEY_DERIVATION_INPUT_PASSWORD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_PASSWORD</span></code></a> is the password to be hashed.
-This input step must be used exactly once.</li>
-</ul>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a> (for password input)</div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_PASSWORD" title="PSA_KEY_TYPE_PASSWORD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD</span></code></a> (for password input)</div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_PEPPER" title="PSA_KEY_TYPE_PEPPER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PEPPER</span></code></a> (for salt input)</div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a> (for salt input)</div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_PASSWORD_HASH" title="PSA_KEY_TYPE_PASSWORD_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD_HASH</span></code></a> (for key verification)</div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_PBKDF2_AES_CMAC_PRF_128">
-<span id="c.PSA_ALG_PBKDF2_AES_CMAC_PRF_128"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_PBKDF2_AES_CMAC_PRF_128</span></code> (macro)</h3>
-<p>The PBKDF2-AES-CMAC-PRF-128 password-hashing or key-stretching algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_PBKDF2_AES_CMAC_PRF_128" title="PSA_ALG_PBKDF2_AES_CMAC_PRF_128">PSA_ALG_PBKDF2_AES_CMAC_PRF_128</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x08800200)
-</pre>
-<p>PBKDF2 is specified by <span><em>PKCS #5: Password-Based Cryptography Specification Version 2.1</em> <a class="reference internal" href="../../about.html#citation-rfc8018"><span class="cite">[RFC8018]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc8018.html#section-5.2">§5.2</a>. This algorithm specifies the PBKDF2 algorithm using the AES-CMAC-PRF-128 pseudo-random function specified by <a class="reference internal" href="../../about.html#citation-rfc4615"><span class="cite">[RFC4615]</span></a></p>
-<p>This key derivation algorithm uses the same inputs as <a class="reference internal" href="#c.PSA_ALG_PBKDF2_HMAC" title="PSA_ALG_PBKDF2_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_PBKDF2_HMAC()</span></code></a> with the same constraints.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a> (for password input)</div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_PASSWORD" title="PSA_KEY_TYPE_PASSWORD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD</span></code></a> (for password input)</div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_PEPPER" title="PSA_KEY_TYPE_PEPPER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PEPPER</span></code></a> (for salt input)</div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a> (for salt input)</div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_PASSWORD_HASH" title="PSA_KEY_TYPE_PASSWORD_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD_HASH</span></code></a> (for key verification)</div>
-</div>
-</div>
-</div>
-<div class="section" id="input-step-types">
-<h2>10.6.2. Input step types</h2>
-<div class="section" id="psa_key_derivation_step_t">
-<span id="c.psa_key_derivation_step_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_step_t</span></code> (type)</h3>
-<p>Encoding of the step of a key derivation.</p>
-<pre class="literal-block">
-typedef uint16_t <a class="reference internal" href="#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a>;
-</pre>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_INPUT_SECRET">
-<span id="c.PSA_KEY_DERIVATION_INPUT_SECRET"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code> (macro)</h3>
-<p>A high-entropy secret input for key derivation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET">PSA_KEY_DERIVATION_INPUT_SECRET</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>This is typically a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a> passed to <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a>, or the shared secret resulting from a key agreement obtained via <a class="reference internal" href="ka.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a>.</p>
-<p>The secret can also be a direct input passed to <a class="reference internal" href="#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_bytes()</span></code></a>. In this case, the derivation operation cannot be used to derive keys: the operation will not allow a call to <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_INPUT_PASSWORD">
-<span id="c.PSA_KEY_DERIVATION_INPUT_PASSWORD"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_PASSWORD</span></code> (macro)</h3>
-<p>A low-entropy secret input for password hashing or key stretching.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_PASSWORD" title="PSA_KEY_DERIVATION_INPUT_PASSWORD">PSA_KEY_DERIVATION_INPUT_PASSWORD</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>This is usually a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_PASSWORD" title="PSA_KEY_TYPE_PASSWORD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD</span></code></a> passed to <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a> or a direct input passed to <a class="reference internal" href="#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_bytes()</span></code></a> that is a password or passphrase. It can also be high-entropy secret, for example, a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a>, or the shared secret resulting from a key agreement.</p>
-<p>If the secret is a direct input, the derivation operation cannot be used to derive keys: the operation will not allow a call to <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_INPUT_LABEL">
-<span id="c.PSA_KEY_DERIVATION_INPUT_LABEL"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code> (macro)</h3>
-<p>A label for key derivation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_LABEL" title="PSA_KEY_DERIVATION_INPUT_LABEL">PSA_KEY_DERIVATION_INPUT_LABEL</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>This is typically a direct input. It can also be a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_INPUT_CONTEXT">
-<span id="c.PSA_KEY_DERIVATION_INPUT_CONTEXT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_CONTEXT</span></code> (macro)</h3>
-<p>A context for key derivation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_CONTEXT" title="PSA_KEY_DERIVATION_INPUT_CONTEXT">PSA_KEY_DERIVATION_INPUT_CONTEXT</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>This is typically a direct input. It can also be a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_INPUT_SALT">
-<span id="c.PSA_KEY_DERIVATION_INPUT_SALT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code> (macro)</h3>
-<p>A salt for key derivation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SALT" title="PSA_KEY_DERIVATION_INPUT_SALT">PSA_KEY_DERIVATION_INPUT_SALT</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>This is typically a direct input. It can also be a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a> or <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_PEPPER" title="PSA_KEY_TYPE_PEPPER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PEPPER</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_INPUT_INFO">
-<span id="c.PSA_KEY_DERIVATION_INPUT_INFO"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code> (macro)</h3>
-<p>An information string for key derivation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_INFO" title="PSA_KEY_DERIVATION_INPUT_INFO">PSA_KEY_DERIVATION_INPUT_INFO</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>This is typically a direct input. It can also be a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_INPUT_SEED">
-<span id="c.PSA_KEY_DERIVATION_INPUT_SEED"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code> (macro)</h3>
-<p>A seed for key derivation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SEED" title="PSA_KEY_DERIVATION_INPUT_SEED">PSA_KEY_DERIVATION_INPUT_SEED</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>This is typically a direct input. It can also be a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_INPUT_COST">
-<span id="c.PSA_KEY_DERIVATION_INPUT_COST"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_COST</span></code> (macro)</h3>
-<p>A cost parameter for password hashing or key stretching.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_COST" title="PSA_KEY_DERIVATION_INPUT_COST">PSA_KEY_DERIVATION_INPUT_COST</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>This must be a direct input, passed to <a class="reference internal" href="#c.psa_key_derivation_input_integer" title="psa_key_derivation_input_integer"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_integer()</span></code></a>.</p>
-</div>
-</div>
-<div class="section" id="key-derivation-functions">
-<h2>10.6.3. Key derivation functions</h2>
-<div class="section" id="psa_key_derivation_operation_t">
-<span id="c.psa_key_derivation_operation_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code> (type)</h3>
-<p>The type of the state object for key derivation operations.</p>
-<pre class="literal-block">
-typedef <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a>;
-</pre>
-<p>Before calling any function on a key derivation operation object, the application must initialize it by any of the following means:</p>
-<ul>
-<li><p class="first">Set the object to all-bits-zero, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> operation;
-memset(&operation, 0, sizeof(operation));
-</pre>
-</li>
-<li><p class="first">Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:</p>
-<pre class="literal-block">
-static <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> operation;
-</pre>
-</li>
-<li><p class="first">Initialize the object to the initializer <a class="reference internal" href="#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code></a>, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> operation = <a class="reference internal" href="#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT">PSA_KEY_DERIVATION_OPERATION_INIT</a>;
-</pre>
-</li>
-<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_operation_init()</span></code></a> to the object, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> operation;
-operation = <a class="reference internal" href="#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init">psa_key_derivation_operation_init</a>();
-</pre>
-</li>
-</ul>
-<p>This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.</p>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_OPERATION_INIT">
-<span id="c.PSA_KEY_DERIVATION_OPERATION_INIT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code> (macro)</h3>
-<p>This macro returns a suitable initializer for a key derivation operation object of type <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT">PSA_KEY_DERIVATION_OPERATION_INIT</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-</div>
-<div class="section" id="psa_key_derivation_operation_init">
-<span id="c.psa_key_derivation_operation_init"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_operation_init</span></code> (function)</h3>
-<p>Return an initial value for a key derivation operation object.</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> <a class="reference internal" href="#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init">psa_key_derivation_operation_init</a>(void);
-</pre>
-<p class="rubric">Returns: <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a></p>
-</div>
-<div class="section" id="psa_key_derivation_setup">
-<span id="c.psa_key_derivation_setup"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_setup</span></code> (function)</h3>
-<p>Set up a key derivation operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup">psa_key_derivation_setup</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to set up. It must have been initialized but not set up yet.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd><p class="first">The algorithm to compute. This must be one of the following:</p>
-<ul class="last simple">
-<li>A key derivation algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</li>
-<li>A key agreement and derivation algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true and <a class="reference internal" href="ka.html#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is false.</li>
-</ul>
-</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be inactive.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">alg</span></code> is neither a key derivation algorithm, nor a key agreement and derivation algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a key derivation algorithm, or a key agreement and derivation algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>A key derivation algorithm takes some inputs and uses them to generate a byte stream in a deterministic way. This byte stream can be used to produce keys and other cryptographic material.</p>
-<p>A key agreement and derivation algorithm uses a key agreement protocol to provide a shared secret which is used for the key derivation. See <a class="reference internal" href="ka.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a>.</p>
-<p>To derive a key:</p>
-<ol class="arabic simple">
-<li>Start with an initialized object of type <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> to select the algorithm.</li>
-<li>Provide the inputs for the key derivation by calling <a class="reference internal" href="#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_bytes()</span></code></a> or <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a> as appropriate. Which inputs are needed, in what order, whether keys are permitted, and what type of keys depends on the algorithm.</li>
-<li>Optionally set the operation’s maximum capacity with <a class="reference internal" href="#c.psa_key_derivation_set_capacity" title="psa_key_derivation_set_capacity"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_set_capacity()</span></code></a>. This can be done before, in the middle of, or after providing inputs. For some algorithms, this step is mandatory because the output depends on the maximum capacity.</li>
-<li>To derive a key, call <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a>. To derive a byte string for a different purpose, call <a class="reference internal" href="#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_bytes()</span></code></a>. Successive calls to these functions use successive output bytes calculated by the key derivation algorithm.</li>
-<li>Clean up the key derivation operation object with <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</li>
-</ol>
-<p>If this function returns an error, the key derivation operation object is not changed.</p>
-<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
-<p>Implementations must reject an attempt to derive a key of size <code class="docutils literal"><span class="pre">0</span></code>.</p>
-</div>
-<div class="section" id="psa_key_derivation_get_capacity">
-<span id="c.psa_key_derivation_get_capacity"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_get_capacity</span></code> (function)</h3>
-<p>Retrieve the current capacity of a key derivation operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_get_capacity" title="psa_key_derivation_get_capacity">psa_key_derivation_get_capacity</a>(const <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
- size_t * capacity);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The operation to query.</dd>
-<dt> <code class="docutils literal"><span class="pre">capacity</span></code></dt>
-<dd>On success, the capacity of the operation.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The maximum number of bytes that this key derivation can return is <code class="docutils literal"><span class="pre">(*capacity)</span></code>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The capacity of a key derivation is the maximum number of bytes that it can return. Reading <em>N</em> bytes of output from a key derivation operation reduces its capacity by at least <em>N</em>. The capacity can be reduced by more than <em>N</em> in the following situations:</p>
-<ul class="simple">
-<li>Calling <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> can reduce the capacity by more than the key size, depending on the type of key being generated. See <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> for details of the key derivation process.</li>
-<li>When the <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a> object is operating as a deterministic random bit generator (DBRG), which reduces capacity in whole blocks, even when less than a block is read.</li>
-</ul>
-</div>
-<div class="section" id="psa_key_derivation_set_capacity">
-<span id="c.psa_key_derivation_set_capacity"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_set_capacity</span></code> (function)</h3>
-<p>Set the maximum capacity of a key derivation operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_set_capacity" title="psa_key_derivation_set_capacity">psa_key_derivation_set_capacity</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
- size_t capacity);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to modify.</dd>
-<dt> <code class="docutils literal"><span class="pre">capacity</span></code></dt>
-<dd>The new capacity of the operation. It must be less or equal to the operation’s current capacity.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">capacity</span></code> is larger than the operation’s current capacity. In this case, the operation object remains valid and its capacity remains unchanged.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The capacity of a key derivation operation is the maximum number of bytes that the key derivation operation can return from this point onwards.</p>
-</div>
-<div class="section" id="psa_key_derivation_input_bytes">
-<span id="c.psa_key_derivation_input_bytes"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_input_bytes</span></code> (function)</h3>
-<p>Provide an input for key derivation or key agreement.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes">psa_key_derivation_input_bytes</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
- <a class="reference internal" href="#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a> step,
- const uint8_t * data,
- size_t data_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to use. It must have been set up with <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> and must not have produced any output yet.</dd>
-<dt> <code class="docutils literal"><span class="pre">step</span></code></dt>
-<dd>Which step the input data is for.</dd>
-<dt> <code class="docutils literal"><span class="pre">data</span></code></dt>
-<dd>Input data to use.</dd>
-<dt> <code class="docutils literal"><span class="pre">data_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">data</span></code> buffer in bytes.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid for this input <code class="docutils literal"><span class="pre">step</span></code>. This can happen if the application provides a step out of order or repeats a step that may not be repeated.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">step</span></code> is not compatible with the operation’s algorithm.</li>
-<li><code class="docutils literal"><span class="pre">step</span></code> does not allow direct inputs.</li>
-<li><code class="docutils literal"><span class="pre">data_length</span></code> is too small or too large for <code class="docutils literal"><span class="pre">step</span></code> in this particular algorithm.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">step</span></code> is not supported with the operation’s algorithm.</li>
-<li><code class="docutils literal"><span class="pre">data_length</span></code> is is not supported for <code class="docutils literal"><span class="pre">step</span></code> in this particular algorithm.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.</p>
-<p>This function passes direct inputs, which is usually correct for non-secret inputs. To pass a secret input, which is normally in a key object, call <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a> instead of this function. Refer to the documentation of individual step types (<code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_xxx</span></code> values of type <a class="reference internal" href="#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_step_t</span></code></a>) for more information.</p>
-<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
-</div>
-<div class="section" id="psa_key_derivation_input_integer">
-<span id="c.psa_key_derivation_input_integer"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_input_integer</span></code> (function)</h3>
-<p>Provide a numeric input for key derivation or key agreement.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_input_integer" title="psa_key_derivation_input_integer">psa_key_derivation_input_integer</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
- <a class="reference internal" href="#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a> step,
- uint64_t value);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to use. It must have been set up with <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> and must not have produced any output yet.</dd>
-<dt> <code class="docutils literal"><span class="pre">step</span></code></dt>
-<dd>Which step the input data is for.</dd>
-<dt> <code class="docutils literal"><span class="pre">value</span></code></dt>
-<dd>The value of the numeric input.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid for this input <code class="docutils literal"><span class="pre">step</span></code>. This can happen if the application provides a step out of order or repeats a step that may not be repeated.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">step</span></code> is not compatible with the operation’s algorithm.</li>
-<li><code class="docutils literal"><span class="pre">step</span></code> does not allow numerical inputs.</li>
-<li><code class="docutils literal"><span class="pre">value</span></code> is not valid for <code class="docutils literal"><span class="pre">step</span></code> in the operation’s algorithm.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">step</span></code> is not supported with the operation’s algorithm.</li>
-<li><code class="docutils literal"><span class="pre">value</span></code> is not supported for <code class="docutils literal"><span class="pre">step</span></code> in the operation’s algorithm.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>Which inputs are required and in what order depends on the algorithm.
