edhoc 1.0.5 → 1.1.1

package/external/libedhoc/library/edhoc_message_3.c

@@ -2,8 +2,8 @@
  * \file    edhoc_message_3.c
  * \author  Kamil Kielbasa
  * \brief   EDHOC message 3.
- * \version 0.4
- * \date    2024-01-01
+ * \version 0.6
+ * \date    2024-08-05
  *
  * \copyright Copyright (c) 2024
  *
@@ -14,6 +14,7 @@
 /* EDHOC header: */
 #define EDHOC_ALLOW_PRIVATE_ACCESS
 #include "edhoc.h"
+#include "edhoc_common.h"
 
 /* Standard library headers: */
 #include <stdint.h>
@@ -52,133 +53,13 @@
 
 /* Module defines ---------------------------------------------------------- */
 /* Module types and type definitiones -------------------------------------- */
-
-/**
- * \brief Helper structure for CBOR encoded elements for context_3.
- */
-struct cbor_items {
-	bool id_cred_i_is_cob; // cob = cbor one byte
-	int32_t id_cred_i_cob_val; // cob = cbor one byte
-	uint8_t *id_cred_i;
-	size_t id_cred_i_len;
-
-	bool id_cred_i_is_comp_enc; // cob = cbor one byte
-	enum edhoc_encode_type id_cred_i_enc_type;
-	int32_t id_cred_i_int;
-	uint8_t id_cred_i_bstr[EDHOC_CRED_KEY_ID_LEN + 1];
-	size_t id_cred_i_bstr_len;
-
-	uint8_t *th_3;
-	size_t th_3_len;
-
-	uint8_t *cred_i;
-	size_t cred_i_len;
-
-	bool is_ead_3;
-	uint8_t *ead_3;
-	size_t ead_3_len;
-
-	size_t buf_len;
-	uint8_t buf[];
-};
-
-/**
- * \brief Helper structure for parsed PLAINTEXT_3.
- */
-struct plaintext {
-	struct edhoc_auth_creds auth_creds;
-
-	const uint8_t *sign_or_mac;
-	size_t sign_or_mac_len;
-
-	const uint8_t *ead;
-	size_t ead_len;
-};
-
-/**
- * \brief Processing side.
- */
-enum edhoc_role {
-	initiator,
-	responder,
-};
-
 /* Module interface variables and constants -------------------------------- */
 /* Static variables and constants ------------------------------------------ */
 /* Static function declarations -------------------------------------------- */
 
-/** 
- * \brief CBOR integer memory requirements.
- *
- * \param val                   Raw integer value.
- *
- * \return Number of bytes.
- */
-static inline size_t cbor_int_mem_req(int32_t val);
-
-/**
- * \brief CBOR text stream overhead.
- *
- * \param len		        Length of buffer to CBOR as tstr.
- *
- * \return Number of bytes.
- */
-static inline size_t cbor_tstr_overhead(size_t len);
-
-/**
- * \brief CBOR byte stream overhead.
- *
- * \param len		        Length of buffer to CBOR as bstr.
- *
- * \return Number of bytes.
- */
-static inline size_t cbor_bstr_overhead(size_t len);
-
-/**
- * \brief CBOR map overhead.
- *
- * \param items		        Number of items for map.
- *
- * \return Number of bytes.
- */
-static inline size_t cbor_map_overhead(size_t items);
-
-/**
- * \brief CBOR array overhead.
- *
- * \param items		        Number of items for array.
- *
- * \return Number of bytes.
- */
-static inline size_t cbor_array_overhead(size_t items);
-
-/**
- * \brief Check if integer might be encoded as CBOR one byte.
- *
- * \param val                   Value for cbor encoding.
- *
- * \retval True if might be encoded as one byte cbor integer,
- *         otherwise false.
- */
-static inline bool is_cbor_one_byte_int(int32_t val);
-
-/**
- * \brief Compute memory required for input (context_3) for for MAC_3.
- *
- * \param[in] ctx               EDHOC context.
- * \param[in] auth_creds        Authentication credentials.
