docs/html/appendix/history.html

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta charset="utf-8" />
    <title>Changes to the API &#8212; PSA Crypto API 1.0.1 documentation</title>
    <link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
    <script type="text/javascript" id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script>
    <script type="text/javascript" src="../_static/jquery.js"></script>
    <script type="text/javascript" src="../_static/underscore.js"></script>
    <script type="text/javascript" src="../_static/doctools.js"></script>
    <script type="text/javascript" src="../_static/language_data.js"></script>
    <link rel="author" title="About these documents" href="../about.html" />
    <link rel="index" title="Index" href="../genindex.html" />
    <link rel="search" title="Search" href="../search.html" />
    <link rel="prev" title="Example macro implementations" href="specdef_values.html" />
   
  <link rel="stylesheet" href="../_static/custom.css" type="text/css" />
  
  
  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />

  </head><body>
  

    <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          

          <div class="body" role="main">
            
  <div class="section" id="changes-to-the-api">
<h1>Changes to the API</h1>
<div class="section" id="document-change-history">
<span id="changes"></span><h2>Document change history</h2>
<p>This section provides the detailed changes made between published version of the document.</p>
<div class="section" id="changes-between-1-0-0-and-1-0-1">
<h3>Changes between <em>1.0.0</em> and <em>1.0.1</em></h3>
<div class="section" id="id1">
<h4>Changes to the API</h4>
<ul class="simple">
<li><p>Added subtypes <a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_persistence_t" title="psa_key_persistence_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_persistence_t</span></code></a> and <a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_location_t" title="psa_key_location_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_location_t</span></code></a> for key lifetimes, and defined standard values for these attributes.</p></li>
<li><p>Added identifiers for <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SM3" title="PSA_ALG_SM3"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SM3</span></code></a> and <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_SM4</span></code></a>.</p></li>
</ul>
</div>
<div class="section" id="clarifications-and-fixes">
<h4>Clarifications and fixes</h4>
<ul class="simple">
<li><p>Provided citation references for all cryptographic algorithms in the specification.</p></li>
<li><p>Provided precise key size information for all key types.</p></li>
<li><p>Permitted implementations to store and export long HMAC keys in hashed form.</p></li>
<li><p>Provided details for initialization vectors in all unauthenticated cipher algorithms.</p></li>
<li><p>Provided details for nonces in all AEAD algorithms.</p></li>
<li><p>Clarified the input steps for HKDF.</p></li>
<li><p>Provided details of signature algorithms, include requirements when using with <a class="reference internal" href="../api/ops/sign.html#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_sign_hash()</span></code></a> and <a class="reference internal" href="../api/ops/sign.html#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_verify_hash()</span></code></a>.</p></li>
<li><p>Provided details of key agreement algorithms, and how to use them.</p></li>
<li><p>Aligned terminology relating to key policies, to clarify the combination of the usage flags and permitted algorithm in the policy.</p></li>
<li><p>Clarified the use of the individual key attributes for all of the key creation functions.</p></li>
<li><p>Restructured the description for <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key()</span></code></a>, to clarify the handling of the excess bits in ECC key generation when needing a string of bits whose length is not a multiple of <code class="docutils literal notranslate"><span class="pre">8</span></code>.</p></li>
<li><p>Referenced the correct buffer size macros for <a class="reference internal" href="../api/keys/management.html#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a>.</p></li>
<li><p>Removed the use of the <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a> error.</p></li>
<li><p>Clarified concurrency rules.</p></li>
<li><p>Document that <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key()</span></code></a> does not return <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a> if the secret input is the result of a key agreement. This matches what was already documented for <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a>.</p></li>
<li><p>Relax the requirement to use the defined key derivation methods in <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key()</span></code></a>: implementation-specific KDF algorithms can use implementation-defined methods to derive the key material.</p></li>
</ul>
</div>
<div class="section" id="other-changes">
<h4>Other changes</h4>
<ul class="simple">
<li><p>Provided a glossary of terms.</p></li>
<li><p>Provided a table of references.</p></li>
<li><p>Restructured the <a class="reference internal" href="../api/keys/index.html#key-management"><span class="secref">Key management reference</span></a> chapter.</p>
<ul>
<li><p>Moved individual attribute types, values and accessor functions into their own sections.</p></li>
<li><p>Placed permitted algorithms and usage flags into <a class="reference internal" href="../api/keys/policy.html#key-policy"><span class="secref">Key policies</span></a>.</p></li>