-However, when an algorithm requires a particular order, numeric inputs usually come first as they tend to be configuration parameters.
-Refer to the documentation of each key derivation or key agreement algorithm for information.</p>
-<p>This function is used for inputs which are fixed-size non-negative integers.</p>
-<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
-</div>
-<div class="section" id="psa_key_derivation_input_key">
-<span id="c.psa_key_derivation_input_key"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_input_key</span></code> (function)</h3>
-<p>Provide an input for key derivation in the form of a key.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key">psa_key_derivation_input_key</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
- <a class="reference internal" href="#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a> step,
- <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to use. It must have been set up with <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> and must not have produced any output yet.</dd>
-<dt> <code class="docutils literal"><span class="pre">step</span></code></dt>
-<dd>Which step the input data is for.</dd>
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key. The key must have an appropriate type for <code class="docutils literal"><span class="pre">step</span></code>, it must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a> or <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_DERIVATION" title="PSA_KEY_USAGE_VERIFY_DERIVATION"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_DERIVATION</span></code></a> (see <a class="reference internal" href="#note">note</a>), and it must permit the algorithm used by the operation.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid for this input <code class="docutils literal"><span class="pre">step</span></code>. This can happen if the application provides a step out of order or repeats a step that may not be repeated.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key has neither the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a> nor the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_DERIVATION" title="PSA_KEY_USAGE_VERIFY_DERIVATION"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_DERIVATION</span></code></a> usage flag, or it does not permit the operation’s algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">step</span></code> is not compatible with the operation’s algorithm.</li>
-<li><code class="docutils literal"><span class="pre">step</span></code> does not allow key inputs of the given type, or does not allow key inputs at all.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">step</span></code> is not supported with the operation’s algorithm.</li>
-<li>Key inputs of the given type are not supported for <code class="docutils literal"><span class="pre">step</span></code> in the operation’s algorithm.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.</p>
-<p>This function obtains input from a key object, which is usually correct for secret inputs or for non-secret personalization strings kept in the key store. To pass a non-secret parameter which is not in the key store, call <a class="reference internal" href="#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_bytes()</span></code></a> instead of this function. Refer to the documentation of individual step types (<code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_xxx</span></code> values of type <a class="reference internal" href="#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_step_t</span></code></a>) for more information.</p>
-<div class="admonition note" id="note">
-<p class="first admonition-title">Note</p>
-<p>Once all inputs steps are completed, the following operations are permitted:</p>
-<ul class="last simple">
-<li><a class="reference internal" href="#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_bytes()</span></code></a> — if each input was either a direct input or a key with usage flag <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</li>
-<li><a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> — if the input for step <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> or <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_PASSWORD" title="PSA_KEY_DERIVATION_INPUT_PASSWORD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_PASSWORD</span></code></a> was a key with usage flag <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>, and every other input was either a direct input or a key with usage flag <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</li>
-<li><a class="reference internal" href="#c.psa_key_derivation_verify_bytes" title="psa_key_derivation_verify_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_verify_bytes()</span></code></a> — if each input was either a direct input or a key with usage flag <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_DERIVATION" title="PSA_KEY_USAGE_VERIFY_DERIVATION"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_DERIVATION</span></code></a>.</li>
-<li><a class="reference internal" href="#c.psa_key_derivation_verify_key" title="psa_key_derivation_verify_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_verify_key()</span></code></a> — under the same conditions as <a class="reference internal" href="#c.psa_key_derivation_verify_bytes" title="psa_key_derivation_verify_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_verify_bytes()</span></code></a>.</li>
-</ul>
-</div>
-<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
-</div>
-<div class="section" id="psa_key_derivation_output_bytes">
-<span id="c.psa_key_derivation_output_bytes"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_output_bytes</span></code> (function)</h3>
-<p>Read some data from a key derivation operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes">psa_key_derivation_output_bytes</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
- uint8_t * output,
- size_t output_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to read from.</dd>
-<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
-<dd>Buffer where the output will be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
-<dd>Number of bytes to output.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">output_length</span></code> bytes of <code class="docutils literal"><span class="pre">output</span></code> contain the derived data.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active, with all required input steps complete.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>One of the inputs was a key whose policy did not allow <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a></dt>
-<dd><p class="first">The operation’s capacity was less than <code class="docutils literal"><span class="pre">output_length</span></code> bytes. In this case, the following occurs:</p>
-<ul class="last simple">
-<li>No output is written to the output buffer.</li>
-<li>The operation’s capacity is set to zero — subsequent calls to this function will not succeed, even with a smaller output buffer.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This function calculates output bytes from a key derivation algorithm and returns those bytes. If the key derivation’s output is viewed as a stream of bytes, this function consumes the requested number of bytes from the stream and returns them to the caller. The operation’s capacity decreases by the number of bytes read.</p>
-<p>If this function returns an error status other than <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a>, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
-</div>
-<div class="section" id="psa_key_derivation_output_key">
-<span id="c.psa_key_derivation_output_key"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_output_key</span></code> (function)</h3>
-<p>Derive a key from an ongoing key derivation operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key">psa_key_derivation_output_key</a>(const <a class="reference internal" href="../keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
- <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd><p class="first">The attributes for the new key.
-This function uses the attributes as follows:</p>
-<ul>
-<li><p class="first">The key type is required. It cannot be an asymmetric public key.</p>
-</li>
-<li><p class="first">The key size is required. It must be a valid size for the key type.</p>
-</li>
-<li><p class="first">The key permitted-algorithm policy is required for keys that will be used for a cryptographic operation, see <a class="reference internal" href="../keys/policy.html#permitted-algorithms"><span class="secref">Permitted algorithms</span></a>.</p>
-<p>If the key type to be created is <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_PASSWORD_HASH" title="PSA_KEY_TYPE_PASSWORD_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD_HASH</span></code></a>, then the permitted-algorithm policy must be the same as the current operation’s algorithm.</p>
-</li>
-<li><p class="first">The key usage flags define what operations are permitted with the key, see <a class="reference internal" href="../keys/policy.html#key-usage-flags"><span class="secref">Key usage flags</span></a>.</p>
-</li>
-<li><p class="first">The key lifetime and identifier are required for a persistent key.</p>
-</li>
-</ul>
-<div class="last admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">This is an input parameter: it is not updated with the final key attributes. The final attributes of the new key can be queried by calling <a class="reference internal" href="../keys/attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a> with the key’s identifier.</p>
-</div>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to read from.</dd>
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>On success, an identifier for the newly created key. <a class="reference internal" href="../keys/ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active, with all required input steps complete.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> input step was neither provided through a key, nor the result of a key agreement.</li>
-<li>One of the inputs was a key whose policy did not allow <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</li>
-<li>The implementation does not permit creating a key with the specified attributes due to some implementation-specific policy.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></dt>
-<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a></dt>
-<dd><p class="first">There was not enough data to create the desired key. In this case, the following occurs:</p>
-<ul class="last simple">
-<li>No key is generated.</li>
-<li>The operation’s capacity is set to zero — subsequent calls to this function will not succeed, even if they require less data.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The key type is invalid, or is an asymmetric public key type.</li>
-<li>The key type is <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_PASSWORD_HASH" title="PSA_KEY_TYPE_PASSWORD_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD_HASH</span></code></a>, and the permitted-algorithm policy is not the same as the current operation’s algorithm.</li>
-<li>The key size is not valid for the key type.</li>
-<li>The key lifetime is invalid.</li>
-<li>The key identifier is not valid for the key lifetime.</li>
-<li>The key usage flags include invalid values.</li>
-<li>The key’s permitted-usage algorithm is invalid.</li>
-<li>The key attributes, as a whole, are invalid.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd>The key attributes, as a whole, are not supported, either by the implementation in general or in the specified storage location.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This function calculates output bytes from a key derivation algorithm and uses those bytes to generate a key deterministically. The key’s location, policy, type and size are taken from <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
-<p>If the key derivation’s output is viewed as a stream of bytes, this function consumes the required number of bytes from the stream. The operation’s capacity decreases by the number of bytes used to derive the key.</p>
-<p>If this function returns an error status other than <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a>, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
-<p>How much output is produced and consumed from the operation, and how the key is derived, depends on the key type. <span><a class="reference internal" href="#std-key-derivation"><span class="numref">Table 5</span></a></span> describes the required key derivation procedures for standard key derivation algorithms. Implementations can use other methods for implementation-specific algorithms.</p>
-<p>In all cases, the data that is read is discarded from the operation. The operation’s capacity is decreased by the number of bytes read.</p>
-<table border="1" class="colwidths-given longtable docutils align-right" id="std-key-derivation">
-<caption><span class="caption-number">Table 5 </span><span class="caption-text">Standard key derivation process</span></caption>
-<colgroup>
-<col width="29%" />
-<col width="71%" />
-</colgroup>
-<thead valign="bottom">
-<tr class="row-odd"><th class="head">Key type</th>
-<th class="head">Key type details and derivation procedure</th>
-</tr>
-</thead>
-<tbody valign="top">
-<tr class="row-even"><td><p class="first">AES</p>
-<p>ARC4</p>
-<p>ARIA</p>
-<p>CAMELLIA</p>
-<p>ChaCha20</p>
-<p>SM4</p>
-<p>Secrets for derivation</p>
-<p>HMAC</p>
-<p class="last">Password hashes</p>
-</td>
-<td><p class="first"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a></p>
-<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code></a></p>
-<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARIA" title="PSA_KEY_TYPE_ARIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARIA</span></code></a></p>
-<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a></p>
-<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code></a></p>
-<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code></a></p>
-<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a></p>
-<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_HMAC</span></code></a></p>
-<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_PASSWORD_HASH" title="PSA_KEY_TYPE_PASSWORD_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD_HASH</span></code></a></p>
-<p class="last">For key types for which the key is an arbitrary sequence of bytes of a given size, this function is functionally equivalent to calling <a class="reference internal" href="#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_bytes()</span></code></a> and passing the resulting output to <a class="reference internal" href="../keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>. However, this function has a security benefit: if the implementation provides an isolation boundary then the key material is not exposed outside the isolation boundary. As a consequence, for these key types, this function always consumes exactly <code class="docutils literal"><span class="pre">(bits/8)</span></code> bytes from the operation.</p>
-</td>
-</tr>
-<tr class="row-odd"><td>DES</td>
-<td><p class="first"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a>, 64 bits.</p>
-<p>This function generates a key using the following process:</p>
-<ol class="last arabic simple">
-<li>Draw an 8-byte string.</li>
-<li>Set/clear the parity bits in each byte.</li>
-<li>If the result is a forbidden weak key, discard the result and return to step 1.</li>
-<li>Output the string.</li>
-</ol>
-</td>
-</tr>
-<tr class="row-even"><td><p class="first">2-key 3DES</p>
-<p class="last">3-key 3DES</p>
-</td>
-<td><p class="first"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a>, 192 bits.</p>
-<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a>, 128 bits.</p>
-<p>The two or three keys are generated by repeated application of the process used to generate a DES key.</p>
-<p class="last">For example, for 3-key 3DES, if the first 8 bytes specify a weak key and the next 8 bytes do not, discard the first 8 bytes, use the next 8 bytes as the first key, and continue reading output from the operation to derive the other two keys.</p>
-</td>
-</tr>
-<tr class="row-odd"><td><p class="first">Finite-field Diffie-Hellman keys</p>
-<p class="last">ECC keys on a Weierstrass elliptic curve</p>
-</td>
-<td><p class="first"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">dh_family</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">dh_family</span></code> designates any Diffie-Hellman family.</p>
-<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">ecc_family</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">ecc_family</span></code> designates a Weierstrass curve family.</p>
-<p>These key types require the generation of a private key which is an integer in the range [1, <em>N</em> - 1], where <em>N</em> is the boundary of the private key domain: <em>N</em> is the prime <em>p</em> for Diffie-Hellman, or the order of the curve’s base point for ECC.</p>
-<p>Let <code class="docutils literal"><span class="pre">m</span></code> be the bit size of <em>N</em>, such that <code class="docutils literal"><span class="pre">2^m</span></code> > <em>N</em> >= <code class="docutils literal"><span class="pre">2^(m-1)</span></code>. This function generates the private key using the following process:</p>
-<ol class="arabic simple">
-<li>Draw a byte string of length <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code> bytes.</li>
-<li>If <code class="docutils literal"><span class="pre">m</span></code> is not a multiple of <code class="docutils literal"><span class="pre">8</span></code>, set the most significant <code class="docutils literal"><span class="pre">(8</span> <span class="pre">*</span> <span class="pre">ceiling(m/8)</span> <span class="pre">-</span> <span class="pre">m)</span></code> bits of the first byte in the string to zero.</li>
-<li>Convert the string to integer <em>k</em> by decoding it as a big-endian byte string.</li>
-<li>If <em>k</em> > <em>N</em> - <code class="docutils literal"><span class="pre">2</span></code>, discard the result and return to step 1.</li>
-<li>Output <em>k</em> + <code class="docutils literal"><span class="pre">1</span></code> as the private key.</li>
-</ol>
-<p>This method allows compliance to NIST standards, specifically the methods titled <em>Key-Pair Generation by Testing Candidates</em> in the following publications:</p>
-<ul class="last simple">
-<li><span><em>NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography</em> <a class="reference internal" href="../../about.html#citation-sp800-56a"><span class="cite">[SP800-56A]</span></a></span> §5.6.1.1.4 for Diffie-Hellman keys.</li>
-<li><a class="reference internal" href="../../about.html#citation-sp800-56a"><span class="cite">[SP800-56A]</span></a> §5.6.1.2.2 or <span><em>FIPS Publication 186-4: Digital Signature Standard (DSS)</em> <a class="reference internal" href="../../about.html#citation-fips186-4"><span class="cite">[FIPS186-4]</span></a></span> §B.4.2 for elliptic curve keys.</li>
-</ul>
-</td>
-</tr>
-<tr class="row-even"><td>ECC keys on a Montgomery elliptic curve</td>
-<td><p class="first"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a><code class="docutils literal"><span class="pre">)</span></code></p>
-<p>This function always draws a byte string whose length is determined by the curve, and sets the mandatory bits accordingly. That is:</p>
-<ul class="last simple">
-<li>Curve25519 (<a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, 255 bits): draw a 32-byte string and process it as specified in <span><em>Elliptic Curves for Security</em> <a class="reference internal" href="../../about.html#citation-rfc7748"><span class="cite">[RFC7748]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-5">§5</a>.</li>
-<li>Curve448 (<a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, 448 bits): draw a 56-byte string and process it as specified in <a class="reference internal" href="../../about.html#citation-rfc7748"><span class="cite">[RFC7748]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-5">§5</a>.</li>
-</ul>
-</td>
-</tr>
-<tr class="row-odd"><td><em>Other key types</em></td>
-<td><p class="first">This includes <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>.</p>
-<p class="last">The way in which the operation output is consumed is implementation-defined.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<p>For algorithms that take an input step <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a>, the input to that step must be provided with <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a>. Future versions of this specification might include additional restrictions on the derived key based on the attributes and strength of the secret key.</p>
-</div>
-<div class="section" id="psa_key_derivation_verify_bytes">
-<span id="c.psa_key_derivation_verify_bytes"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_verify_bytes</span></code> (function)</h3>
-<p>Compare output data from a key derivation operation to an expected value.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_verify_bytes" title="psa_key_derivation_verify_bytes">psa_key_derivation_verify_bytes</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
- const uint8_t *expected_output,
- size_t output_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to read from.</dd>
-<dt> <code class="docutils literal"><span class="pre">expected_output</span></code></dt>
-<dd>Buffer containing the expected derivation output.</dd>
-<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
-<dd>Length ot the expected output. This is also the number of bytes that will be read.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The output of the key derivation operation matches <code class="docutils literal"><span class="pre">expected_output</span></code>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active, with all required input steps complete.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>One of the inputs is a key whose policy does not permit <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_DERIVATION" title="PSA_KEY_USAGE_VERIFY_DERIVATION"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_DERIVATION</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
-<dd>The output of the key derivation operation does not match the value in <code class="docutils literal"><span class="pre">expected_output</span></code>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a></dt>
-<dd>The operation’s capacity was less than <code class="docutils literal"><span class="pre">output_length</span></code> bytes. In this case, the operation’s capacity is set to zero — subsequent calls to this function will not succeed, even with a smaller expected output length.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This function calculates output bytes from a key derivation algorithm and compares those bytes to an expected value.
