ARM-software · athoelke · Jul 5, 2023 · Jun 21, 2023 · Jun 21, 2023 · Jun 21, 2023
@@ -19,7 +19,7 @@ Algorithm identifier encoding
 
 Algorithm identifiers are 32-bit integer values of the type `psa_algorithm_t`. Algorithm identifier values have the structure shown in :numref:`fig-algorithm-fields`.
 
-.. figure:: ../figure/algorithm_fields.*
+.. figure:: ../figure/encoding/algorithm.*
     :name: fig-algorithm-fields
 
     Encoding of `psa_algorithm_t`
@@ -97,7 +97,7 @@ Hash algorithm encoding
 
 The algorithm identifier for hash algorithms defined in this specification are encoded as shown in :numref:`fig-hash-fields`.
 
-.. figure:: ../figure/hash_fields.*
+.. figure:: ../figure/encoding/hash.*
     :name: fig-hash-fields
 
     Hash algorithm encoding
@@ -139,7 +139,7 @@ MAC algorithm encoding
 
 The algorithm identifier for MAC algorithms defined in this specification are encoded as shown in :numref:`fig-mac-fields`.
 
-.. figure:: ../figure/mac_fields.*
+.. figure:: ../figure/encoding/mac.*
     :name: fig-mac-fields
 
     MAC algorithm encoding
@@ -179,7 +179,7 @@ Cipher algorithm encoding
 
 The algorithm identifier for CIPHER algorithms defined in this specification are encoded as shown in :numref:`fig-cipher-fields`.
 
-.. figure:: ../figure/cipher_fields.*
+.. figure:: ../figure/encoding/cipher.*
     :name: fig-cipher-fields
 
     CIPHER algorithm encoding
@@ -213,7 +213,7 @@ AEAD algorithm encoding
 
 The algorithm identifier for AEAD algorithms defined in this specification are encoded as shown in :numref:`fig-aead-fields`.
 
-.. figure:: ../figure/aead_fields.*
+.. figure:: ../figure/encoding/aead.*
     :name: fig-aead-fields
 
     AEAD algorithm encoding
@@ -249,7 +249,7 @@ Key derivation algorithm encoding
 
 The algorithm identifier for key derivation algorithms defined in this specification are encoded as shown in :numref:`fig-kdf-fields`.
 
-.. figure:: ../figure/kdf_fields.*
+.. figure:: ../figure/encoding/kdf.*
     :name: fig-kdf-fields
 
     Key derivation algorithm encoding
@@ -282,7 +282,7 @@ Asymmetric signature algorithm encoding
 
 The algorithm identifier for asymmetric signature algorithms defined in this specification are encoded as shown in :numref:`fig-sign-fields`.
 
-.. figure:: ../figure/sign_fields.*
+.. figure:: ../figure/encoding/sign.*
     :name: fig-sign-fields
 
     Asymmetric signature algorithm encoding
@@ -321,7 +321,7 @@ Asymmetric encryption algorithm encoding
 
 The algorithm identifier for asymmetric encryption algorithms defined in this specification are encoded as shown in :numref:`fig-pke-fields`.
 
-.. figure:: ../figure/pke_fields.*
+.. figure:: ../figure/encoding/pke.*
     :name: fig-pke-fields
 
     Asymmetric encryption algorithm encoding
@@ -351,7 +351,7 @@ A key agreement algorithm identifier can either be for the raw key agreement alg
 
 The algorithm identifier for raw key agreement algorithms defined in this specification are encoded as shown in :numref:`fig-ka-raw-fields`.
 
-.. figure:: ../figure/ka_raw_fields.*
+.. figure:: ../figure/encoding/ka_raw.*
     :name: fig-ka-raw-fields
 
     Raw key agreement algorithm encoding
@@ -370,7 +370,7 @@ The defined values for KA-TYPE are shown in :numref:`table-ka-type`.
 
 A combined key agreement is constructed by a bitwise OR of the raw key agreement algorithm identifier and the key derivation algorithm identifier. This operation is provided by the `PSA_ALG_KEY_AGREEMENT()` macro.
 