<li><p>Moved most introductory material from the <a class="reference internal" href="../overview/functionality.html#functionality-overview"><span class="secref">Functionality overview</span></a> into the relevant API sections.</p></li>
</ul>
</li>
</ul>
</div>
</div>
<div class="section" id="changes-between-1-0-beta-3-and-1-0-0">
<h3>Changes between <em>1.0 beta 3</em> and <em>1.0.0</em></h3>
<div class="section" id="id2">
<h4>Changes to the API</h4>
<ul>
<li><p>Added <a class="reference internal" href="../api/library/library.html#c.PSA_CRYPTO_API_VERSION_MAJOR" title="PSA_CRYPTO_API_VERSION_MAJOR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_CRYPTO_API_VERSION_MAJOR</span></code></a> and <a class="reference internal" href="../api/library/library.html#c.PSA_CRYPTO_API_VERSION_MINOR" title="PSA_CRYPTO_API_VERSION_MINOR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_CRYPTO_API_VERSION_MINOR</span></code></a> to report the PSA Crypto API version.</p></li>
<li><p>Removed <code class="docutils literal notranslate"><span class="pre">PSA_ALG_GMAC</span></code> algorithm identifier.</p></li>
<li><p>Removed internal implementation macros from the API specification:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH_OFFSET</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_FROM_BLOCK_FLAG</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_TAG_LENGTH_MASK</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_AEAD</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_CIPHER</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_HASH</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_KEY_AGREEMENT</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_KEY_DERIVATION</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_MAC</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_MASK</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_SIGN</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_FROM_BLOCK_FLAG</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_MAC_BASE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_STREAM_FLAG</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA_BASE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_BASE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_IS_DETERMINISTIC</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HASH_MASK</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF_BASE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC_BASE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_VENDOR_DEFINED</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_MASK</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_DERIVATION_MASK</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MAC_SUBCATEGORY_MASK</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MAC_TRUNCATION_MASK</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP_BASE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_BASE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PSS_BASE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF_BASE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_BASE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_VENDOR_FLAG</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_BITS_TO_BYTES</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_BYTES_TO_BITS</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECDSA_SIGNATURE_SIZE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_HMAC_MAX_HASH_BLOCK_SIZE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_FLAG_PAIR</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_KEY_PAIR</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_MASK</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_RAW</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_SYMMETRIC</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_GROUP_MASK</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR_BASE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_CURVE_MASK</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR_BASE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_VENDOR_DEFINED</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_VENDOR_FLAG</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_MAC_TRUNCATED_LENGTH</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_MAC_TRUNCATION_OFFSET</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ROUND_UP_TO_MULTIPLE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_RSA_MINIMUM_PADDING_SIZE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_VENDOR_ECC_MAX_CURVE_BITS</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_VENDOR_RSA_MAX_KEY_BITS</span></code></p></li>
</ul>
</li>
<li><p>Remove the definition of implementation-defined macros from the specification, and clarified the implementation requirements for these macros in <a class="reference internal" href="../overview/implementation.html#implementation-specific-macro"><span class="secref">Implementation-specific macros</span></a>.</p>
<ul class="simple">
<li><p>Macros with implementation-defined values are indicated by <code class="docutils literal notranslate"><span class="pre">/*</span> <span class="pre">implementation-defined</span> <span class="pre">value</span> <span class="pre">*/</span></code> in the API prototype.
The implementation must provide the implementation.</p></li>
<li><p>Macros for algorithm and key type construction and inspection have specification-defined values.
This is indicated by <code class="docutils literal notranslate"><span class="pre">/*</span> <span class="pre">specification-defined</span> <span class="pre">value</span> <span class="pre">*/</span></code> in the API prototype.