-If the key derivation’s output is viewed as a stream of bytes, this function destructively reads <code class="docutils literal"><span class="pre">output_length</span></code> bytes from the stream before comparing them with <code class="docutils literal"><span class="pre">expected_output</span></code>.
-The operation’s capacity decreases by the number of bytes read.</p>
-<p>This is functionally equivalent to the following code:</p>
-<pre class="literal-block">
-uint8_t tmp[output_length];
-<a class="reference internal" href="#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes">psa_key_derivation_output_bytes</a>(operation, tmp, output_length);
-if (memcmp(expected_output, tmp, output_length) != 0)
- return <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE">PSA_ERROR_INVALID_SIGNATURE</a>;
-</pre>
-<p>However, calling <a class="reference internal" href="#c.psa_key_derivation_verify_bytes" title="psa_key_derivation_verify_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_verify_bytes()</span></code></a> works even if the key’s policy does not allow output of the bytes.</p>
-<p>If this function returns an error status other than <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a> or <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a>, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">Implementations must make the best effort to ensure that the comparison between the actual key derivation output and the expected output is performed in constant time.</p>
-</div>
-</div>
-<div class="section" id="psa_key_derivation_verify_key">
-<span id="c.psa_key_derivation_verify_key"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_verify_key</span></code> (function)</h3>
-<p>Compare output data from a key derivation operation to an expected value stored in a key.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_verify_key" title="psa_key_derivation_verify_key">psa_key_derivation_verify_key</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
- <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> expected);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to read from.</dd>
-<dt> <code class="docutils literal"><span class="pre">expected</span></code></dt>
-<dd><p class="first">A key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_PASSWORD_HASH" title="PSA_KEY_TYPE_PASSWORD_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD_HASH</span></code></a> containing the expected output.
-The key must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_DERIVATION" title="PSA_KEY_USAGE_VERIFY_DERIVATION"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_DERIVATION</span></code></a>, and the permitted algorithm must match the operation’s algorithm.</p>
-<p class="last">The value of this key is typically computed by a previous call to psa_key_derivation_output_key().</p>
-</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The output of the key derivation operation matches the <code class="docutils literal"><span class="pre">expected</span></code> key value.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active, with all required input steps complete.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">expected</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_DERIVATION" title="PSA_KEY_USAGE_VERIFY_DERIVATION"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_DERIVATION</span></code></a> flag, or it does not permit the requested algorithm.</li>
-<li>One of the inputs is a key whose policy does not permit <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_DERIVATION" title="PSA_KEY_USAGE_VERIFY_DERIVATION"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_DERIVATION</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
-<dd>The output of the key derivation operation does not match the value of the <code class="docutils literal"><span class="pre">expected</span></code> key.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a></dt>
-<dd>The operation’s capacity was less than the length of the <code class="docutils literal"><span class="pre">expected</span></code> key. In this case, the operation’s capacity is set to zero — subsequent calls to this function will not succeed, even with a smaller expected key length.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd>The key type is not <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_PASSWORD_HASH" title="PSA_KEY_TYPE_PASSWORD_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD_HASH</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This function calculates output bytes from a key derivation algorithm and compares those bytes to an expected value, provided as key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_PASSWORD_HASH" title="PSA_KEY_TYPE_PASSWORD_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PASSWORD_HASH</span></code></a>.
-If the key derivation’s output is viewed as a stream of bytes, this function destructively reads the number of bytes corresponding to the length of the <code class="docutils literal"><span class="pre">expected</span></code> key from the stream before comparing them with the key value.
-The operation’s capacity decreases by the number of bytes read.</p>
-<p>This is functionally equivalent to exporting the <code class="docutils literal"><span class="pre">expected</span></code> key and calling <a class="reference internal" href="#c.psa_key_derivation_verify_bytes" title="psa_key_derivation_verify_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_verify_bytes()</span></code></a> on the result, except that it works when the key cannot be exported.</p>
-<p>If this function returns an error status other than <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a> or <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a>, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">Implementations must make the best effort to ensure that the comparison between the actual key derivation output and the expected output is performed in constant time.</p>
-</div>
-</div>
-<div class="section" id="psa_key_derivation_abort">
-<span id="c.psa_key_derivation_abort"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_abort</span></code> (function)</h3>
-<p>Abort a key derivation operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort">psa_key_derivation_abort</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The operation to abort.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The operation object can now be discarded or reused.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>Aborting an operation frees all associated resources except for the <code class="docutils literal"><span class="pre">operation</span></code> object itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> again.</p>
-<p>This function can be called at any time after the operation object has been initialized as described in <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a>.</p>
-<p>In particular, it is valid to call <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a> twice, or to call <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a> on an operation that has not been set up.</p>
-</div>
-</div>
-<div class="section" id="support-macros">
-<h2>10.6.4. Support macros</h2>
-<div class="section" id="PSA_ALG_IS_KEY_DERIVATION_STRETCHING">
-<span id="c.PSA_ALG_IS_KEY_DERIVATION_STRETCHING"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION_STRETCHING</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a key-stretching or password-hashing algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_KEY_DERIVATION_STRETCHING" title="PSA_ALG_IS_KEY_DERIVATION_STRETCHING">PSA_ALG_IS_KEY_DERIVATION_STRETCHING</a>(alg) \
- <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a key-stretching or password-hashing algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.
-This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key derivation algorithm algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>A key-stretching or password-hashing algorithm is a key derivation algorithm that is suitable for use with a low-entropy secret such as a password.
-Equivalently, it’s a key derivation algorithm that uses a <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_PASSWORD" title="PSA_KEY_DERIVATION_INPUT_PASSWORD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_PASSWORD</span></code></a> input step.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_HKDF">
-<span id="c.PSA_ALG_IS_HKDF"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_HKDF</span></code> (macro)</h3>
-<p>Whether the specified algorithm is an HKDF algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_HKDF" title="PSA_ALG_IS_HKDF">PSA_ALG_IS_HKDF</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an HKDF algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key derivation algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>HKDF is a family of key derivation algorithms that are based on a hash function and the HMAC construction.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_TLS12_PRF">
-<span id="c.PSA_ALG_IS_TLS12_PRF"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PRF</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a TLS-1.2 PRF algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_TLS12_PRF" title="PSA_ALG_IS_TLS12_PRF">PSA_ALG_IS_TLS12_PRF</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a TLS-1.2 PRF algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key derivation algorithm identifier.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_TLS12_PSK_TO_MS">
-<span id="c.PSA_ALG_IS_TLS12_PSK_TO_MS"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a TLS-1.2 PSK to MS algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_TLS12_PSK_TO_MS" title="PSA_ALG_IS_TLS12_PSK_TO_MS">PSA_ALG_IS_TLS12_PSK_TO_MS</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a TLS-1.2 PSK to MS algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key derivation algorithm identifier.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_PBKDF2_HMAC">
-<span id="c.PSA_ALG_IS_PBKDF2_HMAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_PBKDF2_HMAC</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a PBKDF2-HMAC algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_PBKDF2_HMAC" title="PSA_ALG_IS_PBKDF2_HMAC">PSA_ALG_IS_PBKDF2_HMAC</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a PBKDF2-HMAC algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key derivation algorithm identifier.</p>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_UNLIMITED_CAPACITY">
-<span id="c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code> (macro)</h3>
-<p>Use the maximum possible capacity for a key derivation operation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY" title="PSA_KEY_DERIVATION_UNLIMITED_CAPACITY">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</a> \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>Use this value as the capacity argument when setting up a key derivation to specify that the operation will use the maximum possible capacity. The value of the maximum possible capacity depends on the key derivation algorithm.</p>
-</div>
-<div class="section" id="PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE">
-<span id="c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</span></code> (macro)</h3>
-<p>This macro returns the maximum supported length of the PSK for the TLS-1.2 PSK-to-MS key derivation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE" title="PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>This implementation-defined value specifies the maximum length for the PSK input used with a <a class="reference internal" href="#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS()</span></code></a> key agreement algorithm.</p>
-<p>Quoting <span><em>Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)</em> <a class="reference internal" href="../../about.html#citation-rfc4279"><span class="cite">[RFC4279]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc4279.html#section-5.3">§5.3</a>:</p>
-<blockquote>
-<div>TLS implementations supporting these cipher suites MUST support arbitrary PSK identities up to 128 octets in length, and arbitrary PSKs up to 64 octets in length. Supporting longer identities and keys is RECOMMENDED.</div></blockquote>
-<p>Therefore, it is recommended that implementations define <a class="reference internal" href="#c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE" title="PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</span></code></a> with a value greater than or equal to <code class="docutils literal"><span class="pre">64</span></code>.</p>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
-<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests (Hashes)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
-<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
-<li class="toctree-l2 current"><a class="current reference internal" href="#">10.6. Key derivation</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#key-derivation-algorithms">10.6.1. Key derivation algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#input-step-types">10.6.2. Input step types</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#key-derivation-functions">10.6.3. Key derivation functions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#support-macros">10.6.4. Support macros</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
-<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
-<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
-</ul>
-</li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/ops/kdf.html'" />
diff --git a/docs/1.1.0/html/api/ops/macs.html b/docs/1.1.0/html/api/ops/macs.html
index d34ce9c..1f5017b 100644
--- a/docs/1.1.0/html/api/ops/macs.html
+++ b/docs/1.1.0/html/api/ops/macs.html
@@ -1,906 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>10.3. Message authentication codes (MAC) — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="10.4. Unauthenticated ciphers" href="ciphers.html" />
- <link rel="prev" title="10.2. Message digests (Hashes)" href="hashes.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="message-authentication-codes-mac">
-<span id="macs"></span><h1>10.3. Message authentication codes (MAC)</h1>
-<p>The single-part MAC functions are:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.psa_mac_compute" title="psa_mac_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_compute()</span></code></a> to calculate the MAC of a message.</li>
-<li><a class="reference internal" href="#c.psa_mac_verify" title="psa_mac_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify()</span></code></a> to compare the MAC of a message with a reference value.</li>
-</ul>
-<p>The <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a> <a class="reference internal" href="../../overview/functionality.html#multi-part-operations"><span class="std std-ref">multi-part operation</span></a> allows messages to be processed in fragments. A multi-part MAC operation is used as follows:</p>
-<ol class="arabic simple">
-<li>Initialize the <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a> object to zero, or by assigning the value of the associated macro <a class="reference internal" href="#c.PSA_MAC_OPERATION_INIT" title="PSA_MAC_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_OPERATION_INIT</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_setup()</span></code></a> or <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a> to specify the algorithm and key.</li>
-<li>Call the <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_update()</span></code></a> function on successive chunks of the message.</li>
-<li>At the end of the message, call the required finishing function:<ul>
-<li>To calculate the MAC of the message, call <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_finish()</span></code></a>.</li>
-<li>To verify the MAC of the message against a reference value, call <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_finish()</span></code></a>.</li>
-</ul>
-</li>
-</ol>
-<p>To abort the operation or recover from an error, call <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>.</p>
-<div class="section" id="mac-algorithms">
-<span id="id1"></span><h2>10.3.1. MAC algorithms</h2>
-<div class="section" id="PSA_ALG_HMAC">
-<span id="c.PSA_ALG_HMAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_HMAC</span></code> (macro)</h3>
-<p>Macro to build an HMAC message-authentication-code algorithm from an underlying hash algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC">PSA_ALG_HMAC</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding HMAC algorithm.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="rubric">Description</p>
-<p>For example, <a class="reference internal" href="#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_HMAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"><span class="pre">)</span></code> is HMAC-SHA-256.</p>
-<p>The HMAC construction is defined in <span><em>HMAC: Keyed-Hashing for Message Authentication</em> <a class="reference internal" href="../../about.html#citation-rfc2104"><span class="cite">[RFC2104]</span></a></span>.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_HMAC</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CBC_MAC">
-<span id="c.PSA_ALG_CBC_MAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CBC_MAC</span></code> (macro)</h3>
-<p>The CBC-MAC message-authentication-code algorithm, constructed over a block cipher.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_CBC_MAC" title="PSA_ALG_CBC_MAC">PSA_ALG_CBC_MAC</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x03c00100)
-</pre>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">CBC-MAC is insecure in many cases. A more secure mode, such as <a class="reference internal" href="#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CMAC</span></code></a>, is recommended.</p>
-</div>
-<p>The CBC-MAC algorithm must be used with a key for a block cipher. For example, one of <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a>.</p>
-<p>CBC-MAC is defined as <em>MAC Algorithm 1</em> in <span><em>ISO/IEC 9797-1:2011 Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher</em> <a class="reference internal" href="../../about.html#citation-iso9797"><span class="cite">[ISO9797]</span></a></span>.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARIA" title="PSA_KEY_TYPE_ARIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CMAC">
-<span id="c.PSA_ALG_CMAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CMAC</span></code> (macro)</h3>
-<p>The CMAC message-authentication-code algorithm, constructed over a block cipher.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC">PSA_ALG_CMAC</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x03c00200)
-</pre>
-<p>The CMAC algorithm must be used with a key for a block cipher. For example, when used with a key with type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a>, the resulting operation is AES-CMAC.</p>
-<p>CMAC is defined in <span><em>NIST Special Publication 800-38B: Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication</em> <a class="reference internal" href="../../about.html#citation-sp800-38b"><span class="cite">[SP800-38B]</span></a></span>.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARIA" title="PSA_KEY_TYPE_ARIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code></a></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_TRUNCATED_MAC">
-<span id="c.PSA_ALG_TRUNCATED_MAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_TRUNCATED_MAC</span></code> (macro)</h3>
-<p>Macro to build a truncated MAC algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_TRUNCATED_MAC" title="PSA_ALG_TRUNCATED_MAC">PSA_ALG_TRUNCATED_MAC</a>(mac_alg, mac_length) \
- <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">mac_alg</span></code></dt>
-<dd>A MAC algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">mac_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true. This can be a truncated or untruncated MAC algorithm.</dd>