- * \param[out] context_3_len    On success, length of context_3.
- *
- * \retval EDHOC_SUCCESS on success, otherwise failure.
- */
-static int comp_mac_3_input_len(const struct edhoc_context *ctx,
-				const struct edhoc_auth_creds *auth_creds,
-				size_t *context_3_len);
-
 /**
  * \brief Compute psuedo random key (PRK_4e3m).
  *
- * \param[in] role              EDHOC role.
  * \param[in,out] ctx		EDHOC context.
  * \param[in] auth_cred         Authentication credentials.
  * \param[in] pub_key           Peer public static DH key. 
@@ -186,99 +67,28 @@ static int comp_mac_3_input_len(const struct edhoc_context *ctx,
  *
  * \return EDHOC_SUCCESS on success, otherwise failure.
  */
-static int comp_prk_4e3m(enum edhoc_role role, struct edhoc_context *ctx,
+static int comp_prk_4e3m(struct edhoc_context *ctx,
 			 const struct edhoc_auth_creds *auth_cred,
 			 const uint8_t *pub_key, size_t pub_key_len);
 
-/**
- * \brief Generate context_3.
- *
- * \param[in] ctx		EDHOC context.
- * \param[in] auth_creds        Authentication credentials.
- * \param[out] cbor_items	Buffer where the generated context_3 is to be written.
- *
- * \return EDHOC_SUCCESS on success, otherwise failure.
- */
-static int gen_mac_3_context(const struct edhoc_context *ctx,
-			     const struct edhoc_auth_creds *auth_creds,
-			     struct cbor_items *cbor_items);
-
-/**
- * \brief Compute memory required for MAC_3.
- * 
- * \param role                  EDHOC role.
- * \param[in] ctx               EDHOC context.
- * \param[out] mac_3_len        On success, length of MAC_3.
- *
- * \return EDHOC_SUCCESS on success, otherwise failure.
- */
-static int comp_mac_3_len(enum edhoc_role role, const struct edhoc_context *ctx,
-			  size_t *mac_3_len);
-
-/**
- * \brief Compute MAC_3.
- *
- * \param[in] ctx		EDHOC context.
- * \param[in] cbor_items	Buffer containing the context_3.
- * \param[out] mac_3		Buffer where the generated MAC_3 is to be written.
- * \param mac_3_len		Size of the \p mac_3 buffer in bytes.
- *
- * \return EDHOC_SUCCESS on success, otherwise failure.
- */
-static int comp_mac_3(const struct edhoc_context *ctx,
-		      const struct cbor_items *cbor_items, uint8_t *mac_3,
-		      size_t mac_3_len);
-
-/**
- * \brief Compute memory required Signature_or_MAC_3.
- * 
- * \param role                          EDHOC role.
- * \param[in] ctx                       EDHOC context.
- * \param[out] sign_or_mac_3_len        On success, length of Signature_or_MAC_3.
- *
- * \return EDHOC_SUCCESS on success, otherwise failure.
- */
-static int comp_sign_or_mac_3_len(enum edhoc_role role,
-				  const struct edhoc_context *ctx,
-				  size_t *sign_or_mac_3_len);
-
-/**
- * \brief Compute Signature_or_MAC_3.
- *
- * \param[in] ctx		EDHOC context.
- * \param[in] auth_creds	Authentication credentials.
- * \param[in] cbor_items	Buffer containing the context_3.
- * \param[in] mac_3		Buffer containing the MAC_3.
- * \param mac_3_len		Size of the \p mac_3 buffer in bytes.
- * \param[out] sign		Buffer where the generated signature is to be written.
- * \param sign_len		Size of the \p sign buffer in bytes.
- *
- * \return EDHOC_SUCCESS on success, otherwise failure.
- */
-static int comp_sign_or_mac_3(const struct edhoc_context *ctx,
-			      const struct edhoc_auth_creds *auth_creds,
-			      const struct cbor_items *cbor_items,
-			      const uint8_t *mac_3, size_t mac_3_len,
-			      uint8_t *sign, size_t sign_len);
-
 /**
  * \brief Compute memory required for PLAINTEXT_3. 