Example definitions of these macros is provided in <a class="reference internal" href="specdef_values.html#appendix-specdef-values"><span class="secref">Example macro implementations</span></a>.</p></li>
</ul>
</li>
<li><p>Changed the semantics of multi-part operations.</p>
<ul class="simple">
<li><p>Formalize the standard pattern for multi-part operations.</p></li>
<li><p>Require all errors to result in an error state, requiring a call to <code class="docutils literal notranslate"><span class="pre">psa_xxx_abort()</span></code> to reset the object.</p></li>
<li><p>Define behavior in illegal and impossible operation states, and for copying and reusing operation objects.</p></li>
</ul>
<p>Although the API signatures have not changed, this change requires modifications to application flows that handle error conditions in multi-part operations.</p>
</li>
<li><p>Merge the key identifier and key handle concepts in the API.</p>
<ul class="simple">
<li><p>Replaced all references to key handles with key identifiers, or something similar.</p></li>
<li><p>Replaced all uses of <code class="docutils literal notranslate"><span class="pre">psa_key_handle_t</span></code> with <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_id_t</span></code></a> in the API, and removes the <code class="docutils literal notranslate"><span class="pre">psa_key_handle_t</span></code> type.</p></li>
<li><p>Removed <code class="docutils literal notranslate"><span class="pre">psa_open_key</span></code> and <code class="docutils literal notranslate"><span class="pre">psa_close_key</span></code>.</p></li>
<li><p>Added <a class="reference internal" href="../api/keys/ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_NULL</span></code></a> for the never valid zero key identifier.</p></li>
<li><p>Document rules related to destroying keys whilst in use.</p></li>
<li><p>Added the <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> usage flag and the related <a class="reference internal" href="../api/keys/management.html#c.psa_purge_key" title="psa_purge_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_purge_key()</span></code></a> API.</p></li>
<li><p>Added clarification about caching keys to non-volatile memory.</p></li>
</ul>
</li>
<li><p>Renamed <code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN</span></code> to <a class="reference internal" href="../api/ops/kdf.html#c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE" title="PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</span></code></a>.</p></li>
<li><p>Relax definition of implementation-defined types.</p>
<ul class="simple">
<li><p>This is indicated in the specification by <code class="docutils literal notranslate"><span class="pre">/*</span> <span class="pre">implementation-defined</span> <span class="pre">type</span> <span class="pre">*/</span></code> in the type definition.</p></li>
<li><p>The specification only defines the name of implementation-defined types, and does not require that the implementation is a C struct.</p></li>
</ul>
</li>
<li><p>Zero-length keys are not permitted. Attempting to create one will now result in an error.</p></li>
<li><p>Relax the constraints on inputs to key derivation:</p>
<ul class="simple">
<li><p><a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_input_bytes()</span></code></a> can be used for secret input steps. This is necessary if a zero-length input is required by the application.</p></li>
<li><p><a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_input_key()</span></code></a> can be used for non-secret input steps.</p></li>
</ul>
</li>
<li><p>Multi-part cipher operations now require that the IV is passed using <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_set_iv()</span></code></a>, the option to provide this as part of the input to <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_update()</span></code></a> has been removed.</p>
<p>The format of the output from <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt()</span></code></a>, and input to <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_decrypt()</span></code></a>, is documented.</p>
</li>
<li><p>Support macros to calculate the size of output buffers, IVs and nonces.</p>
<ul class="simple">
<li><p>Macros to calculate a key and/or algorithm specific result are provided for all output buffers. The new macros are:</p>
<ul>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_NONCE_LENGTH()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_SIZE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_SIZE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_FINISH_OUTPUT_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_SIZE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_CIPHER_IV_LENGTH()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/management.html#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ka.html#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE()</span></code></a></p></li>
</ul>
</li>
<li><p>Macros that evaluate to a maximum type-independent buffer size are provided. The new macros are:</p>
<ul>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE" title="PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_NONCE_MAX_SIZE" title="PSA_AEAD_NONCE_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_NONCE_MAX_SIZE</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_TAG_MAX_SIZE" title="PSA_AEAD_TAG_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_MAX_SIZE</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/pke.html#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/pke.html#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_IV_MAX_SIZE" title="PSA_CIPHER_IV_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_CIPHER_IV_MAX_SIZE</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/management.html#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/management.html#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ka.html#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</span></code></a></p></li>
</ul>
</li>
<li><p>AEAD output buffer size macros are now parameterized on the key type as well as the algorithm:</p>
<ul>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_DECRYPT_OUTPUT_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_VERIFY_OUTPUT_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE()</span></code></a></p></li>
</ul>
</li>
<li><p>Some existing macros have been renamed to ensure that the name of the support macros are consistent. The following macros have been renamed:</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH()</span></code> → <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG" title="PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG()</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_TAG_LENGTH()</span></code> → <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG()</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_MAX_SIZE()</span></code> → <a class="reference internal" href="../api/keys/management.html#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE()</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_HASH_SIZE()</span></code> → <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_LENGTH()</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_MAC_FINAL_SIZE()</span></code> → <a class="reference internal" href="../api/ops/macs.html#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_MAC_LENGTH()</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_SIZE()</span></code> → <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH()</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE</span></code> → <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE" title="PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE</span></code></a></p></li>