-<dt> <code class="docutils literal"><span class="pre">mac_length</span></code></dt>
-<dd>Desired length of the truncated MAC in bytes. This must be at most the untruncated length of the MAC and must be at least an implementation-specified minimum. The implementation-specified minimum must not be zero.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding MAC algorithm with the specified length.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">mac_alg</span></code> is not a supported MAC algorithm or if <code class="docutils literal"><span class="pre">mac_length</span></code> is too small or too large for the specified MAC algorithm.</p>
-<p class="rubric">Description</p>
-<p>A truncated MAC algorithm is identical to the corresponding MAC algorithm except that the MAC value for the truncated algorithm consists of only the first <code class="docutils literal"><span class="pre">mac_length</span></code> bytes of the MAC value for the untruncated algorithm.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">This macro might allow constructing algorithm identifiers that are not valid, either because the specified length is larger than the untruncated MAC or because the specified length is smaller than permitted by the implementation.</p>
-</div>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">It is implementation-defined whether a truncated MAC that is truncated to the same length as the MAC of the untruncated algorithm is considered identical to the untruncated algorithm for policy comparison purposes.</p>
-</div>
-<p>The untruncated MAC algorithm can be recovered using <a class="reference internal" href="#c.PSA_ALG_FULL_LENGTH_MAC" title="PSA_ALG_FULL_LENGTH_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_FULL_LENGTH_MAC()</span></code></a>.</p>
-<p class="rubric">Compatible key types</p>
-<p>The resulting truncated MAC algorithm is compatible with the same key types as the MAC algorithm used to construct it.</p>
-</div>
-<div class="section" id="PSA_ALG_FULL_LENGTH_MAC">
-<span id="c.PSA_ALG_FULL_LENGTH_MAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_FULL_LENGTH_MAC</span></code> (macro)</h3>
-<p>Macro to construct the MAC algorithm with an untruncated MAC, from a truncated MAC algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_FULL_LENGTH_MAC" title="PSA_ALG_FULL_LENGTH_MAC">PSA_ALG_FULL_LENGTH_MAC</a>(mac_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">mac_alg</span></code></dt>
-<dd>A MAC algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">mac_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true. This can be a truncated or untruncated MAC algorithm.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding MAC algorithm with an untruncated MAC.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">mac_alg</span></code> is not a supported MAC algorithm.</p>
-<p class="rubric">Compatible key types</p>
-<p>The resulting untruncated MAC algorithm is compatible with the same key types as the MAC algorithm used to construct it.</p>
-</div>
-<div class="section" id="PSA_ALG_AT_LEAST_THIS_LENGTH_MAC">
-<span id="c.PSA_ALG_AT_LEAST_THIS_LENGTH_MAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_AT_LEAST_THIS_LENGTH_MAC</span></code> (macro)</h3>
-<p>Macro to build a MAC minimum-MAC-length wildcard algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_AT_LEAST_THIS_LENGTH_MAC" title="PSA_ALG_AT_LEAST_THIS_LENGTH_MAC">PSA_ALG_AT_LEAST_THIS_LENGTH_MAC</a>(mac_alg, min_mac_length) \
- <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">mac_alg</span></code></dt>
-<dd>A MAC algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true. This can be a truncated or untruncated MAC algorithm.</dd>
-<dt> <code class="docutils literal"><span class="pre">min_mac_length</span></code></dt>
-<dd>Desired minimum length of the message authentication code in bytes. This must be at most the untruncated length of the MAC and must be at least <code class="docutils literal"><span class="pre">1</span></code>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding MAC wildcard algorithm with the specified minimum MAC length.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">mac_alg</span></code> is not a supported MAC algorithm or if <code class="docutils literal"><span class="pre">min_mac_length</span></code> is less than <code class="docutils literal"><span class="pre">1</span></code> or too large for the specified MAC algorithm.</p>
-<p class="rubric">Description</p>
-<p>A key with a minimum-MAC-length MAC wildcard algorithm as permitted algorithm policy can be used with all MAC algorithms sharing the same base algorithm, and where the (potentially truncated) MAC length of the specific algorithm is equal to or larger then the wildcard algorithm’s minimum MAC length.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">When setting the minimum required MAC length to less than the smallest MAC length allowed by the base algorithm, this effectively becomes an ‘any-MAC-length-allowed’ policy for that base algorithm.</p>
-</div>
-<p>The untruncated MAC algorithm can be recovered using <a class="reference internal" href="#c.PSA_ALG_FULL_LENGTH_MAC" title="PSA_ALG_FULL_LENGTH_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_FULL_LENGTH_MAC()</span></code></a>.</p>
-<p class="rubric">Compatible key types</p>
-<p>The resulting wildcard MAC algorithm is compatible with the same key types as the MAC algorithm used to construct it.</p>
-</div>
-</div>
-<div class="section" id="single-part-mac-functions">
-<h2>10.3.2. Single-part MAC functions</h2>
-<div class="section" id="psa_mac_compute">
-<span id="c.psa_mac_compute"></span><h3><code class="docutils literal"><span class="pre">psa_mac_compute</span></code> (function)</h3>
-<p>Calculate the message authentication code (MAC) of a message.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_compute" title="psa_mac_compute">psa_mac_compute</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- const uint8_t * input,
- size_t input_length,
- uint8_t * mac,
- size_t mac_size,
- size_t * mac_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation.
-It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The MAC algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the input message.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">mac</span></code></dt>
-<dd>Buffer where the MAC value is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">mac_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">mac</span></code> buffer in bytes.
-This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>The exact MAC size is <a class="reference internal" href="#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH"><code class="docutils literal"><span class="pre">PSA_MAC_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are attributes of the key used to compute the MAC.</li>
-<li><a class="reference internal" href="#c.PSA_MAC_MAX_SIZE" title="PSA_MAC_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_MAX_SIZE</span></code></a> evaluates to the maximum MAC size of any supported MAC algorithm.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">mac_length</span></code></dt>
-<dd>On success, the number of bytes that make up the MAC value.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*mac_length)</span></code> bytes of <code class="docutils literal"><span class="pre">mac</span></code> contain the MAC value.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">mac</span></code> buffer is too small.
-<a class="reference internal" href="#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_LENGTH()</span></code></a> or <a class="reference internal" href="#c.PSA_MAC_MAX_SIZE" title="PSA_MAC_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_MAX_SIZE</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not a MAC algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> is too large for <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a MAC algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> is too large for the implementation.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">To verify the MAC of a message against an expected value, use <a class="reference internal" href="#c.psa_mac_verify" title="psa_mac_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify()</span></code></a> instead. Beware that comparing integrity or authenticity data such as MAC values with a function such as <code class="docutils literal"><span class="pre">memcmp()</span></code> is risky because the time taken by the comparison might leak information about the MAC value which could allow an attacker to guess a valid MAC and thereby bypass security controls.</p>
-</div>
-</div>
-<div class="section" id="psa_mac_verify">
-<span id="c.psa_mac_verify"></span><h3><code class="docutils literal"><span class="pre">psa_mac_verify</span></code> (function)</h3>
-<p>Calculate the MAC of a message and compare it with a reference value.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_verify" title="psa_mac_verify">psa_mac_verify</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- const uint8_t * input,
- size_t input_length,
- const uint8_t * mac,
- size_t mac_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation.
-It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The MAC algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the input message.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">mac</span></code></dt>
-<dd>Buffer containing the expected MAC value.</dd>
-<dt> <code class="docutils literal"><span class="pre">mac_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">mac</span></code> buffer in bytes.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The expected MAC is identical to the actual MAC of the input.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
-<dd>The calculated MAC of the message does not match the value in <code class="docutils literal"><span class="pre">mac</span></code>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not a MAC algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> is too large for <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a MAC algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> is too large for the implementation.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-</div>
-</div>
-<div class="section" id="multi-part-mac-operations">
-<h2>10.3.3. Multi-part MAC operations</h2>
-<div class="section" id="psa_mac_operation_t">
-<span id="c.psa_mac_operation_t"></span><h3><code class="docutils literal"><span class="pre">psa_mac_operation_t</span></code> (type)</h3>
-<p>The type of the state object for multi-part MAC operations.</p>
-<pre class="literal-block">
-typedef <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a>;
-</pre>
-<p>Before calling any function on a MAC operation object, the application must initialize it by any of the following means:</p>
-<ul>
-<li><p class="first">Set the object to all-bits-zero, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> operation;
-memset(&operation, 0, sizeof(operation));
-</pre>
-</li>
-<li><p class="first">Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:</p>
-<pre class="literal-block">
-static <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> operation;
-</pre>
-</li>
-<li><p class="first">Initialize the object to the initializer <a class="reference internal" href="#c.PSA_MAC_OPERATION_INIT" title="PSA_MAC_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_OPERATION_INIT</span></code></a>, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> operation = <a class="reference internal" href="#c.PSA_MAC_OPERATION_INIT" title="PSA_MAC_OPERATION_INIT">PSA_MAC_OPERATION_INIT</a>;
-</pre>
-</li>
-<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_mac_operation_init" title="psa_mac_operation_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_operation_init()</span></code></a> to the object, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> operation;
-operation = <a class="reference internal" href="#c.psa_mac_operation_init" title="psa_mac_operation_init">psa_mac_operation_init</a>();
-</pre>
-</li>
-</ul>
-<p>This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.</p>
-</div>
-<div class="section" id="PSA_MAC_OPERATION_INIT">
-<span id="c.PSA_MAC_OPERATION_INIT"></span><h3><code class="docutils literal"><span class="pre">PSA_MAC_OPERATION_INIT</span></code> (macro)</h3>
-<p>This macro returns a suitable initializer for a MAC operation object of type <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_MAC_OPERATION_INIT" title="PSA_MAC_OPERATION_INIT">PSA_MAC_OPERATION_INIT</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-</div>
-<div class="section" id="psa_mac_operation_init">
-<span id="c.psa_mac_operation_init"></span><h3><code class="docutils literal"><span class="pre">psa_mac_operation_init</span></code> (function)</h3>
-<p>Return an initial value for a MAC operation object.</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> <a class="reference internal" href="#c.psa_mac_operation_init" title="psa_mac_operation_init">psa_mac_operation_init</a>(void);
-</pre>
-<p class="rubric">Returns: <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="docutils literal"><span class="pre">psa_mac_operation_t</span></code></a></p>
-</div>
-<div class="section" id="psa_mac_sign_setup">
-<span id="c.psa_mac_sign_setup"></span><h3><code class="docutils literal"><span class="pre">psa_mac_sign_setup</span></code> (function)</h3>
-<p>Set up a multi-part MAC calculation operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup">psa_mac_sign_setup</a>(<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
- <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a> and not yet in use.</dd>
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
-It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The MAC algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be inactive.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not a MAC algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a MAC algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This function sets up the calculation of the message authentication code (MAC) of a byte string. To verify the MAC of a message against an expected value, use <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a> instead.</p>
-<p>The sequence of operations to calculate a MAC is as follows:</p>
-<ol class="arabic simple">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a>, e.g. <a class="reference internal" href="#c.PSA_MAC_OPERATION_INIT" title="PSA_MAC_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_OPERATION_INIT</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_setup()</span></code></a> to specify the algorithm and key.</li>
-<li>Call <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_update()</span></code></a> zero, one or more times, passing a fragment of the message each time. The MAC that is calculated is the MAC of the concatenation of these messages in order.</li>
-<li>At the end of the message, call <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_finish()</span></code></a> to finish calculating the MAC value and retrieve it.</li>
-</ol>
-<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_setup()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>. The application can call <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_setup()</span></code></a>, the application must eventually terminate the operation through one of the following methods:</p>
-<ul class="simple">
-<li>A successful call to <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_finish()</span></code></a>.</li>
-<li>A call to <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>.</li>
-</ul>
-</div>
-<div class="section" id="psa_mac_verify_setup">
-<span id="c.psa_mac_verify_setup"></span><h3><code class="docutils literal"><span class="pre">psa_mac_verify_setup</span></code> (function)</h3>
-<p>Set up a multi-part MAC verification operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup">psa_mac_verify_setup</a>(<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
- <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a> and not yet in use.</dd>
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
-It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The MAC algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be inactive.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not a MAC algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a MAC algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>This function sets up the verification of the message authentication code (MAC) of a byte string against an expected value.</p>
-<p>The sequence of operations to verify a MAC is as follows:</p>
-<ol class="arabic simple">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a>, e.g. <a class="reference internal" href="#c.PSA_MAC_OPERATION_INIT" title="PSA_MAC_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_OPERATION_INIT</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a> to specify the algorithm and key.</li>
-<li>Call <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_update()</span></code></a> zero, one or more times, passing a fragment of the message each time. The MAC that is calculated is the MAC of the concatenation of these messages in order.</li>
-<li>At the end of the message, call <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_finish()</span></code></a> to finish calculating the actual MAC of the message and verify it against the expected value.</li>
-</ol>
-<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>. The application can call <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a>, the application must eventually terminate the operation through one of the following methods:</p>
-<ul class="simple">
-<li>A successful call to <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_finish()</span></code></a>.</li>
-<li>A call to <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>.</li>
-</ul>
-</div>
-<div class="section" id="psa_mac_update">
-<span id="c.psa_mac_update"></span><h3><code class="docutils literal"><span class="pre">psa_mac_update</span></code> (function)</h3>
-<p>Add a message fragment to a multi-part MAC operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update">psa_mac_update</a>(<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
- const uint8_t * input,
- size_t input_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active MAC operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the message fragment to add to the MAC calculation.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be active.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd>The total input for the operation is too large for the MAC algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd>The total input for the operation is too large for the implementation.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The application must call <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_setup()</span></code></a> or <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a> before calling this function.</p>
-<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>.</p>
-</div>
-<div class="section" id="psa_mac_sign_finish">
-<span id="c.psa_mac_sign_finish"></span><h3><code class="docutils literal"><span class="pre">psa_mac_sign_finish</span></code> (function)</h3>
-<p>Finish the calculation of the MAC of a message.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish">psa_mac_sign_finish</a>(<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
- uint8_t * mac,
- size_t mac_size,
- size_t * mac_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active MAC operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">mac</span></code></dt>
-<dd>Buffer where the MAC value is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">mac_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">mac</span></code> buffer in bytes.
