Paul Elliott

> > LGTM > > I'll backport this to 2.28 now And unfortunately 3.6, although that should be utterly trivial given the lack of differences there.

I actually quite like the simplicity of this approach. Given the various stages for sign/verify message are basically going to be compulsary, do we necessarily have to have seperate state...

so, the sort of agreed parts would look like this: ``` typedef /* implementation-defined type */ psa_sign_iop_operation_t; typedef /* implementation-defined type */ psa_verify_iop_operation_t; #define PSA_SIGN_IOP_OPERATION_INIT \ /* implementation-defined value */...

Use psa_kdf_iop_* for key derivation or psa_derive_key_iop_* for key derivation. remove operation from structs. Instead of `op` call parameter `iop` Use new key agreement operation (pass in key attributes, key...

``` /* Sign Hash / Message ----------------------------------*/ typedef /* implementation-defined type */ psa_sign_iop_t; typedef /* implementation-defined type */ psa_verify_iop_t; #define PSA_SIGN_IOP_INIT \ /* implementation-defined value */ #define PSA_VERIFY_IOP_INIT \ /*...

> I think we should remove `_operation` from the `xxx_init()` functions as well. The pattern in the API so far is that a data structure `psa_foo_t` has an init macro...

Hi! I can confirm we are looking at the unsafe access to key slots problem over the next quarter or so, but this is of course only one part of...

See https://github.com/ARM-software/psa-api/pull/199 for PSA side design

Closing this as we are splitting it into 4 parts: Setup and Abort Functions : https://github.com/Mbed-TLS/mbedtls/issues/9642 Complete function and full tests: https://github.com/Mbed-TLS/mbedtls/issues/9643 IOP based functions and tests: https://github.com/Mbed-TLS/mbedtls/issues/9644 Driver wrappers:...

Likely not raw anymore - see https://github.com/ARM-software/psa-api/pull/199