</ul>
</li>
<li><p>Documentation of the macros and of related APIs has been updated to reference the related API elements.</p></li>
</ul>
</li>
<li><p>Provide hash-and-sign operations as well as sign-the-hash operations. The API for asymmetric signature has been changed to clarify the use of the new functions.</p>
<ul class="simple">
<li><p>The existing asymmetric signature API has been renamed to clarify that this is for signing a hash that is already computed:</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_SIGN</span></code> → <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_VERIFY</span></code> → <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_sign()</span></code> → <a class="reference internal" href="../api/ops/sign.html#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_sign_hash()</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_verify()</span></code> → <a class="reference internal" href="../api/ops/sign.html#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_verify_hash()</span></code></a></p></li>
</ul>
</li>
<li><p>New APIs added to provide the complete message signing operation:</p>
<ul>
<li><p><a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_sign_message()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_verify_message()</span></code></a></p></li>
</ul>
</li>
<li><p>New Support macros to identify which algorithms can be used in which signing API:</p>
<ul>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_SIGN_HASH()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE()</span></code></a></p></li>
</ul>
</li>
<li><p>Renamed support macros that apply to both signing APIs:</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE()</span></code> → <a class="reference internal" href="../api/ops/sign.html#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SIGN_OUTPUT_SIZE()</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE</span></code> → <a class="reference internal" href="../api/ops/sign.html#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a></p></li>
</ul>
</li>
<li><p>The usage flag values have been changed, including for <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</p></li>
</ul>
</li>
<li><p>Restructure <a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_type_t</span></code></a> and reassign all key type values.</p>
<ul class="simple">
<li><p><a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_type_t</span></code></a> changes from 32-bit to 16-bit integer.</p></li>
<li><p>Reassigned the key type categories.</p></li>
<li><p>Add a parity bit to the key type to ensure that valid key type values differ by at least 2 bits.</p></li>
<li><p>16-bit elliptic curve ids (<code class="docutils literal notranslate"><span class="pre">psa_ecc_curve_t</span></code>) replaced by 8-bit ECC curve family ids (<a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_ecc_family_t</span></code></a>).
16-bit  Diffie-Hellman group ids (<code class="docutils literal notranslate"><span class="pre">psa_dh_group_t</span></code>) replaced by 8-bit DH group family ids (<a class="reference internal" href="../api/keys/types.html#c.psa_dh_family_t" title="psa_dh_family_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_dh_family_t</span></code></a>).</p>
<ul>
<li><p>These ids are no longer related to the IANA Group Registry specification.</p></li>
<li><p>The new key type values do not encode the key size for ECC curves or DH groups. The key bit size from the key attributes identify a specific ECC curve or DH group within the family.</p></li>
</ul>
</li>
<li><p>The following macros have been removed:</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE2048</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE3072</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE4096</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE6144</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE8192</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BITS</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P256R1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P384R1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P512R1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE25519</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE448</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160K1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160R1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160R2</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP192K1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP192R1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP224K1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP224R1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP256K1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP256R1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP384R1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP521R1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163K1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163R1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163R2</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT193R1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT193R2</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT233K1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT233R1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT239K1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT283K1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT283R1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT409K1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT409R1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT571K1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT571R1</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_GET_CURVE</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_GET_GROUP</span></code></p></li>
</ul>
</li>
<li><p>The following macros have been added:</p>
<ul>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_DH_FAMILY_RFC7919" title="PSA_DH_FAMILY_RFC7919"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_DH_FAMILY_RFC7919</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECP_K1" title="PSA_ECC_FAMILY_SECP_K1"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_SECP_K1</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECP_R1" title="PSA_ECC_FAMILY_SECP_R1"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_SECP_R1</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECP_R2" title="PSA_ECC_FAMILY_SECP_R2"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_SECP_R2</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECT_K1" title="PSA_ECC_FAMILY_SECT_K1"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_SECT_K1</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECT_R1" title="PSA_ECC_FAMILY_SECT_R1"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_SECT_R1</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECT_R2" title="PSA_ECC_FAMILY_SECT_R2"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_SECT_R2</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_GET_FAMILY" title="PSA_KEY_TYPE_DH_GET_FAMILY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_GET_FAMILY</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_GET_FAMILY" title="PSA_KEY_TYPE_ECC_GET_FAMILY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_GET_FAMILY</span></code></a></p></li>