-This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>The exact MAC size is <a class="reference internal" href="#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH"><code class="docutils literal"><span class="pre">PSA_MAC_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are attributes of the key, and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm used to compute the MAC.</li>
-<li><a class="reference internal" href="#c.PSA_MAC_MAX_SIZE" title="PSA_MAC_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_MAX_SIZE</span></code></a> evaluates to the maximum MAC size of any supported MAC algorithm.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">mac_length</span></code></dt>
-<dd>On success, the number of bytes that make up the MAC value.
-This is always <a class="reference internal" href="#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH"><code class="docutils literal"><span class="pre">PSA_MAC_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are attributes of the key, and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm used to compute the MAC.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*mac_length)</span></code> bytes of <code class="docutils literal"><span class="pre">mac</span></code> contain the MAC value.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be an active mac sign operation.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">mac</span></code> buffer is too small.
-<a class="reference internal" href="#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_LENGTH()</span></code></a> or <a class="reference internal" href="#c.PSA_MAC_MAX_SIZE" title="PSA_MAC_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_MAX_SIZE</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The application must call <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_setup()</span></code></a> before calling this function. This function calculates the MAC of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_update()</span></code></a>.</p>
-<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p>It is not recommended to use this function when a specific value is expected for the MAC. Call <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_finish()</span></code></a> instead with the expected MAC value.</p>
-<p class="last">Comparing integrity or authenticity data such as MAC values with a function such as <code class="docutils literal"><span class="pre">memcmp()</span></code> is risky because the time taken by the comparison might leak information about the hashed data which could allow an attacker to guess a valid MAC and thereby bypass security controls.</p>
-</div>
-</div>
-<div class="section" id="psa_mac_verify_finish">
-<span id="c.psa_mac_verify_finish"></span><h3><code class="docutils literal"><span class="pre">psa_mac_verify_finish</span></code> (function)</h3>
-<p>Finish the calculation of the MAC of a message and compare it with an expected value.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish">psa_mac_verify_finish</a>(<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
- const uint8_t * mac,
- size_t mac_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active MAC operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">mac</span></code></dt>
-<dd>Buffer containing the expected MAC value.</dd>
-<dt> <code class="docutils literal"><span class="pre">mac_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">mac</span></code> buffer in bytes.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The expected MAC is identical to the actual MAC of the message.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li>The operation state is not valid: it must be an active mac verify operation.</li>
-<li>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
-<dd>The calculated MAC of the message does not match the value in <code class="docutils literal"><span class="pre">mac</span></code>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The application must call <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a> before calling this function. This function calculates the MAC of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_update()</span></code></a>. It then compares the calculated MAC with the expected MAC passed as a parameter to this function.</p>
-<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">Implementations must make the best effort to ensure that the comparison between the actual MAC and the expected MAC is performed in constant time.</p>
-</div>
-</div>
-<div class="section" id="psa_mac_abort">
-<span id="c.psa_mac_abort"></span><h3><code class="docutils literal"><span class="pre">psa_mac_abort</span></code> (function)</h3>
-<p>Abort a MAC operation.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort">psa_mac_abort</a>(<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Initialized MAC operation.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The operation object can now be discarded or reused.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>Aborting an operation frees all associated resources except for the <code class="docutils literal"><span class="pre">operation</span></code> object itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_setup()</span></code></a> or <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a> again.</p>
-<p>This function can be called any time after the operation object has been initialized by one of the methods described in <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a>.</p>
-<p>In particular, calling <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a> after the operation has been terminated by a call to <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>, <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_finish()</span></code></a> or <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_finish()</span></code></a> is safe and has no effect.</p>
-</div>
-</div>
-<div class="section" id="support-macros">
-<h2>10.3.4. Support macros</h2>
-<div class="section" id="PSA_ALG_IS_HMAC">
-<span id="c.PSA_ALG_IS_HMAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_HMAC</span></code> (macro)</h3>
-<p>Whether the specified algorithm is an HMAC algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_HMAC" title="PSA_ALG_IS_HMAC">PSA_ALG_IS_HMAC</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an HMAC algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>HMAC is a family of MAC algorithms that are based on a hash function.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_BLOCK_CIPHER_MAC">
-<span id="c.PSA_ALG_IS_BLOCK_CIPHER_MAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a MAC algorithm based on a block cipher.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_BLOCK_CIPHER_MAC" title="PSA_ALG_IS_BLOCK_CIPHER_MAC">PSA_ALG_IS_BLOCK_CIPHER_MAC</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a MAC algorithm based on a block cipher, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-</div>
-<div class="section" id="PSA_MAC_LENGTH">
-<span id="c.PSA_MAC_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_MAC_LENGTH</span></code> (macro)</h3>
-<p>The size of the output of <a class="reference internal" href="#c.psa_mac_compute" title="psa_mac_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_compute()</span></code></a> and <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_finish()</span></code></a>, in bytes.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH">PSA_MAC_LENGTH</a>(key_type, key_bits, alg) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>The type of the MAC key.</dd>
-<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
-<dd>The size of the MAC key in bits.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A MAC algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The MAC length for the specified algorithm with the specified key parameters.</p>
-<p><code class="docutils literal"><span class="pre">0</span></code> if the MAC algorithm is not recognized.</p>
-<p>Either <code class="docutils literal"><span class="pre">0</span></code> or the correct length for a MAC algorithm that the implementation recognizes, but does not support.</p>
-<p>Unspecified if the key parameters are not consistent with the algorithm.</p>
-<p class="rubric">Description</p>
-<p>If the size of the MAC buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_mac_compute" title="psa_mac_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_compute()</span></code></a> and <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_finish()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>This is also the MAC length that <a class="reference internal" href="#c.psa_mac_verify" title="psa_mac_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify()</span></code></a> and <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_finish()</span></code></a> expect.</p>
-<p>See also <a class="reference internal" href="#c.PSA_MAC_MAX_SIZE" title="PSA_MAC_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_MAC_MAX_SIZE">
-<span id="c.PSA_MAC_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_MAC_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient buffer size for storing the MAC output by <a class="reference internal" href="#c.psa_mac_verify" title="psa_mac_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify()</span></code></a> and <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_finish()</span></code></a>, for any of the supported key types and MAC algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_MAC_MAX_SIZE" title="PSA_MAC_MAX_SIZE">PSA_MAC_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>If the size of the MAC buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_mac_verify" title="psa_mac_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify()</span></code></a> and <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_finish()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_LENGTH()</span></code></a>.</p>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
-<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests (Hashes)</a></li>
-<li class="toctree-l2 current"><a class="current reference internal" href="#">10.3. Message authentication codes (MAC)</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#mac-algorithms">10.3.1. MAC algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#single-part-mac-functions">10.3.2. Single-part MAC functions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#multi-part-mac-operations">10.3.3. Multi-part MAC operations</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#support-macros">10.3.4. Support macros</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
-<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
-<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
-<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
-<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
-</ul>
-</li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/ops/macs.html'" />
diff --git a/docs/1.1.0/html/api/ops/pke.html b/docs/1.1.0/html/api/ops/pke.html
index d56d46e..f17798c 100644
--- a/docs/1.1.0/html/api/ops/pke.html
+++ b/docs/1.1.0/html/api/ops/pke.html
@@ -1,442 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>10.8. Asymmetric encryption — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="10.9. Key agreement" href="ka.html" />
- <link rel="prev" title="10.7. Asymmetric signature" href="sign.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="asymmetric-encryption">
-<span id="pke"></span><h1>10.8. Asymmetric encryption</h1>
-<p>Asymmetric encryption is provided through the functions <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_encrypt()</span></code></a> and <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_decrypt()</span></code></a>.</p>
-<div class="section" id="asymmetric-encryption-algorithms">
-<span id="id1"></span><h2>10.8.1. Asymmetric encryption algorithms</h2>
-<div class="section" id="PSA_ALG_RSA_PKCS1V15_CRYPT">
-<span id="c.PSA_ALG_RSA_PKCS1V15_CRYPT"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code> (macro)</h3>
-<p>The RSA PKCS#1 v1.5 asymmetric encryption algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT">PSA_ALG_RSA_PKCS1V15_CRYPT</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x07000200)
-</pre>
-<p>This encryption scheme is defined by <span><em>PKCS #1: RSA Cryptography Specifications Version 2.2</em> <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-7.2">§7.2</a> under the name RSAES-PKCS-v1_5.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code></a> (asymmetric encryption only)</div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_RSA_OAEP">
-<span id="c.PSA_ALG_RSA_OAEP"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_OAEP</span></code> (macro)</h3>
-<p>The RSA OAEP asymmetric encryption algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_RSA_OAEP" title="PSA_ALG_RSA_OAEP">PSA_ALG_RSA_OAEP</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true. The hash algorithm is used for <em>MGF1</em>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding RSA OAEP encryption algorithm.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="rubric">Description</p>
-<p>This encryption scheme is defined by <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-7.1">§7.1</a> under the name RSAES-OAEP, with the following options:</p>
-<ul class="simple">
-<li>The mask generation function <em>MGF1</em> defined in <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#appendix-B.2.1">Appendix B.2.1</a>.</li>
-<li>The specified hash algorithm is used to hash the label, and for the mask generation function.</li>
-</ul>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code></a> (asymmetric encryption only)</div>
-</div>
-</div>
-</div>
-<div class="section" id="asymmetric-encryption-functions">
-<h2>10.8.2. Asymmetric encryption functions</h2>
-<div class="section" id="psa_asymmetric_encrypt">
-<span id="c.psa_asymmetric_encrypt"></span><h3><code class="docutils literal"><span class="pre">psa_asymmetric_encrypt</span></code> (function)</h3>
-<p>Encrypt a short message with a public key.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt">psa_asymmetric_encrypt</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- const uint8_t * input,
- size_t input_length,
- const uint8_t * salt,
- size_t salt_length,
- uint8_t * output,
- size_t output_size,
- size_t * output_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifer of the key to use for the operation. It must be a public key or an asymmetric key pair.
-It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The asymmetric encryption algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
-<dd>The message to encrypt.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">salt</span></code></dt>
-<dd>A salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass <code class="docutils literal"><span class="pre">NULL</span></code>. If the algorithm supports an optional salt, pass <code class="docutils literal"><span class="pre">NULL</span></code> to indicate that there is no salt.</dd>
-<dt> <code class="docutils literal"><span class="pre">salt_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">salt</span></code> buffer in bytes. If <code class="docutils literal"><span class="pre">salt</span></code> is <code class="docutils literal"><span class="pre">NULL</span></code>, pass <code class="docutils literal"><span class="pre">0</span></code>.</dd>
-<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
-<dd>Buffer where the encrypted message is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes.
-This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>The required output size is <a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are the type and bit-size respectively of <code class="docutils literal"><span class="pre">key</span></code>.</li>
-<li><a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported asymmetric encryption.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned output.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*output_length)</span></code> bytes of <code class="docutils literal"><span class="pre">output</span></code> contain the encrypted output.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">output</span></code> buffer is too small.
-<a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not an asymmetric encryption algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not a public key or an asymmetric key pair, that is compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> is not valid for the algorithm and key type.</li>
-<li><code class="docutils literal"><span class="pre">salt_length</span></code> is not valid for the algorithm and key type.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not an asymmetric encryption algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> or <code class="docutils literal"><span class="pre">salt_length</span></code> are too large for the implementation.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<ul class="simple">
-<li>For <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code></a>, no salt is supported.</li>
-</ul>
-</div>
-<div class="section" id="psa_asymmetric_decrypt">
-<span id="c.psa_asymmetric_decrypt"></span><h3><code class="docutils literal"><span class="pre">psa_asymmetric_decrypt</span></code> (function)</h3>
-<p>Decrypt a short message with a private key.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt">psa_asymmetric_decrypt</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- const uint8_t * input,
- size_t input_length,
- const uint8_t * salt,
- size_t salt_length,
- uint8_t * output,
- size_t output_size,
- size_t * output_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation. It must be an asymmetric key pair.
-It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The asymmetric encryption algorithm to compute: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
-<dd>The message to decrypt.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">salt</span></code></dt>
-<dd>A salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass <code class="docutils literal"><span class="pre">NULL</span></code>. If the algorithm supports an optional salt, pass <code class="docutils literal"><span class="pre">NULL</span></code> to indicate that there is no salt.</dd>
-<dt> <code class="docutils literal"><span class="pre">salt_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">salt</span></code> buffer in bytes. If <code class="docutils literal"><span class="pre">salt</span></code> is <code class="docutils literal"><span class="pre">NULL</span></code>, pass <code class="docutils literal"><span class="pre">0</span></code>.</dd>
-<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
-<dd>Buffer where the decrypted message is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes.
-This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>The required output size is <a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are the type and bit-size respectively of <code class="docutils literal"><span class="pre">key</span></code>.</li>
-<li><a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported asymmetric decryption.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned output.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*output_length)</span></code> bytes of <code class="docutils literal"><span class="pre">output</span></code> contain the decrypted output.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">output</span></code> buffer is too small.