  * 
  * \param[in] ctx               EDHOC context.
- * \param[in] cbor_items        Buffer containing the context_3.
+ * \param[in] mac_ctx        	MAC context.
  * \param sign_len              Size of the signature buffer in bytes.
  * \param[out] plaintext_3_len  On success, length of PLAINTEXT_3.
  *
  * \return EDHOC_SUCCESS on success, otherwise failure.
  */
 static int comp_plaintext_3_len(const struct edhoc_context *ctx,
-				const struct cbor_items *cbor_items,
+				const struct mac_context *mac_ctx,
 				size_t sign_len, size_t *plaintext_3_len);
 
 /**
  * \brief Prepare PLAINTEXT_3.
  *
- * \param[in] cbor_items	Buffer containing the context_2.
+ * \param[in] mac_ctx		MAC context.
  * \param[in] sign		Buffer containing the signature.
  * \param sign_len		Size of the \p sign buffer in bytes.
  * \param[out] ptxt	        Buffer where the generated plaintext is to be written.
@@ -287,7 +97,7 @@ static int comp_plaintext_3_len(const struct edhoc_context *ctx,
  *
  * \return EDHOC_SUCCESS on success, otherwise failure.
  */
-static int prepare_plaintext_3(const struct cbor_items *cbor_items,
+static int prepare_plaintext_3(const struct mac_context *mac_ctx,
 			       const uint8_t *sign, size_t sign_len,
 			       uint8_t *ptxt, size_t ptxt_size,
 			       size_t *ptxt_len);
@@ -337,1046 +147,204 @@ static int comp_key_iv_aad(const struct edhoc_context *ctx, uint8_t *key,
  * \param[out] ctxt_len         On success, the number of bytes that make up the CIPHERTEXT_3.
  *
  * \return EDHOC_SUCCESS on success, otherwise failure.
- */
-static int comp_ciphertext(const struct edhoc_context *ctx, const uint8_t *key,
-			   size_t key_len, const uint8_t *iv, size_t iv_len,
-			   const uint8_t *aad, size_t aad_len,
-			   const uint8_t *ptxt, size_t ptxt_len, uint8_t *ctxt,
-			   size_t ctxt_size, size_t *ctxt_len);
-
-/**
- * \brief Compute transcript hash 4.
- *
- * \param[in,out] ctx		EDHOC context.
- * \param[in] cbor_items        Structure containing the context_3.
- * \param[in] ptxt		Buffer containing the PLAINTEXT_3.
- * \param ptxt_len              Size of the \p ptxt buffer in bytes.
- *
- * \return EDHOC_SUCCESS on success, otherwise failure.
- */
-static int comp_th_4(struct edhoc_context *ctx,
-		     const struct cbor_items *cbor_items, const uint8_t *ptxt,
-		     size_t ptxt_len);
-
-/**
- * \brief Generate edhoc message 3.
- *
- * \param[in] ctxt	        Buffer continas the ciphertext.
- * \param ctxt_len	        Size of the \p ctxt buffer in bytes.
- * \param[out] msg_3            Buffer where the generated message 3 is to be written.
- * \param msg_3_size            Size of the \p msg_3 buffer in bytes.
- * \param[out] msg_3_len        On success, the number of bytes that make up the message 3.
- *
- * \return EDHOC_SUCCESS on success, otherwise failure.
- */
-static int gen_msg_3(const uint8_t *ctxt, size_t ctxt_len, uint8_t *msg_3,
-		     size_t msg_3_size, size_t *msg_3_len);
-
-/**
- * \brief CBOR decode message 3 and save address and length for CIPHERTEXT_3.
- *
- * \param[in] msg_3     	Buffer containing the message 3.
- * \param msg_3_len     	Size of the \p msg_3 buffer in bytes.
- * \param[out] ctxt_3	        Pointer to buffer containing the CIPHERTEXT_3.
- * \param[out] ctxt_3_len	Size of the \p ctxt_3 buffer in bytes.