</ul>
</li>
<li><p>The following macros have new values:</p>
<ul>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_AES</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ARC4</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DES</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_HMAC</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_NONE</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code></a></p></li>
</ul>
</li>
<li><p>The following macros with specification-defined values have new example implementations:</p>
<ul>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ASYMMETRIC" title="PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH" title="PSA_KEY_TYPE_IS_DH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH_KEY_PAIR" title="PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC" title="PSA_KEY_TYPE_IS_ECC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR" title="PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_KEY_PAIR" title="PSA_KEY_TYPE_IS_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_RSA" title="PSA_KEY_TYPE_IS_RSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_UNSTRUCTURED" title="PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY" title="PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a></p></li>
</ul>
</li>
</ul>
</li>
<li><p>Add ECC family <a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a> for the FRP256v1 curve.</p></li>
<li><p>Restructure <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a> encoding, to increase consistency across algorithm categories.</p>
<ul class="simple">
<li><p>Algorithms that include a hash operation all use the same structure to encode the hash algorithm. The following <code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXXX_GET_HASH()</span></code> macros have all been replaced by a single macro <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_GET_HASH()</span></code></a>:</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF_GET_HASH()</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC_GET_HASH()</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP_GET_HASH()</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SIGN_GET_HASH()</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF_GET_HASH()</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_GET_HASH()</span></code></p></li>
</ul>
</li>
<li><p>Stream cipher algorithm macros have been removed; the key type indicates which cipher to use. Instead of <code class="docutils literal notranslate"><span class="pre">PSA_ALG_ARC4</span></code> and <code class="docutils literal notranslate"><span class="pre">PSA_ALG_CHACHA20</span></code>, use <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a>.</p></li>
</ul>
<p>All of the other <code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> macros have updated values or updated example implementations.</p>
<ul class="simple">
<li><p>The following macros have new values:</p>
<ul>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_CBC_MAC" title="PSA_ALG_CBC_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_CBC_MAC</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CBC_NO_PADDING" title="PSA_ALG_CBC_NO_PADDING"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CBC_PKCS7" title="PSA_ALG_CBC_PKCS7"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_CBC_PKCS7</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_CCM</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CFB" title="PSA_ALG_CFB"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_CFB</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_CMAC</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CTR" title="PSA_ALG_CTR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_CTR</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDH</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_ANY</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_FFDH" title="PSA_ALG_FFDH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_FFDH</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_GCM" title="PSA_ALG_GCM"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_GCM</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD2" title="PSA_ALG_MD2"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_MD2</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD4" title="PSA_ALG_MD4"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_MD4</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD5" title="PSA_ALG_MD5"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_MD5</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_OFB" title="PSA_ALG_OFB"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_OFB</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_RIPEMD160</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SHA_1</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SHA_224</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SHA_256</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SHA_384</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512_224" title="PSA_ALG_SHA_512_224"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512_224</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512_256</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_224" title="PSA_ALG_SHA3_224"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_224</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_256" title="PSA_ALG_SHA3_256"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_256</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_384" title="PSA_ALG_SHA3_384"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_384</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_512" title="PSA_ALG_SHA3_512"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_512</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_XTS</span></code></a></p></li>
</ul>
</li>
<li><p>The following macros with specification-defined values have new example implementations:</p>