-<a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_PADDING" title="PSA_ERROR_INVALID_PADDING"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code></a></dt>
-<dd>The algorithm uses padding, and the input does not contain valid padding.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not an asymmetric encryption algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not an asymmetric key pair, that is compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> is not valid for the algorithm and key type.</li>
-<li><code class="docutils literal"><span class="pre">salt_length</span></code> is not valid for the algorithm and key type.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not an asymmetric encryption algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> or <code class="docutils literal"><span class="pre">salt_length</span></code> are too large for the implementation.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<ul class="simple">
-<li>For <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code></a>, no salt is supported.</li>
-</ul>
-</div>
-</div>
-<div class="section" id="support-macros">
-<h2>10.8.3. Support macros</h2>
-<div class="section" id="PSA_ALG_IS_RSA_OAEP">
-<span id="c.PSA_ALG_IS_RSA_OAEP"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_OAEP</span></code> (macro)</h3>
-<p>Whether the specified algorithm is an RSA OAEP encryption algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_RSA_OAEP" title="PSA_ALG_IS_RSA_OAEP">PSA_ALG_IS_RSA_OAEP</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an RSA OAEP algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
-<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-</div>
-<div class="section" id="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE">
-<span id="c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</h3>
-<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_encrypt()</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</a>(key_type, key_bits, alg) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>An asymmetric key type, either a key pair or a public key.</dd>
-<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
-<dd>The size of the key in bits.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An asymmetric encryption algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>A sufficient output buffer size for the specified asymmetric encryption algorithm and key parameters. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for an asymmetric encryption algorithm and key parameters that it recognizes, but does not support. If the parameters are not valid, the return value is unspecified.</p>
-<p class="rubric">Description</p>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_encrypt()</span></code></a> will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.</p>
-<p>See also <a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE">
-<span id="c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_encrypt()</span></code></a>, for any of the supported key types and asymmetric encryption algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</a> \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_encrypt()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE">
-<span id="c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</span></code> (macro)</h3>
-<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_decrypt()</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</a>(key_type, key_bits, alg) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>An asymmetric key type, either a key pair or a public key.</dd>
-<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
-<dd>The size of the key in bits.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An asymmetric encryption algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>A sufficient output buffer size for the specified asymmetric encryption algorithm and key parameters. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for an asymmetric encryption algorithm and key parameters that it recognizes, but does not support. If the parameters are not valid, the return value is unspecified.</p>
-<p class="rubric">Description</p>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_decrypt()</span></code></a> will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.</p>
-<p>See also <a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE">
-<span id="c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_decrypt()</span></code></a>, for any of the supported key types and asymmetric encryption algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</a> \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_decrypt()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
-<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests (Hashes)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
-<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
-<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
-<li class="toctree-l2 current"><a class="current reference internal" href="#">10.8. Asymmetric encryption</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#asymmetric-encryption-algorithms">10.8.1. Asymmetric encryption algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#asymmetric-encryption-functions">10.8.2. Asymmetric encryption functions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#support-macros">10.8.3. Support macros</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
-<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
-</ul>
-</li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/ops/pke.html'" />
diff --git a/docs/1.1.0/html/api/ops/rng.html b/docs/1.1.0/html/api/ops/rng.html
index 3be3040..4787d4e 100644
--- a/docs/1.1.0/html/api/ops/rng.html
+++ b/docs/1.1.0/html/api/ops/rng.html
@@ -1,169 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>10.10. Other cryptographic services — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Example header file" href="../../appendix/example_header.html" />
- <link rel="prev" title="10.9. Key agreement" href="ka.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="other-cryptographic-services">
-<h1>10.10. Other cryptographic services</h1>
-<div class="section" id="random-number-generation">
-<span id="rng"></span><h2>10.10.1. Random number generation</h2>
-<div class="section" id="psa_generate_random">
-<span id="c.psa_generate_random"></span><h3><code class="docutils literal"><span class="pre">psa_generate_random</span></code> (function)</h3>
-<p>Generate random bytes.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_generate_random" title="psa_generate_random">psa_generate_random</a>(uint8_t * output,
- size_t output_size);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
-<dd>Output buffer for the generated data.</dd>
-<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
-<dd>Number of bytes to generate and output.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-<code class="docutils literal"><span class="pre">output</span></code> contains <code class="docutils literal"><span class="pre">output_size</span></code> bytes of generated random data.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">This function <strong>can</strong> fail! Callers MUST check the return status and MUST NOT use the content of the output buffer if the return status is not <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</p>
-</div>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">To generate a key, use <a class="reference internal" href="../keys/management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a> instead.</p>
-</div>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
-<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests (Hashes)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
-<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
-<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
-<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
-<li class="toctree-l2 current"><a class="current reference internal" href="#">10.10. Other cryptographic services</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#random-number-generation">10.10.1. Random number generation</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/ops/rng.html'" />
diff --git a/docs/1.1.0/html/api/ops/sign.html b/docs/1.1.0/html/api/ops/sign.html
index 595dd9f..3e417d8 100644
--- a/docs/1.1.0/html/api/ops/sign.html
+++ b/docs/1.1.0/html/api/ops/sign.html
@@ -1,1008 +1 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>10.7. Asymmetric signature — PSA Crypto API 1.1.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.1.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: false,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="author" title="About these documents" href="../../about.html" />
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="10.8. Asymmetric encryption" href="pke.html" />
- <link rel="prev" title="10.6. Key derivation" href="kdf.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="asymmetric-signature">
-<span id="sign"></span><h1>10.7. Asymmetric signature</h1>
-<p>There are two pairs of single-part functions for asymmetric signature:</p>
-<ul>
-<li><p class="first">The signature and verification functions <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> and <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a> take a message as one of their inputs and perform a hash-and-sign algorithm.</p>
-</li>
-<li><p class="first">The functions <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> and <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a> take a message hash as one of their inputs. This is useful for signing pre-computed hashes, or for implementing hash-and-sign using a <a class="reference internal" href="hashes.html#hash-mp"><span class="std std-ref">multi-part hash operation</span></a> before signing the resulting hash. To determine which hash algorithm to use, call the macro <a class="reference internal" href="algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_GET_HASH()</span></code></a> on the corresponding signature algorithm.</p>
-<p>Some hash-and-sign algorithms add padding to the message hash before completing the signing operation. The format of the padding that is used depends on the algorithm used to construct the signature.</p>
-</li>
-</ul>
-<div class="section" id="asymmetric-signature-algorithms">
-<span id="sign-algorithms"></span><h2>10.7.1. Asymmetric signature algorithms</h2>
-<div class="section" id="PSA_ALG_RSA_PKCS1V15_SIGN">
-<span id="c.PSA_ALG_RSA_PKCS1V15_SIGN"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code> (macro)</h3>
-<p>The RSA PKCS#1 v1.5 message signature scheme, with hashing.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN">PSA_ALG_RSA_PKCS1V15_SIGN</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true. This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a key policy.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding RSA PKCS#1 v1.5 signature algorithm.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="rubric">Description</p>
-<p>This algorithm can be used with both the message and hash signature functions.</p>
-<p>This signature scheme is defined by <span><em>PKCS #1: RSA Cryptography Specifications Version 2.2</em> <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-8.2">§8.2</a> under the name RSASSA-PKCS1-v1_5.</p>
-<p>When used with <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> or <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>, the provided <code class="docutils literal"><span class="pre">hash</span></code> parameter is used as <em>H</em> from step 2 onwards in the message encoding algorithm <code class="docutils literal"><span class="pre">EMSA-PKCS1-V1_5-ENCODE()</span></code> in <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-9.2">§9.2</a>. <em>H</em> is usually the message digest, using the <code class="docutils literal"><span class="pre">hash_alg</span></code> hash algorithm.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code></a> (signature verification only)</div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_RSA_PKCS1V15_SIGN_RAW">
-<span id="c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code> (macro)</h3>
-<p>The raw RSA PKCS#1 v1.5 signature algorithm, without hashing.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000200)
-</pre>
-<p>This algorithm can be only used with the <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> and <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a> functions.</p>
-<p>This signature scheme is defined by <span><em>PKCS #1: RSA Cryptography Specifications Version 2.2</em> <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-8.2">§8.2</a> under the name RSASSA-PKCS1-v1_5.</p>
-<p>The <code class="docutils literal"><span class="pre">hash</span></code> parameter to <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> or <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a> is used as <em>T</em> from step 3 onwards in the message encoding algorithm <code class="docutils literal"><span class="pre">EMSA-PKCS1-V1_5-ENCODE()</span></code> in <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-9.2">§9.2</a>. <em>T</em> is the DER encoding of the <em>DigestInfo</em> structure normally produced by step 2 in the message encoding algorithm.</p>
-<p>The wildcard key policy <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a><code class="docutils literal"><span class="pre">)</span></code> also permits a key to be used with the <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a> signature algorithm.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code></a> (signature verification only)</div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_RSA_PSS">
-<span id="c.PSA_ALG_RSA_PSS"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code> (macro)</h3>
-<p>The RSA PSS message signature scheme, with hashing.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS">PSA_ALG_RSA_PSS</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true. This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a key policy.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding RSA PSS signature algorithm.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="rubric">Description</p>
-<p>This algorithm can be used with both the message and hash signature functions.</p>
-<p>This algorithm is randomized: each invocation returns a different, equally valid signature.</p>
-<p>This is the signature scheme defined by <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-8.1">§8.1</a> under the name RSASSA-PSS, with the following options:</p>
-<ul class="simple">
-<li>The mask generation function is <em>MGF1</em> defined by <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#appendix-B">Appendix B</a>.</li>
-<li>When creating a signature, the salt length is equal to the length of the hash, or the largest possible salt length for the algorithm and key size if that is smaller than the hash length.</li>
-<li>When verifying a signature, the salt length must be equal to the length of the hash, or the largest possible salt length for the algorithm and key size if that is smaller than the hash length.</li>
-<li>The specified hash algorithm is used to hash the input message, to create the salted hash, and for the mask generation.</li>
-</ul>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">The <a class="reference internal" href="#c.PSA_ALG_RSA_PSS_ANY_SALT" title="PSA_ALG_RSA_PSS_ANY_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS_ANY_SALT()</span></code></a> algorithm is equivalent to <a class="reference internal" href="#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS()</span></code></a> when creating a signature, but permits any salt length when verifying a signature.</p>
-</div>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code></a> (signature verification only)</div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_RSA_PSS_ANY_SALT">
-<span id="c.PSA_ALG_RSA_PSS_ANY_SALT"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PSS_ANY_SALT</span></code> (macro)</h3>
-<p>The RSA PSS message signature scheme, with hashing.
-This variant permits any salt length for signature verification.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_RSA_PSS_ANY_SALT" title="PSA_ALG_RSA_PSS_ANY_SALT">PSA_ALG_RSA_PSS_ANY_SALT</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true. This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a key policy.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding RSA PSS signature algorithm.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="rubric">Description</p>
-<p>This algorithm can be used with both the message and hash signature functions.</p>
-<p>This algorithm is randomized: each invocation returns a different, equally valid signature.</p>
-<p>This is the signature scheme defined by <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-8.1">§8.1</a> under the name RSASSA-PSS, with the following options:</p>
-<ul class="simple">
-<li>The mask generation function is <em>MGF1</em> defined by <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#appendix-B">Appendix B</a>.</li>
-<li>When creating a signature, the salt length is equal to the length of the hash, or the largest possible salt length for the algorithm and key size if that is smaller than the hash length.</li>
-<li>When verifying a signature, any salt length permitted by the RSASSA-PSS signature algorithm is accepted.</li>
-<li>The specified hash algorithm is used to hash the input message, to create the salted hash, and for the mask generation.</li>
-</ul>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">The <a class="reference internal" href="#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS()</span></code></a> algorithm is equivalent to <a class="reference internal" href="#c.PSA_ALG_RSA_PSS_ANY_SALT" title="PSA_ALG_RSA_PSS_ANY_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS_ANY_SALT()</span></code></a> when creating a signature, but is strict about the permitted salt length when verifying a signature.</p>
-</div>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code></a> (signature verification only)</div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_ECDSA">
-<span id="c.PSA_ALG_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code> (macro)</h3>
-<p>The randomized ECDSA signature scheme, with hashing.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA">PSA_ALG_ECDSA</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true. This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a key policy.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding randomized ECDSA signature algorithm.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="rubric">Description</p>
-<p>This algorithm can be used with both the message and hash signature functions.</p>
-<p>This algorithm is randomized: each invocation returns a different, equally valid signature.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p>When based on the same hash algorithm, the verification operations for <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a> are identical. A signature created using <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a> can be verified with the same key using either <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a> or <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a>. Similarly, a signature created using <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a> can be verified with the same key using either <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a> or <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a>.</p>
-<p class="last">In particular, it is impossible to determine whether a signature was produced with deterministic ECDSA or with randomized ECDSA: it is only possible to verify that a signature was made with ECDSA with the private key corresponding to the public key used for the verification.</p>
-</div>
-<p>This signature scheme is defined by <span><em>SEC 1: Elliptic Curve Cryptography</em> <a class="reference internal" href="../../about.html#citation-sec1"><span class="cite">[SEC1]</span></a></span>, and also by <span><em>Public Key Cryptography For The Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)</em> <a class="reference internal" href="../../about.html#citation-x9-62"><span class="cite">[X9-62]</span></a></span>, with a random per-message secret number <em>k</em>.</p>
-<p>The representation of the signature as a byte string consists of the concatenation of the signature values <em>r</em> and <em>s</em>. Each of <em>r</em> and <em>s</em> is encoded as an <em>N</em>-octet string, where <em>N</em> is the length of the base point of the curve in octets. Each value is represented in big-endian order, with the most significant octet first.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">family</span></code><code class="docutils literal"><span class="pre">)</span></code></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">family</span></code><code class="docutils literal"><span class="pre">)</span></code> (signature verification only)</div>
-</div>
-<p>where <code class="docutils literal"><span class="pre">family</span></code> is a Weierstrass Elliptic curve family. That is, one of the following values:</p>
-<ul class="simple">
-<li><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code></li>
-<li><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code></li>
-<li><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a></li>
-<li><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a></li>
-</ul>
-</div>
-<div class="section" id="PSA_ALG_ECDSA_ANY">
-<span id="c.PSA_ALG_ECDSA_ANY"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code> (macro)</h3>
-<p>The randomized ECDSA signature scheme, without hashing.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY">PSA_ALG_ECDSA_ANY</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000600)
-</pre>
-<p>This algorithm can be only used with the <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> and <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a> functions.</p>
-<p>This algorithm is randomized: each invocation returns a different, equally valid signature.</p>
-<p>This is the same signature scheme as <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA()</span></code></a>, but without specifying a hash algorithm, and skipping the message hashing operation.</p>
-<p>This algorithm is only recommended to sign or verify a sequence of bytes that are an already-calculated hash. Note that the input is padded with zeros on the left or truncated on the right as required to fit the curve size.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">family</span></code><code class="docutils literal"><span class="pre">)</span></code></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">family</span></code><code class="docutils literal"><span class="pre">)</span></code> (signature verification only)</div>
-</div>
-<p>where <code class="docutils literal"><span class="pre">family</span></code> is a Weierstrass Elliptic curve family. That is, one of the following values:</p>
-<ul class="simple">
-<li><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code></li>
-<li><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code></li>
-<li><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a></li>
-<li><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a></li>