-.. figure:: ../figure/ka_combined_fields.*
+.. figure:: ../figure/encoding/ka_combined.*
 
     Combined key agreement algorithm encoding
 
@@ -384,7 +384,7 @@ Key type encoding
 
 Key types are 16-bit integer values of the type `psa_key_type_t`. Key type values have the structure shown in :numref:`fig-key-type-fields`.
 
-.. figure:: ../figure/key_type_fields.*
+.. figure:: ../figure/encoding/key_type.*
     :name: fig-key-type-fields
 
     Encoding of `psa_key_type_t`
@@ -450,7 +450,7 @@ Raw key encoding
 
 The key type for raw keys defined in this specification are encoded as shown in :numref:`fig-raw-key-fields`.
 
-.. figure:: ../figure/raw_key_fields.*
+.. figure:: ../figure/encoding/raw_key.*
     :name: fig-raw-key-fields
 
     Raw key encoding
@@ -478,7 +478,7 @@ Symmetric key encoding
 
 The key type for symmetric keys defined in this specification are encoded as shown in :numref:`fig-symmetric-key-fields`.
 
-.. figure:: ../figure/symmetric_key_fields.*
+.. figure:: ../figure/encoding/symmetric_key.*
     :name: fig-symmetric-key-fields
 
     Symmetric key encoding
@@ -509,7 +509,7 @@ Asymmetric key encoding
 
 The key type for asymmetric keys defined in this specification are encoded as shown in :numref:`fig-asymmetric-key-fields`.
 
-.. figure:: ../figure/asymmetric_key_fields.*
+.. figure:: ../figure/encoding/asymmetric_key.*
     :name: fig-asymmetric-key-fields
 
     Asymmetric key encoding
@@ -536,7 +536,7 @@ RSA key encoding
 
 The key type for RSA keys defined in this specification are encoded as shown in :numref:`fig-rsa-key-fields`.
 
-.. figure:: ../figure/rsa_key_fields.*
+.. figure:: ../figure/encoding/rsa_key.*
     :name: fig-rsa-key-fields
 
     RSA key encoding
@@ -562,7 +562,7 @@ Elliptic Curve key encoding
 
 The key type for Elliptic Curve keys defined in this specification are encoded as shown in :numref:`fig-ecc-key-fields`.
 
-.. figure:: ../figure/ecc_key_fields.*
+.. figure:: ../figure/encoding/ecc_key.*
     :name: fig-ecc-key-fields
 
     Elliptic Curve key encoding
@@ -598,7 +598,7 @@ Diffie Hellman key encoding
 
 The key type for Diffie Hellman keys defined in this specification are encoded as shown in :numref:`fig-dh-key-fields`.
 
-.. figure:: ../figure/dh_key_fields.*
+.. figure:: ../figure/encoding/dh_key.*
     :name: fig-dh-key-fields
 
     Diffie Hellman key encoding

@@ -11,6 +11,18 @@ Document change history
 
 This section provides the detailed changes made between published version of the document.
 
+Changes between *1.1.2* and *1.2.0*
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Changes to the API
+~~~~~~~~~~~~~~~~~~
+
+Clarifications and fixes
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+Other changes
+~~~~~~~~~~~~~
+
 Changes between *1.1.1* and *1.1.2*
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -722,12 +734,12 @@ Other changes
 *   Document formatting improvements.
 
 
-Planned changes for version 1.1.x
+Planned changes for version 1.2.x
 ---------------------------------
 
-Future versions of this specification that use a 1.1.x version will describe the same API as this specification. Any changes will not affect application compatibility and will not introduce major features. These updates are intended to add minor requirements on implementations, introduce optional definitions, make corrections, clarify potential or actual ambiguities, or improve the documentation.
+Future versions of this specification that use a 1.2.x version will describe the same API as this specification. Any changes will not affect application compatibility and will not introduce major features. These updates are intended to add minor requirements on implementations, introduce optional definitions, make corrections, clarify potential or actual ambiguities, or improve the documentation.
 