<ul>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG" title="PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_FULL_LENGTH_MAC" title="PSA_ALG_FULL_LENGTH_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_FULL_LENGTH_MAC()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_HKDF()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_HMAC()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER" title="PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_IS_BLOCK_CIPHER_MAC" title="PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_CIPHER()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_DETERMINISTIC_ECDSA" title="PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_ECDH" title="PSA_ALG_IS_ECDH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_ECDH()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_ECDSA()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_FFDH" title="PSA_ALG_IS_FFDH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_FFDH()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_HKDF" title="PSA_ALG_IS_HKDF"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HKDF()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_IS_HMAC" title="PSA_ALG_IS_HMAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HMAC()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RANDOMIZED_ECDSA" title="PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_IS_RSA_OAEP" title="PSA_ALG_IS_RSA_OAEP"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_OAEP()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PSS" title="PSA_ALG_IS_RSA_PSS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_PSS()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_SIGN()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_IS_STREAM_CIPHER" title="PSA_ALG_IS_STREAM_CIPHER"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_STREAM_CIPHER()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_TLS12_PRF" title="PSA_ALG_IS_TLS12_PRF"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_TLS12_PRF()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_TLS12_PSK_TO_MS" title="PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_WILDCARD()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT_GET_KDF" title="PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_RSA_OAEP" title="PSA_ALG_RSA_OAEP"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PSS()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_TRUNCATED_MAC" title="PSA_ALG_TRUNCATED_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_TRUNCATED_MAC()</span></code></a></p></li>
</ul>
</li>
</ul>
</li>
<li><p>Added ECB block cipher mode, with no padding, as <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_ECB_NO_PADDING" title="PSA_ALG_ECB_NO_PADDING"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECB_NO_PADDING</span></code></a>.</p></li>
<li><p>Add functions to suspend and resume hash operations:</p>
<ul class="simple">
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_suspend()</span></code></a> halts the current operation and outputs a hash suspend state.</p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_resume()</span></code></a> continues a previously suspended hash operation.</p></li>
</ul>
<p>The format of the hash suspend state is documented in <a class="reference internal" href="../api/ops/hashes.html#hash-suspend-state"><span class="secref">Hash suspend state</span></a>, and supporting macros are provided for using this API:</p>
<ul class="simple">
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH" title="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH()</span></code></a></p></li>
<li><p><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_BLOCK_LENGTH()</span></code></a></p></li>
</ul>
</li>
<li><p>Complement <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a> with new error codes <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a> and <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a>. These permit an implementation to distinguish different causes of failure when reading from key storage.</p></li>
<li><p>Added input step <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_CONTEXT" title="PSA_KEY_DERIVATION_INPUT_CONTEXT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_CONTEXT</span></code></a> for key derivation, supporting obvious mapping from the step identifiers to common KDF constructions.</p></li>
</ul>
</div>
<div class="section" id="clarifications">
<h4>Clarifications</h4>
<ul class="simple">
<li><p>Clarified rules regarding modification of parameters in concurrent environments.</p></li>
<li><p>Guarantee that <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="docutils literal notranslate"><span class="pre">psa_destroy_key</span></code></a><code class="docutils literal notranslate"><span class="pre">(</span></code><a class="reference internal" href="../api/keys/ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_NULL</span></code></a><code class="docutils literal notranslate"><span class="pre">)</span></code> always returns <a class="reference internal" href="../api/library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a>.</p></li>
<li><p>Clarified the TLS PSK to MS key agreement algorithm.</p></li>
<li><p>Document the key policy requirements for all APIs that accept a key parameter.</p></li>
<li><p>Document more of the error codes for each function.</p></li>
</ul>
</div>
<div class="section" id="id3">
<h4>Other changes</h4>
<ul class="simple">
<li><p>Require C99 for this specification instead of C89.</p></li>
<li><p>Removed references to non-standard mbed-crypto header files. The only header file that applications need to include is <code class="file docutils literal notranslate"><span class="pre">psa/crypto.h</span></code>.</p></li>
<li><p>Reorganized the API reference, grouping the elements in a more natural way.</p></li>
<li><p>Improved the cross referencing between all of the document sections, and from code snippets to API element descriptions.</p></li>
</ul>
</div>
</div>
<div class="section" id="changes-between-1-0-beta-2-and-1-0-beta-3">
<h3>Changes between <em>1.0 beta 2</em> and <em>1.0 beta 3</em></h3>
<div class="section" id="id4">
<h4>Changes to the API</h4>
<ul class="simple">
<li><p>Change the value of error codes, and some names, to align
with other PSA specifications. The name changes are:</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_UNKNOWN_ERROR</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_GENERIC_ERROR" title="PSA_ERROR_GENERIC_ERROR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_OCCUPIED_SLOT</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_EMPTY_SLOT</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_CAPACITY</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_TAMPERING_DETECTED</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></p></li>
</ul>
</li>
<li><p>Change the way keys are created to avoid “half-filled” handles
that contained key metadata, but no key material.
Now, to create a key, first fill in a data structure containing
its attributes, then pass this structure to a function that
both allocates resources for the key and fills in the key
material. This affects the following functions:</p>
<ul>
<li><p><a class="reference internal" href="../api/keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="../api/keys/management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_generate_key()</span></code></a>, <code class="docutils literal notranslate"><span class="pre">psa_generator_import_key()</span></code>
and <a class="reference internal" href="../api/keys/management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_copy_key()</span></code></a> now take an attribute structure, as
a pointer to <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code></a>, to specify key metadata.