-</ul>
-</div>
-<div class="section" id="PSA_ALG_DETERMINISTIC_ECDSA">
-<span id="c.PSA_ALG_DETERMINISTIC_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code> (macro)</h3>
-<p>Deterministic ECDSA signature scheme, with hashing.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA">PSA_ALG_DETERMINISTIC_ECDSA</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true. This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a key policy.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The corresponding deterministic ECDSA signature algorithm.</p>
-<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="rubric">Description</p>
-<p>This algorithm can be used with both the message and hash signature functions.</p>
-<p>This is the deterministic ECDSA signature scheme defined by <span><em>Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)</em> <a class="reference internal" href="../../about.html#citation-rfc6979"><span class="cite">[RFC6979]</span></a></span>.</p>
-<p>The representation of a signature is the same as with <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA()</span></code></a>.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p>When based on the same hash algorithm, the verification operations for <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a> are identical. A signature created using <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a> can be verified with the same key using either <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a> or <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a>. Similarly, a signature created using <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a> can be verified with the same key using either <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a> or <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a>.</p>
-<p class="last">In particular, it is impossible to determine whether a signature was produced with deterministic ECDSA or with randomized ECDSA: it is only possible to verify that a signature was made with ECDSA with the private key corresponding to the public key used for the verification.</p>
-</div>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">family</span></code><code class="docutils literal"><span class="pre">)</span></code></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">family</span></code><code class="docutils literal"><span class="pre">)</span></code> (signature verification only)</div>
-</div>
-<p>where <code class="docutils literal"><span class="pre">family</span></code> is a Weierstrass Elliptic curve family. That is, one of the following values:</p>
-<ul class="simple">
-<li><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code></li>
-<li><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code></li>
-<li><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a></li>
-<li><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a></li>
-</ul>
-</div>
-<div class="section" id="PSA_ALG_PURE_EDDSA">
-<span id="c.PSA_ALG_PURE_EDDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_PURE_EDDSA</span></code> (macro)</h3>
-<p>Edwards-curve digital signature algorithm without prehashing (PureEdDSA), using standard parameters.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_PURE_EDDSA" title="PSA_ALG_PURE_EDDSA">PSA_ALG_PURE_EDDSA</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000800)
-</pre>
-<p>This algorithm can be only used with the <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> and <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a> functions.</p>
-<p>This is the PureEdDSA digital signature algorithm defined by <span><em>Edwards-Curve Digital Signature Algorithm (EdDSA)</em> <a class="reference internal" href="../../about.html#citation-rfc8032"><span class="cite">[RFC8032]</span></a></span>, using standard parameters.</p>
-<p>PureEdDSA requires an elliptic curve key on a twisted Edwards curve. The following curves are supported:</p>
-<ul class="simple">
-<li>Edwards25519: the Ed25519 algorithm is computed. The output signature is a 64-byte string: the concatenation of <em>R</em> and <em>S</em> as defined by <a class="reference internal" href="../../about.html#citation-rfc8032"><span class="cite">[RFC8032]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8032.html#section-5.1.6">§5.1.6</a>.</li>
-<li>Edwards448: the Ed448 algorithm is computed with an empty string as the context. The output signature is a 114-byte string: the concatenation of <em>R</em> and <em>S</em> as defined by <a class="reference internal" href="../../about.html#citation-rfc8032"><span class="cite">[RFC8032]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8032.html#section-5.2.6">§5.2.6</a>.</li>
-</ul>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">Contexts are not supported in the current version of this specification because there is no suitable signature interface that can take the context as a parameter. A future version of this specification may add suitable functions and extend this algorithm to support contexts.</p>
-</div>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p>To sign or verify the pre-computed hash of a message using EdDSA, the HashEdDSA algorithms (<a class="reference internal" href="#c.PSA_ALG_ED25519PH" title="PSA_ALG_ED25519PH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ED25519PH</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_ED448PH" title="PSA_ALG_ED448PH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ED448PH</span></code></a>) can be used with <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> and <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>.</p>
-<p class="last">The signature produced by HashEdDSA is distinct from that produced by PureEdDSA.</p>
-</div>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_TWISTED_EDWARDS" title="PSA_ECC_FAMILY_TWISTED_EDWARDS"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_TWISTED_EDWARDS</span></code></a><code class="docutils literal"><span class="pre">)</span></code></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_TWISTED_EDWARDS" title="PSA_ECC_FAMILY_TWISTED_EDWARDS"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_TWISTED_EDWARDS</span></code></a><code class="docutils literal"><span class="pre">)</span></code> (signature verification only)</div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_ED25519PH">
-<span id="c.PSA_ALG_ED25519PH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ED25519PH</span></code> (macro)</h3>
-<p>Edwards-curve digital signature algorithm with prehashing (HashEdDSA), using the Edwards25519 curve.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_ED25519PH" title="PSA_ALG_ED25519PH">PSA_ALG_ED25519PH</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x0600090B)
-</pre>
-<p>This algorithm can be used with both the message and hash signature functions.</p>
-<p>This computes the Ed25519ph algorithm as specified in <span><em>Edwards-Curve Digital Signature Algorithm (EdDSA)</em> <a class="reference internal" href="../../about.html#citation-rfc8032"><span class="cite">[RFC8032]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc8032.html#section-5.1">§5.1</a>, and requires an Edwards25519 curve key. An empty string is used as the context. The prehash function is SHA-512.</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p class="last">When used with <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> or <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>, the <code class="docutils literal"><span class="pre">hash</span></code> parameter to the call should be used as <code class="docutils literal"><span class="pre">PH(M)</span></code> in the algorithms defined in <a class="reference internal" href="../../about.html#citation-rfc8032"><span class="cite">[RFC8032]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8032.html#section-5.1">§5.1</a>.</p>
-</div>
-<p class="rubric">Usage</p>
-<p>This is a hash-and-sign algorithm. To calculate a signature, use one of the following approaches:</p>
-<ul class="simple">
-<li>Call <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> with the message.</li>
-<li>Calculate the SHA-512 hash of the message with <a class="reference internal" href="hashes.html#c.psa_hash_compute" title="psa_hash_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compute()</span></code></a>, or with a multi-part hash operation, using the hash algorithm <a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_512</span></code></a>. Then sign the calculated hash with <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a>.</li>
-</ul>
-<p>Verifying a signature is similar, using <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a> or <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a> instead of the signature function.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_TWISTED_EDWARDS" title="PSA_ECC_FAMILY_TWISTED_EDWARDS"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_TWISTED_EDWARDS</span></code></a><code class="docutils literal"><span class="pre">)</span></code></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_TWISTED_EDWARDS" title="PSA_ECC_FAMILY_TWISTED_EDWARDS"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_TWISTED_EDWARDS</span></code></a><code class="docutils literal"><span class="pre">)</span></code> (signature verification only)</div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_ED448PH">
-<span id="c.PSA_ALG_ED448PH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ED448PH</span></code> (macro)</h3>
-<p>Edwards-curve digital signature algorithm with prehashing (HashEdDSA), using the Edwards448 curve.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_ED448PH" title="PSA_ALG_ED448PH">PSA_ALG_ED448PH</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000915)
-</pre>
-<p>This algorithm can be used with both the message and hash signature functions.</p>
-<p>This computes the Ed448ph algorithm as specified in <span><em>Edwards-Curve Digital Signature Algorithm (EdDSA)</em> <a class="reference internal" href="../../about.html#citation-rfc8032"><span class="cite">[RFC8032]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc8032.html#section-5.2">§5.2</a>, and requires an Edwards448 curve key. An empty string is used as the context. The prehash function is the first 64 bytes of the output from SHAKE256.</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p class="last">When used with <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> or <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>, the <code class="docutils literal"><span class="pre">hash</span></code> parameter to the call should be used as <code class="docutils literal"><span class="pre">PH(M)</span></code> in the algorithms defined in <a class="reference internal" href="../../about.html#citation-rfc8032"><span class="cite">[RFC8032]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8032.html#section-5.2">§5.2</a>.</p>
-</div>
-<p class="rubric">Usage</p>
-<p>This is a hash-and-sign algorithm. To calculate a signature, use one of the following approaches:</p>
-<ul class="simple">
-<li>Call <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> with the message.</li>
-<li>Calculate the first 64 bytes of the SHAKE256 output of the message with <a class="reference internal" href="hashes.html#c.psa_hash_compute" title="psa_hash_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compute()</span></code></a>, or with a multi-part hash operation, using the hash algorithm <a class="reference internal" href="hashes.html#c.PSA_ALG_SHAKE256_512" title="PSA_ALG_SHAKE256_512"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHAKE256_512</span></code></a>. Then sign the calculated hash with <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a>.</li>
-</ul>
-<p>Verifying a signature is similar, using <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a> or <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a> instead of the signature function.</p>
-<p class="rubric">Compatible key types</p>
-<div class="line-block">
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_TWISTED_EDWARDS" title="PSA_ECC_FAMILY_TWISTED_EDWARDS"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_TWISTED_EDWARDS</span></code></a><code class="docutils literal"><span class="pre">)</span></code></div>
-<div class="line"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_TWISTED_EDWARDS" title="PSA_ECC_FAMILY_TWISTED_EDWARDS"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_TWISTED_EDWARDS</span></code></a><code class="docutils literal"><span class="pre">)</span></code> (signature verification only)</div>
-</div>
-</div>
-</div>
-<div class="section" id="asymmetric-signature-functions">
-<h2>10.7.2. Asymmetric signature functions</h2>
-<div class="section" id="psa_sign_message">
-<span id="c.psa_sign_message"></span><h3><code class="docutils literal"><span class="pre">psa_sign_message</span></code> (function)</h3>
-<p>Sign a message with a private key. For hash-and-sign algorithms, this includes the hashing step.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- const uint8_t * input,
- size_t input_length,
- uint8_t * signature,
- size_t signature_size,
- size_t * signature_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation. It must be an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An asymmetric signature algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
-<dd>The input message to sign.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">signature</span></code></dt>
-<dd>Buffer where the signature is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">signature_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer in bytes.
-This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>The required signature size is <a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are the type and bit-size respectively of <code class="docutils literal"><span class="pre">key</span></code>.</li>
-<li><a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a> evaluates to the maximum signature size of any supported signature algorithm.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">signature_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned signature value.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*signature_length)</span></code> bytes of <code class="docutils literal"><span class="pre">signature</span></code> contain the signature value.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer is too small.
-<a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not an asymmetric signature algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not an asymmetric key pair, that is compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> is too large for the algorithm and key type.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not an asymmetric signature algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> is too large for the implementation.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">To perform a multi-part hash-and-sign signature algorithm, first use a <a class="reference internal" href="hashes.html#hash-mp"><span class="std std-ref">multi-part hash operation</span></a> and then pass the resulting hash to <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a>. <a class="reference internal" href="algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> can be used to determine the hash algorithm to use.</p>
-</div>
-</div>
-<div class="section" id="psa_verify_message">
-<span id="c.psa_verify_message"></span><h3><code class="docutils literal"><span class="pre">psa_verify_message</span></code> (function)</h3>
-<p>Verify the signature of a message with a public key. For hash-and-sign algorithms, this includes the hashing step.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message">psa_verify_message</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- const uint8_t * input,
- size_t input_length,
- const uint8_t * signature,
- size_t signature_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation. It must be a public key or an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An asymmetric signature algorithm: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
-<dd>The message whose signature is to be verified.</dd>
-<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">signature</span></code></dt>
-<dd>Buffer containing the signature to verify.</dd>
-<dt> <code class="docutils literal"><span class="pre">signature_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer in bytes.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The signature is valid.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">signature</span></code> is not the result of signing the <code class="docutils literal"><span class="pre">input</span></code> message with algorithm <code class="docutils literal"><span class="pre">alg</span></code> using the private key corresponding to <code class="docutils literal"><span class="pre">key</span></code>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not an asymmetric signature algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not a public key or an asymmetric key pair, that is compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> is too large for the algorithm and key type.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not an asymmetric signature algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">input_length</span></code> is too large for the implementation.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">To perform a multi-part hash-and-sign signature verification algorithm, first use a <a class="reference internal" href="hashes.html#hash-mp"><span class="std std-ref">multi-part hash operation</span></a> to hash the message and then pass the resulting hash to <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>. <a class="reference internal" href="algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> can be used to determine the hash algorithm to use.</p>
-</div>
-</div>
-<div class="section" id="psa_sign_hash">
-<span id="c.psa_sign_hash"></span><h3><code class="docutils literal"><span class="pre">psa_sign_hash</span></code> (function)</h3>
-<p>Sign an already-calculated hash with a private key.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash">psa_sign_hash</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- const uint8_t * hash,
- size_t hash_length,
- uint8_t * signature,
- size_t signature_size,
- size_t * signature_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation. It must be an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An asymmetric signature algorithm that separates the hash and sign operations: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash</span></code></dt>
-<dd>The input to sign. This is usually the hash of a message. See the detailed description of this function and the description of individual signature algorithms for a detailed description of acceptable inputs.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">signature</span></code></dt>
-<dd>Buffer where the signature is to be written.</dd>
-<dt> <code class="docutils literal"><span class="pre">signature_size</span></code></dt>
-<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer in bytes.
-This must be appropriate for the selected algorithm and key:</p>
-<ul class="last simple">
-<li>The required signature size is <a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are the type and bit-size respectively of <code class="docutils literal"><span class="pre">key</span></code>.</li>
-<li><a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a> evaluates to the maximum signature size of any supported signature algorithm.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal"><span class="pre">signature_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned signature value.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The first <code class="docutils literal"><span class="pre">(*signature_length)</span></code> bytes of <code class="docutils literal"><span class="pre">signature</span></code> contain the signature value.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
-<dd>The size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer is too small.
-<a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a> can be used to determine a sufficient buffer size.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not an asymmetric signature algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not an asymmetric key pair, that is compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">hash_length</span></code> is not valid for the algorithm and key type.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not an asymmetric signature algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>With most signature mechanisms that follow the hash-and-sign paradigm, the hash input to this function is the hash of the message to sign. The hash algorithm is encoded in the signature algorithm.</p>
-<p>Some hash-and-sign mechanisms apply a padding or encoding to the hash. In such cases, the encoded hash must be passed to this function. The current version of this specification defines one such signature algorithm: <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a>.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p>To perform a hash-and-sign signature algorithm, the hash must be calculated before passing it to this function. This can be done by calling <a class="reference internal" href="hashes.html#c.psa_hash_compute" title="psa_hash_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compute()</span></code></a> or with a multi-part hash operation. The correct hash algorithm to use can be determined using <a class="reference internal" href="algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_GET_HASH()</span></code></a>.</p>
-<p class="last">Alternatively, to hash and sign a message in a single call, use <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a>.</p>
-</div>
-</div>
-<div class="section" id="psa_verify_hash">
-<span id="c.psa_verify_hash"></span><h3><code class="docutils literal"><span class="pre">psa_verify_hash</span></code> (function)</h3>
-<p>Verify the signature of a hash or short message using a public key.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash">psa_verify_hash</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- const uint8_t * hash,
- size_t hash_length,
- const uint8_t * signature,
- size_t signature_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation. It must be a public key or an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a>.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An asymmetric signature algorithm that separates the hash and sign operations: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash</span></code></dt>
-<dd>The input whose signature is to be verified. This is usually the hash of a message. See the detailed description of this function and the description of individual signature algorithms for a detailed description of acceptable inputs.</dd>
-<dt> <code class="docutils literal"><span class="pre">hash_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">signature</span></code></dt>
-<dd>Buffer containing the signature to verify.</dd>
-<dt> <code class="docutils literal"><span class="pre">signature_length</span></code></dt>
-<dd>Size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer in bytes.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.