- *
- * \return EDHOC_SUCCESS on success, otherwise failure.
- */
-static int parse_msg_3(const uint8_t *msg_3, size_t msg_3_len,
-		       const uint8_t **ctxt_3, size_t *ctxt_3_len);
-
-/**
- * \brief Decrypt CIPHERTEXT_3.
- *
- * \param[in] ctx		EDHOC context.
- * \param[in] key		Buffer containing the K_3.
- * \param key_len	        Size of the \p key buffer in bytes.
- * \param[in] iv	        Buffer containing the IV_3.
- * \param iv_len                Size of the \p iv buffer in bytes.
- * \param[in] aad	        Buffer containing the AAD_3.
- * \param aad_len               Size of the \p aad buffer in bytes.
- * \param[in] ctxt	        Pointer to buffer containing the CIPHERTEXT_3.
- * \param ctxt_len	        Size of the \p ctxt buffer in bytes.
- * \param[out] ptxt	        Buffer where the decrypted PLAINTEXT_3 is to be written.
- * \param ptxt_len	        Size of the \p ptxt buffer in bytes.
- *
- * \return EDHOC_SUCCESS on success, otherwise failure.
- */
-static int decrypt_ciphertext(const struct edhoc_context *ctx,
-			      const uint8_t *key, size_t key_len,
-			      const uint8_t *iv, size_t iv_len,
-			      const uint8_t *aad, size_t aad_len,
-			      const uint8_t *ctxt, size_t ctxt_len,
-			      uint8_t *ptxt, size_t ptxt_len);
-
-/**
- * \brief Parsed cborised PLAINTEXT_3 for separate buffers.
- *
- * \param[in] ctx		EDHOC context.
- * \param[in] ptxt		Buffer containing the PLAINTEXT_3.
- * \param ptxt_len              Size of the \p ptxt buffer in bytes.
- * \param[out] parsed_ptxt     	Structure where parsed PLAINTEXT_3 is to be written.
- *
- * \return EDHOC_SUCCESS on success, otherwise failure.
- */
-static int parse_plaintext(struct edhoc_context *ctx, const uint8_t *ptxt,
-			   size_t ptxt_len, struct plaintext *parsed_ptxt);
-
-/**
- * \brief Verify Signature_or_MAC_3.
- *
- * \param[in] ctx		EDHOC context.
- * \param[in] cbor_items        Structure containing the context_3.
- * \param[in] parsed_ptxt     	Structure containing the parsed PLAINTEXT_3.
- * \param[in] pub_key           Buffer containing the public key from peer credentials.
- * \param pub_key_len           Size of the \p pub_key buffer in bytes.
- * \param[in] mac_3             Buffer containing the MAC_3.
- * \param mac_3_len             Size of the \p mac_3 buffer in bytes.
- *
- * \return EDHOC_SUCCESS on success, otherwise failure.
- */
-static int verify_sign_or_mac_3(const struct edhoc_context *ctx,
-				const struct cbor_items *cbor_items,
-				const struct plaintext *parsed_ptxt,
-				const uint8_t *pub_key, size_t pub_key_len,
-				const uint8_t *mac_3, size_t mac_3_len);
-
-/**
- * \brief Perform compact encoding described in:
- *        - RFC 9528: 3.5.3.2. Compact Encoding of ID_CRED Fields for 'kid'.
- * 
- * \param[in] auth_cred         Authentication credentials.
- * \param[in,out] cbor_items    Structure containing the context_2.
- *
- * \return EDHOC_SUCCESS on success, otherwise failure.
- */
-static int kid_compact_encoding(const struct edhoc_auth_creds *auth_cred,
-				struct cbor_items *cbor_items);
-
-/**
- * \brief Compute SALT_4e3m.
- * 
- * \param[in] ctx               EDHOC context.
- * \param[out] salt             Buffer where the generated salt is to be written.
- * \param salt_len              Size of the \p salt buffer in bytes.
- *
- * \return EDHOC_SUCCESS on success, otherwise failure.