This replaces the previous method of passing arguments to
<code class="docutils literal notranslate"><span class="pre">psa_create_key()</span></code> or to the key material creation function
or calling <code class="docutils literal notranslate"><span class="pre">psa_set_key_policy()</span></code>.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">psa_key_policy_t</span></code> and functions operating on that type
no longer exist. A key’s policy is now accessible as part of
its attributes.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">psa_get_key_information()</span></code> is also replaced by accessing the
key’s attributes, retrieved with <a class="reference internal" href="../api/keys/attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_get_key_attributes()</span></code></a>.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">psa_create_key()</span></code> no longer exists. Instead, set the key id
attribute and the lifetime attribute before creating the
key material.</p></li>
</ul>
</li>
<li><p>Allow <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> to buffer data.</p></li>
<li><p>New buffer size calculation macros.</p></li>
<li><p>Key identifiers are no longer specific to a given lifetime value. <code class="docutils literal notranslate"><span class="pre">psa_open_key()</span></code> no longer takes a <code class="docutils literal notranslate"><span class="pre">lifetime</span></code> parameter.</p></li>
<li><p>Define a range of key identifiers for use by applications and a separate range for use by implementations.</p></li>
<li><p>Avoid the unusual terminology “generator”: call them
“key derivation operations” instead. Rename a number of functions
and other identifiers related to for clarity and consistency:</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">psa_crypto_generator_t</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_CRYPTO_GENERATOR_INIT</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">psa_crypto_generator_init()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_operation_init()</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_GENERATOR_UNBRIDLED_CAPACITY</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY" title="PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">psa_set_generator_capacity()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_set_capacity" title="psa_key_derivation_set_capacity"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_set_capacity()</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">psa_get_generator_capacity()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_get_capacity" title="psa_key_derivation_get_capacity"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_get_capacity()</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">psa_key_agreement()</span></code> → <a class="reference internal" href="../api/ops/ka.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_key_agreement()</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">psa_generator_read()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes()</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">psa_generate_derived_key()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key()</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">psa_generator_abort()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_abort()</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">psa_key_agreement_raw_shared_secret()</span></code> → <a class="reference internal" href="../api/ops/ka.html#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_raw_key_agreement()</span></code></a></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_KDF_STEP_xxx</span></code> → <code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_xxx</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PSA_xxx_KEYPAIR</span></code> → <code class="docutils literal notranslate"><span class="pre">PSA_xxx_KEY_PAIR</span></code></p></li>
</ul>
</li>
<li><p>Convert TLS1.2 KDF descriptions to multi-part key derivation.</p></li>
</ul>
</div>
<div class="section" id="id5">
<h4>Clarifications</h4>
<ul class="simple">
<li><p>Specify <code class="docutils literal notranslate"><span class="pre">psa_generator_import_key()</span></code> for most key types.</p></li>
<li><p>Clarify the behavior in various corner cases.</p></li>
<li><p>Document more error conditions.</p></li>
</ul>
</div>
</div>
<div class="section" id="changes-between-1-0-beta-1-and-1-0-beta-2">
<h3>Changes between <em>1.0 beta 1</em> and <em>1.0 beta 2</em></h3>
<div class="section" id="id6">
<h4>Changes to the API</h4>
<ul class="simple">
<li><p>Remove obsolete definition <code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_SELECTION</span></code>.</p></li>
<li><p><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code></a>: remove spurious parameter <code class="docutils literal notranslate"><span class="pre">plaintext_length</span></code>.</p></li>
</ul>
</div>
<div class="section" id="id7">
<h4>Clarifications</h4>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">psa_key_agreement()</span></code>: document <code class="docutils literal notranslate"><span class="pre">alg</span></code> parameter.</p></li>
</ul>
</div>
<div class="section" id="id8">
<h4>Other changes</h4>
<ul class="simple">
<li><p>Document formatting improvements.</p></li>
</ul>
</div>
</div>
</div>
<div class="section" id="planned-changes-for-version-1-0-x">
<h2>Planned changes for version 1.0.x</h2>