-The signature is valid.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library requires initializing by a call to <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid key identifier.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a> flag, or it does not permit the requested algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">signature</span></code> is not the result of signing <code class="docutils literal"><span class="pre">hash</span></code> with algorithm <code class="docutils literal"><span class="pre">alg</span></code> using the private key corresponding to <code class="docutils literal"><span class="pre">key</span></code>.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not an asymmetric signature algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not a public key or an asymmetric key pair, that is compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">hash_length</span></code> is not valid for the algorithm and key type.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd><p class="first">The following conditions can result in this error:</p>
-<ul class="last simple">
-<li><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not an asymmetric signature algorithm.</li>
-<li><code class="docutils literal"><span class="pre">key</span></code> is not supported for use with <code class="docutils literal"><span class="pre">alg</span></code>.</li>
-</ul>
-</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
-<dd></dd>
-</dl>
-<p class="rubric">Description</p>
-<p>With most signature mechanisms that follow the hash-and-sign paradigm, the hash input to this function is the hash of the message to sign. The hash algorithm is encoded in the signature algorithm.</p>
-<p>Some hash-and-sign mechanisms apply a padding or encoding to the hash. In such cases, the encoded hash must be passed to this function. The current version of this specification defines one such signature algorithm: <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a>.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p>To perform a hash-and-sign verification algorithm, the hash must be calculated before passing it to this function. This can be done by calling <a class="reference internal" href="hashes.html#c.psa_hash_compute" title="psa_hash_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compute()</span></code></a> or with a multi-part hash operation. The correct hash algorithm to use can be determined using <a class="reference internal" href="algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_GET_HASH()</span></code></a>.</p>
-<p class="last">Alternatively, to hash and verify a message in a single call, use <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a>.</p>
-</div>
-</div>
-</div>
-<div class="section" id="support-macros">
-<h2>10.7.3. Support macros</h2>
-<div class="section" id="PSA_ALG_IS_SIGN_MESSAGE">
-<span id="c.PSA_ALG_IS_SIGN_MESSAGE"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a signature algorithm that can be used with <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> and <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE">PSA_ALG_IS_SIGN_MESSAGE</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a signature algorithm that can be used to sign a message. <code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a signature algorithm that can only be used to sign an already-calculated hash. <code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a signature algorithm. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_SIGN_HASH">
-<span id="c.PSA_ALG_IS_SIGN_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a signature algorithm that can be used with <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> and <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH">PSA_ALG_IS_SIGN_HASH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a signature algorithm that can be used to sign a hash. <code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a signature algorithm that can only be used to sign a message. <code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a signature algorithm. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>This includes all algorithms such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN()</span></code></a> is true, as well as signature algorithms for which the input to <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> or <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a> is not directly a hash, such as <a class="reference internal" href="#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_RSA_PKCS1V15_SIGN">
-<span id="c.PSA_ALG_IS_RSA_PKCS1V15_SIGN"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code> (macro)</h3>
-<p>Whether the specified algorithm is an RSA PKCS#1 v1.5 signature algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN">PSA_ALG_IS_RSA_PKCS1V15_SIGN</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an RSA PKCS#1 v1.5 signature algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
-<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_RSA_PSS">
-<span id="c.PSA_ALG_IS_RSA_PSS"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code> (macro)</h3>
-<p>Whether the specified algorithm is an RSA PSS signature algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_RSA_PSS" title="PSA_ALG_IS_RSA_PSS">PSA_ALG_IS_RSA_PSS</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an RSA PSS signature algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
-<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>This macro returns <code class="docutils literal"><span class="pre">1</span></code> for algorithms constructed using either <a class="reference internal" href="#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS()</span></code></a> or <a class="reference internal" href="#c.PSA_ALG_RSA_PSS_ANY_SALT" title="PSA_ALG_RSA_PSS_ANY_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS_ANY_SALT()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_RSA_PSS_ANY_SALT">
-<span id="c.PSA_ALG_IS_RSA_PSS_ANY_SALT"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS_ANY_SALT</span></code> (macro)</h3>
-<p>Whether the specified algorithm is an RSA PSS signature algorithm that permits any salt length.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_RSA_PSS_ANY_SALT" title="PSA_ALG_IS_RSA_PSS_ANY_SALT">PSA_ALG_IS_RSA_PSS_ANY_SALT</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an RSA PSS signature algorithm that permits any salt length, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
-<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>An RSA PSS signature algorithm that permits any salt length is constructed using <a class="reference internal" href="#c.PSA_ALG_RSA_PSS_ANY_SALT" title="PSA_ALG_RSA_PSS_ANY_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS_ANY_SALT()</span></code></a>.</p>
-<p>See also <a class="reference internal" href="#c.PSA_ALG_IS_RSA_PSS" title="PSA_ALG_IS_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS()</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_IS_RSA_PSS_STANDARD_SALT" title="PSA_ALG_IS_RSA_PSS_STANDARD_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS_STANDARD_SALT()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_RSA_PSS_STANDARD_SALT">
-<span id="c.PSA_ALG_IS_RSA_PSS_STANDARD_SALT"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS_STANDARD_SALT</span></code> (macro)</h3>
-<p>Whether the specified algorithm is an RSA PSS signature algorithm that requires the standard salt length.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_RSA_PSS_STANDARD_SALT" title="PSA_ALG_IS_RSA_PSS_STANDARD_SALT">PSA_ALG_IS_RSA_PSS_STANDARD_SALT</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an RSA PSS signature algorithm that requires the standard salt length, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
-<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>An RSA PSS signature algorithm that requires the standard salt length is constructed using <a class="reference internal" href="#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS()</span></code></a>.</p>
-<p>See also <a class="reference internal" href="#c.PSA_ALG_IS_RSA_PSS" title="PSA_ALG_IS_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS()</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_IS_RSA_PSS_ANY_SALT" title="PSA_ALG_IS_RSA_PSS_ANY_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS_ANY_SALT()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_ECDSA">
-<span id="c.PSA_ALG_IS_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDSA</span></code> (macro)</h3>
-<p>Whether the specified algorithm is ECDSA.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA">PSA_ALG_IS_ECDSA</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an ECDSA algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
-<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_DETERMINISTIC_ECDSA">
-<span id="c.PSA_ALG_IS_DETERMINISTIC_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA</span></code> (macro)</h3>
-<p>Whether the specified algorithm is deterministic ECDSA.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_DETERMINISTIC_ECDSA" title="PSA_ALG_IS_DETERMINISTIC_ECDSA">PSA_ALG_IS_DETERMINISTIC_ECDSA</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a deterministic ECDSA algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
-<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See also <a class="reference internal" href="#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_ECDSA()</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_IS_RANDOMIZED_ECDSA" title="PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_RANDOMIZED_ECDSA">
-<span id="c.PSA_ALG_IS_RANDOMIZED_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA</span></code> (macro)</h3>
-<p>Whether the specified algorithm is randomized ECDSA.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_RANDOMIZED_ECDSA" title="PSA_ALG_IS_RANDOMIZED_ECDSA">PSA_ALG_IS_RANDOMIZED_ECDSA</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a randomized ECDSA algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
-<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See also <a class="reference internal" href="#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_ECDSA()</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_IS_DETERMINISTIC_ECDSA" title="PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_HASH_EDDSA">
-<span id="c.PSA_ALG_IS_HASH_EDDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_EDDSA</span></code> (macro)</h3>
-<p>Whether the specified algorithm is HashEdDSA.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_HASH_EDDSA" title="PSA_ALG_IS_HASH_EDDSA">PSA_ALG_IS_HASH_EDDSA</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a HashEdDSA algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
-<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_HASH_AND_SIGN">
-<span id="c.PSA_ALG_IS_HASH_AND_SIGN"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a hash-and-sign algorithm that signs exactly the hash value.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN">PSA_ALG_IS_HASH_AND_SIGN</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier: a value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a hash-and-sign algorithm that signs exactly the hash value, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p>A wildcard signature algorithm policy, using <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a>, returns the same value as the signature algorithm parameterised with a valid hash algorithm.</p>
-<p class="rubric">Description</p>
-<p>This macro identifies algorithms that can be used with <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> that use the exact message hash value as an input the signature operation. For example, if <a class="reference internal" href="#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true, the following call sequence is equivalent to <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="docutils literal"><span class="pre">psa_sign_message</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">msg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">msg_len</span></code><code class="docutils literal"><span class="pre">,</span> <span class="pre">...)</span></code>:</p>
-<pre class="literal-block">
-<a class="reference internal" href="hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> op = {0};
-uint8_t hash[<a class="reference internal" href="hashes.html#c.PSA_HASH_MAX_SIZE" title="PSA_HASH_MAX_SIZE">PSA_HASH_MAX_SIZE</a>];
-size_t hash_len;
-<a class="reference internal" href="hashes.html#c.psa_hash_setup" title="psa_hash_setup">psa_hash_setup</a>(&op, <a class="reference internal" href="algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH">PSA_ALG_GET_HASH</a>(alg));
-<a class="reference internal" href="hashes.html#c.psa_hash_update" title="psa_hash_update">psa_hash_update</a>(&op, msg, msg_len);
-<a class="reference internal" href="hashes.html#c.psa_hash_finish" title="psa_hash_finish">psa_hash_finish</a>(&op, hash, sizeof(hash), &hash_len);
-<a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash">psa_sign_hash</a>(key, alg, hash, hash_len, ...);
-</pre>
-<p>This excludes hash-and-sign algorithms that require a encoded or modified hash for the signature step in the algorithm, such as <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a>. For such algorithms, <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH()</span></code></a> is true but <a class="reference internal" href="#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN()</span></code></a> is false.</p>
-</div>
-<div class="section" id="PSA_ALG_ANY_HASH">
-<span id="c.PSA_ALG_ANY_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code> (macro)</h3>
-<p>When setting a hash-and-sign algorithm in a key policy, permit any hash algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH">PSA_ALG_ANY_HASH</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x020000ff)
-</pre>
-<p>This value can be used to form the permitted algorithm attribute of a key policy for a signature algorithm that is parametrized by a hash. A key with this policy can then be used to perform operations using the same signature algorithm parametrized with any supported hash.
-A signature algorithm created using this macro is a wildcard algorithm, and <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD()</span></code></a> will return true.</p>
-<p>This value must not be used to build other algorithms that are parametrized over a hash. For any valid use of this macro to build an algorithm <code class="docutils literal"><span class="pre">alg</span></code>, <a class="reference internal" href="#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</p>
-<p>This value must not be used to build an algorithm specification to perform an operation. It is only valid for setting the permitted algorithm in a key policy.</p>
-<p class="rubric">Usage</p>
-<p>For example, suppose that <code class="docutils literal"><span class="pre">PSA_xxx_SIGNATURE</span></code> is one of the following macros:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code></a></li>
-<li><a class="reference internal" href="#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code></a></li>
-<li><a class="reference internal" href="#c.PSA_ALG_RSA_PSS_ANY_SALT" title="PSA_ALG_RSA_PSS_ANY_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS_ANY_SALT</span></code></a></li>
-<li><a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a></li>
-<li><a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a></li>
-</ul>
-<p>The following sequence of operations shows how <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> can be used in a key policy:</p>
-<ol class="arabic">
-<li><p class="first">Set the key usage flags using <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a>, for example:</p>
-<pre class="literal-block">
-<a class="reference internal" href="../keys/policy.html#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags">psa_set_key_usage_flags</a>(&attributes, <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE">PSA_KEY_USAGE_SIGN_MESSAGE</a>); // or VERIFY_MESSAGE
-<a class="reference internal" href="../keys/policy.html#c.psa_set_key_algorithm" title="psa_set_key_algorithm">psa_set_key_algorithm</a>(&attributes, PSA_xxx_SIGNATURE(<a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH">PSA_ALG_ANY_HASH</a>));
-</pre>
-</li>
-<li><p class="first">Import or generate key material.</p>
-</li>
-<li><p class="first">Call <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> or <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a>, passing an algorithm built from <code class="docutils literal"><span class="pre">PSA_xxx_SIGNATURE</span></code> and a specific hash. Each call to sign or verify a message can use a different hash algorithm.</p>
-<pre class="literal-block">
-<a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(key, PSA_xxx_SIGNATURE(<a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256">PSA_ALG_SHA_256</a>), ...);
-<a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(key, PSA_xxx_SIGNATURE(<a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512">PSA_ALG_SHA_512</a>), ...);
-<a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(key, PSA_xxx_SIGNATURE(<a class="reference internal" href="hashes.html#c.PSA_ALG_SHA3_256" title="PSA_ALG_SHA3_256">PSA_ALG_SHA3_256</a>), ...);
-</pre>
-</li>
-</ol>
-</div>
-<div class="section" id="PSA_SIGN_OUTPUT_SIZE">
-<span id="c.PSA_SIGN_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE</span></code> (macro)</h3>
-<p>Sufficient signature buffer size for <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> and <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a>.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE">PSA_SIGN_OUTPUT_SIZE</a>(key_type, key_bits, alg) \
- <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
-<dd>An asymmetric key type. This can be a key pair type or a public key type.</dd>
-<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
-<dd>The size of the key in bits.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The signature algorithm.</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>A sufficient signature buffer size for the specified asymmetric signature algorithm and key parameters. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for an asymmetric signature algorithm and key parameters that it recognizes, but does not support. If the parameters are not valid, the return value is unspecified.</p>
-<p class="rubric">Description</p>
-<p>If the size of the signature buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> and <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.</p>
-<p>See also <a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_SIGNATURE_MAX_SIZE">
-<span id="c.PSA_SIGNATURE_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code> (macro)</h3>
-<p>A sufficient signature buffer size for <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> and <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a>, for any of the supported key types and asymmetric signature algorithms.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE">PSA_SIGNATURE_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-</pre>
-<p>If the size of the signature buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> and <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> will not fail due to an insufficient buffer size.</p>
-<p>See also <a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE()</span></code></a>.</p>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
-IHI 0086<br/>
-Non-confidential<br/>
-Version 1.1.0
-<span style="color: red; font-weight: bold;"></span>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
-</ul>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
-<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests (Hashes)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
-<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
-<li class="toctree-l2 current"><a class="current reference internal" href="#">10.7. Asymmetric signature</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#asymmetric-signature-algorithms">10.7.1. Asymmetric signature algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#asymmetric-signature-functions">10.7.2. Asymmetric signature functions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#support-macros">10.7.3. Support macros</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
-<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
-<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
-</ul>
-</li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/encodings.html">Algorithm and key type encoding</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/sra.html">Security Risk Assessment</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
-</ul>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
-</ul>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2018-2022, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
+<meta http-equiv="Refresh" content="0; url='https://arm-software.github.io/psa-api/crypto/1.1/api/ops/sign.html'" />