- */
-static int comp_salt_4e3m(const struct edhoc_context *ctx, uint8_t *salt,
-			  size_t salt_len);
-
-/**
- * \brief Compute G_IY for PRK_4e3m.
- * 
- * \param role                  EDHOC role.
- * \param[in,out] ctx           EDHOC context.
- * \param[in] auth_cred         Authentication credentials.
- * \param[in] pub_key           Peer public key.
- * \param pub_key_len           Peer public key length.
- * \param[out] giy              Buffer where the generated G_IY is to be written.
- * \param giy_len               Size of the \p giy buffer in bytes.
- *
- * \return EDHOC_SUCCESS on success, otherwise failure.
- */
-static int comp_giy(enum edhoc_role role, struct edhoc_context *ctx,
-		    const struct edhoc_auth_creds *auth_cred,
-		    const uint8_t *pub_key, size_t pub_key_len, uint8_t *giy,
-		    size_t giy_len);
-
-/* Static function definitions --------------------------------------------- */
-
-static inline size_t cbor_int_mem_req(int32_t val)
-{
-	if (val >= ONE_BYTE_CBOR_INT_MIN_VALUE &&
-	    val <= ONE_BYTE_CBOR_INT_MAX_VALUE) {
-		return 1;
-	} else if (val >= -(UINT8_MAX + 1) && val <= UINT8_MAX) {
-		return 2;
-	} else if (val >= -(UINT16_MAX + 1) && val <= UINT16_MAX) {
-		return 3;
-	} else {
-		return 4;
-	}
-}
-
-static inline size_t cbor_tstr_overhead(size_t len)
-{
-	if (len <= 23) {
-		return 1;
-	} else if (len <= UINT8_MAX) {
-		return 2;
-	} else if (len <= UINT16_MAX) {
-		return 3;
-	} else if (len <= UINT32_MAX) {
-		return 4;
-	} else {
-		return 5;
-	}
-}
-
-static inline size_t cbor_bstr_overhead(size_t len)
-{
-	if (len <= 23) {
-		return 1;
-	} else if (len <= UINT8_MAX) {
-		return 2;
-	} else if (len <= UINT16_MAX) {
-		return 3;
-	} else if (len <= UINT32_MAX) {
-		return 4;
-	} else {
-		return 5;
-	}
-}
-
-static inline size_t cbor_map_overhead(size_t items)
-{
-	(void)items;
-
-	return 3;
-}
-
-static inline size_t cbor_array_overhead(size_t items)
-{
-	if (items < 24)
-		return 1;
-	if (items < 256)
-		return 2;
-	if (items < 65535)
-		return 3;
-
-	return 4;
-}
-
-static inline bool is_cbor_one_byte_int(int32_t val)
-{
-	return (ONE_BYTE_CBOR_INT_MIN_VALUE < val &&
-		ONE_BYTE_CBOR_INT_MAX_VALUE > val);
-}
-
-static int comp_mac_3_input_len(const struct edhoc_context *ctx,
-				const struct edhoc_auth_creds *auth_cred,
-				size_t *context_3_len)
-{
-	if (NULL == ctx || NULL == auth_cred || NULL == context_3_len)
-		return EDHOC_ERROR_INVALID_ARGUMENT;
-
-	const size_t nr_of_items = 1;
-	size_t len = 0;
-
-	/* ID_CRED_I. */
-	switch (auth_cred->label) {
-	case EDHOC_COSE_HEADER_KID:
-		len += cbor_map_overhead(nr_of_items);
-
-		switch (auth_cred->key_id.encode_type) {
-		case EDHOC_ENCODE_TYPE_INTEGER:
-			len += cbor_int_mem_req(auth_cred->key_id.key_id_int);
-			break;
-		case EDHOC_ENCODE_TYPE_BYTE_STRING:
-			len += auth_cred->key_id.key_id_bstr_length;
-			len += cbor_bstr_overhead(
-				auth_cred->key_id.key_id_bstr_length);
-			break;
-		default:
-			return EDHOC_ERROR_NOT_PERMITTED;
-		}
-
-		break;
-
-	case EDHOC_COSE_HEADER_X509_CHAIN: {
-		if (1 == auth_cred->x509_chain.nr_of_certs) {
-			len += cbor_map_overhead(nr_of_items);
-			len += auth_cred->x509_chain.cert_len[0];
-			len += cbor_bstr_overhead(
-				auth_cred->x509_chain.cert_len[0]);
-		} else {
-			for (size_t i = 0;
-			     i < auth_cred->x509_chain.nr_of_certs; ++i) {
-				len += cbor_map_overhead(nr_of_items);
-				len += auth_cred->x509_chain.cert_len[i];
-				len += cbor_bstr_overhead(
-					auth_cred->x509_chain.cert_len[i]);
-			}
-		}
-
-		break;
-	}
-
-	case EDHOC_COSE_HEADER_X509_HASH:
-		len += cbor_map_overhead(nr_of_items);
-		len += cbor_array_overhead(nr_of_items);
-
-		switch (auth_cred->x509_hash.encode_type) {
-		case EDHOC_ENCODE_TYPE_INTEGER:
-			len += cbor_int_mem_req(auth_cred->x509_hash.alg_int);
-			break;
-		case EDHOC_ENCODE_TYPE_BYTE_STRING:
-			len += auth_cred->x509_hash.alg_bstr_length;
-			len += cbor_bstr_overhead(
-				auth_cred->x509_hash.alg_bstr_length);
-			break;
-		default:
-			return EDHOC_ERROR_NOT_PERMITTED;
-		}
-
-		len += auth_cred->x509_hash.cert_fp_len;
-		len += cbor_bstr_overhead(auth_cred->x509_hash.cert_fp_len);
-		break;
-
-	default:
-		return EDHOC_ERROR_NOT_SUPPORTED;
-	}
-
-	/* TH_3. */
-	len += ctx->th_len;
-	len += cbor_bstr_overhead(ctx->th_len);
-
-	/* CRED_I. */
-	switch (auth_cred->label) {
-	case EDHOC_COSE_HEADER_KID:
-		len += auth_cred->key_id.cred_len;
-		len += cbor_bstr_overhead(auth_cred->key_id.cred_len);
-		break;
-
-	case EDHOC_COSE_HEADER_X509_CHAIN: {
-		const size_t end_entity_idx =
-			auth_cred->x509_chain.nr_of_certs - 1;
-		len += auth_cred->x509_chain.cert_len[end_entity_idx];
-		len += cbor_bstr_overhead(
-			auth_cred->x509_chain.cert_len[end_entity_idx]);
-		break;
-	}
-
-	case EDHOC_COSE_HEADER_X509_HASH:
-		len += auth_cred->x509_hash.cert_len;
-		len += cbor_bstr_overhead(auth_cred->x509_hash.cert_len);
-		break;
-
-	default:
-		return EDHOC_ERROR_NOT_SUPPORTED;
-	}
-
-	/* EAD_3. */
-	for (size_t i = 0; i < ctx->nr_of_ead_tokens; ++i) {
-		len += cbor_int_mem_req(ctx->ead_token[i].label);
-		len += ctx->ead_token[i].value_len;
-		len += cbor_bstr_overhead(ctx->ead_token[i].value_len);
-	}
-
-	*context_3_len = len;
-	return EDHOC_SUCCESS;
-}
-
-static int comp_prk_4e3m(enum edhoc_role role, struct edhoc_context *ctx,
-			 const struct edhoc_auth_creds *auth_cred,
-			 const uint8_t *pub_key, size_t pub_key_len)