<p>Future versions of this specification that use a 1.0.x version will describe the same API as this specification. Any changes will not affect application compatibility and will not introduce major features. These updates are intended to add minor requirements on implementations, introduce optional definitions, make corrections, clarify potential or actual ambiguities, or improve the documentation.</p>
<p>These are the changes that we are currently planning to make for version 1.0.x:</p>
<ul class="simple">
<li><p>Declare identifiers for additional cryptographic algorithms.</p></li>
<li><p>Mandate certain checks when importing some types of asymmetric keys.</p></li>
<li><p>Specify the computation of algorithm and key type values.</p></li>
<li><p>Further clarifications on API usage and implementation.</p></li>
</ul>
</div>
<div class="section" id="future-additions">
<span id="future"></span><h2>Future additions</h2>
<p>Major additions to the API will be defined in future drafts and editions of a 1.x or 2.x version of this specification. Features that are being considered include:</p>
<ul class="simple">
<li><p>Multi-part operations for hybrid cryptography. For example, this includes
hash-and-sign for EdDSA, and hybrid encryption for ECIES.</p></li>
<li><p>A more general interface to key derivation and key exchange. This would
enable an application to derive a non-extractable session key from
non-extractable secrets, without leaking the intermediate material.</p></li>
<li><p>Key wrapping mechanisms to extract and import keys in an encrypted and authenticated form.</p></li>
<li><p>Key discovery mechanisms. This would enable an application to locate a key by
its name or attributes.</p></li>
<li><p>Implementation capability description. This would enable an application to
determine the algorithms, key types and storage lifetimes that the
implementation provides.</p></li>
<li><p>An ownership and access control mechanism allowing a multi-client
implementation to have privileged clients that are able to manage keys of
other clients.</p></li>
</ul>
</div>
</div>


          </div>
          
        </div>
      </div>
      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
        <div class="sphinxsidebarwrapper"><h3><a href="../index.html"><b>PSA Crypto API</b></a></h3>
IHI 0086<br/>
Non-confidential<br/>
Version 1.0.1
<span style="color: red; font-weight: bold;"></span>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../about.html">About this document</a></li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../overview/intro.html">1. Introduction</a></li>
<li class="toctree-l1"><a class="reference internal" href="../overview/goals.html">2. Design goals</a></li>
<li class="toctree-l1"><a class="reference internal" href="../overview/functionality.html">3. Functionality overview</a></li>
<li class="toctree-l1"><a class="reference internal" href="../overview/sample-arch.html">4. Sample architectures</a></li>
<li class="toctree-l1"><a class="reference internal" href="../overview/conventions.html">5. Library conventions</a></li>
<li class="toctree-l1"><a class="reference internal" href="../overview/implementation.html">6. Implementation considerations</a></li>
<li class="toctree-l1"><a class="reference internal" href="../overview/usage.html">7. Usage considerations</a></li>
<li class="toctree-l1"><a class="reference internal" href="../api/library/index.html">8. Library management reference</a></li>
<li class="toctree-l1"><a class="reference internal" href="../api/keys/index.html">9. Key management reference</a></li>
<li class="toctree-l1"><a class="reference internal" href="../api/ops/index.html">10. Cryptographic operation reference</a></li>
</ul>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="example_header.html">Example header file</a></li>
<li class="toctree-l1"><a class="reference internal" href="specdef_values.html">Example macro implementations</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">Changes to the API</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#document-change-history">Document change history</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#changes-between-1-0-0-and-1-0-1">Changes between <em>1.0.0</em> and <em>1.0.1</em></a></li>
<li class="toctree-l3"><a class="reference internal" href="#changes-between-1-0-beta-3-and-1-0-0">Changes between <em>1.0 beta 3</em> and <em>1.0.0</em></a></li>
<li class="toctree-l3"><a class="reference internal" href="#changes-between-1-0-beta-2-and-1-0-beta-3">Changes between <em>1.0 beta 2</em> and <em>1.0 beta 3</em></a></li>
<li class="toctree-l3"><a class="reference internal" href="#changes-between-1-0-beta-1-and-1-0-beta-2">Changes between <em>1.0 beta 1</em> and <em>1.0 beta 2</em></a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="#planned-changes-for-version-1-0-x">Planned changes for version 1.0.x</a></li>
<li class="toctree-l2"><a class="reference internal" href="#future-additions">Future additions</a></li>
</ul>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../psa_c-identifiers.html">Index of API elements</a></li>
</ul>
<div id="searchbox" style="display: none" role="search">
  <h3 id="searchlabel">Quick search</h3>
    <div class="searchformwrapper">
    <form class="search" action="../search.html" method="get">
      <input type="text" name="q" aria-labelledby="searchlabel" />
      <input type="submit" value="Go" />
    </form>
    </div>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
      <div class="clearer"></div>
    </div>
    <div class="footer">
      &copy; 2018-2020, Arm Limited or its affiliates. All rights reserved.
      
      |
      Powered by <a href="http://sphinx-doc.org/">Sphinx 2.1.2</a>
      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.12</a>
      
    </div>

    

    
  </body>
</html>