Andrew Thoelke

I've added the 'Attestation API' tag as well - this might be an API that fits better within that specification, but it is tightly coupled with the implementation of a...

One more important criteria for the API: * Is the attestation report created and returned at the time of key generation, requiring the caller to store the report (if required);...

A critical decision for designing this API is whether we need to support the KMS role, and the key generation and extraction functions.

Paying more attention to what we have in the specification today: * [`psa_ecc_family_t`](https://arm-software.github.io/psa-api/crypto/1.1/api/keys/types.html#c.psa_ecc_family_t) defines an 8-bit value. This includes the key type parity bit (bit 0), combined with the ECC-FAMILY...

> I wonder if any implementations are providing custom key encodings for ECC or FFDH? - and if so, are they using bit7==1 in those encodings? Here's one in mbedtls:...

Thank you for the clarification. I suspect that its presence in forks of mbedtls are unlikely to indicate that this is used by these other implementations of the API...

An initial proposal for the API elements has been proposed in #178

SM2-DSA is required as part of the ShangMi (SM) ciphersuite for TLS 1.3, according to [RFC 8998](https://datatracker.ietf.org/doc/html/rfc8998). In the RFC it describes the 'identity strings' (e.g. *IDA*) to be used...

Following the patterns in #107, the obvious pattern for these interruptible operations would be something like the following: ``` typedef /* implementation-defined */ psa_generate_key_interruptible_operation_t; #define PSA_GENERATE_KEY_INTERRUPTIBLE_OPERATION_INIT /* implementation-defined */ psa_generate_key_interruptible_operation_t...

Perhaps, given that these functions will not require multi-part operations, we could elide the 'interruptible' entirely in the identifier names? - the use of the interruptible form of the API...