-These are the changes that might be included in a version 1.1.x:
+These are the changes that might be included in a version 1.2.x:
 
 *   Declare identifiers for additional cryptographic algorithms.
 *   Mandate certain checks when importing some types of asymmetric keys.

@@ -22,7 +22,7 @@ System definition
 
 :numref:`fig-system-entities` shows the |API| as the defined interface that an Application uses to interact with the Cryptoprocessor.
 
-..  figure:: /figure/system-entities.*
+..  figure:: /figure/sra/system-entities.*
     :name: fig-system-entities
 
     |API|
@@ -48,7 +48,7 @@ The |API| is the interface available to the programmer, and is the main attack s
 
 :numref:`fig-dfd-no-isolation` shows the data flow for a typical application usage of the |API|, for example, to exchange ciphertext with an external system, or for at rest protection in system non-volatile storage. The Application uses the |API| to interact with the Cryptoprocessor. The Cryptoprocessor stores persistent keys in a Key Store.
 
-..  figure:: /figure/dfd_no_isolation.*
+..  figure:: /figure/sra/dfd_no_isolation.*
     :name: fig-dfd-no-isolation
 
     |API| dataflow diagram for an implementation with no isolation
@@ -57,14 +57,14 @@ For some adversarial models, :term:`Cryptoprocessor isolation` or :term:`Caller
 
 The Cryptoprocessor can optionally include a trust boundary within its implementation of the API. The trust boundary shown in :numref:`fig-dfd-crypto-isolation` corresponds to Cryptoprocessor isolation. The Cryptoprocessor boundary protects the confidentiality and integrity of the Cryptoprocessor and Key Store state from system components that are outside of the boundary.
 
-..  figure:: /figure/dfd_crypto_isolation.*
+..  figure:: /figure/sra/dfd_crypto_isolation.*
     :name: fig-dfd-crypto-isolation
 
     |API| dataflow diagram for an implementation with cryptoprocessor isolation
 
 If the implementation supports multiple, independent client Applications within the system, each Application has its own view of the Cryptoprocessor and key store. The additional trust boundaries required for a caller isolated implementation are shown in :numref:`fig-dfd-caller-isolation`. The Application boundary restricts the capabilities of the Application, and protects the confidentiality and integrity of system state from the Application.
 
-..  figure:: /figure/dfd_caller_isolation.*
+..  figure:: /figure/sra/dfd_caller_isolation.*
     :name: fig-dfd-caller-isolation
 
     |API| dataflow diagram for an implementation with caller isolation

@@ -22,17 +22,17 @@
     'doc_id': 'IHI 0086',
 
     # The short X.Y version. MANDATORY
-    'version': '1.1',
+    'version': '1.2',
     # Arm document quality status, marked as open issue if not provided
     'quality': 'REL',
     # Arm document issue number (within that version and quality status)
     # Marked as open issue if not provided
-    'issue_no': 2,
+    'issue_no': 0,
     # Identifies the sequence number of a release candidate of the same issue
     # default to None
     'release_candidate': None,
     # Draft status - use this to indicate the document is not ready for publication
-    #'draft': True,
+    'draft': True,
 
     # Arm document confidentiality. Must be either Non-confidential or Confidential
     # Marked as open issue if not provided
@@ -97,18 +97,6 @@
     #'page_break': 'chapter'
     }
 
-# If the draft flag is set, then include extra content and watermark
-
-if doc_info.get('draft'):
-    doc_info.pop('date', None)                      # Remove any release date - use build date
-    doc_info['include_content'] = ['rationale', 'todo', 'banner']
-    doc_info['watermark'] = "DRAFT"
-
-# If a release candidate, then include watermark
-
-if doc_info.get('release_candidate'):
-    doc_info['watermark'] = "Candidate"
-
 # absolute or relative path to the psa_spec material from this file
 # atg_sphinx_spec_dir = '../atg-sphinx-spec'