-{
-	if (NULL == ctx)
-		return EDHOC_ERROR_INVALID_ARGUMENT;
-
-	if (EDHOC_PRK_STATE_3E2M != ctx->prk_state)
-		return EDHOC_ERROR_BAD_STATE;
-
-	if (initiator == role) {
-		switch (ctx->method) {
-		case EDHOC_METHOD_0:
-		case EDHOC_METHOD_1:
-			ctx->prk_state = EDHOC_PRK_STATE_4E3M;
-			return EDHOC_SUCCESS;
-
-		case EDHOC_METHOD_2:
-		case EDHOC_METHOD_3: {
-			const size_t hash_len =
-				ctx->csuite[ctx->chosen_csuite_idx].hash_length;
-
-			ALLOCATE_ARRAY(uint8_t, salt_4e3m, hash_len);
-			memset(salt_4e3m, 0, ALLOCATE_ARRAY_SIZEOF(salt_4e3m));
-
-			int ret = comp_salt_4e3m(ctx, salt_4e3m,
-						 ARRAY_SIZE_VLA(salt_4e3m));
-
-			if (EDHOC_SUCCESS != ret)
-				return EDHOC_ERROR_CRYPTO_FAILURE;
-
-			if (NULL != ctx->logger)
-				ctx->logger(ctx->user_ctx, "SALT_4e3m",
-					    salt_4e3m, ARRAY_SIZE_VLA(salt_4e3m));
-
-			const size_t ecc_key_len =
-				ctx->csuite[ctx->chosen_csuite_idx]
-					.ecc_key_length;
-
-			ALLOCATE_ARRAY(uint8_t, giy, ecc_key_len);
-			memset(giy, 0, ALLOCATE_ARRAY_SIZEOF(giy));
-
-			ret = comp_giy(role, ctx, auth_cred, pub_key,
-				       pub_key_len, giy, ARRAY_SIZE_VLA(giy));
-
-			if (EDHOC_SUCCESS != ret)
-				return EDHOC_ERROR_CRYPTO_FAILURE;
-
-			if (NULL != ctx->logger)
-				ctx->logger(ctx->user_ctx, "G_IY", giy,
-					    ARRAY_SIZE_VLA(giy));
-
-			ctx->prk_len =
-				ctx->csuite[ctx->chosen_csuite_idx].hash_length;
-
-			uint8_t key_id[EDHOC_KID_LEN] = { 0 };
-			ret = ctx->keys.generate_key(ctx->user_ctx,
-						     EDHOC_KT_EXTRACT, giy,
-						     ARRAY_SIZE_VLA(giy), key_id);
-			memset(giy, 0, sizeof(giy));
-
-			if (EDHOC_SUCCESS != ret)
-				return EDHOC_ERROR_CRYPTO_FAILURE;
-
-			size_t out_len = 0;
-			ret = ctx->crypto.extract(ctx->user_ctx, key_id,
-						  salt_4e3m,
-						  ARRAY_SIZE_VLA(salt_4e3m),
-						  ctx->prk, ctx->prk_len,
-						  &out_len);
-			ctx->keys.destroy_key(ctx->user_ctx, key_id);
-
-			if (EDHOC_SUCCESS != ret || ctx->prk_len != out_len)
-				return EDHOC_ERROR_CRYPTO_FAILURE;
-
-			ctx->prk_state = EDHOC_PRK_STATE_4E3M;
-			return EDHOC_SUCCESS;
-		}
-		default:
-			return EDHOC_ERROR_NOT_PERMITTED;
-		}
-	}
-
-	if (responder == role) {
-		switch (ctx->method) {
-		case EDHOC_METHOD_0:
-		case EDHOC_METHOD_1:
-			ctx->prk_state = EDHOC_PRK_STATE_4E3M;
-			return EDHOC_SUCCESS;
-
-		case EDHOC_METHOD_2:
-		case EDHOC_METHOD_3: {
-			const size_t hash_len =
-				ctx->csuite[ctx->chosen_csuite_idx].hash_length;
-
-			ALLOCATE_ARRAY(uint8_t, salt_4e3m, hash_len);
-			memset(salt_4e3m, 0, ALLOCATE_ARRAY_SIZEOF(salt_4e3m));
-
-			int ret = comp_salt_4e3m(ctx, salt_4e3m,
-						 ARRAY_SIZE_VLA(salt_4e3m));
-
-			if (EDHOC_SUCCESS != ret)
-				return EDHOC_ERROR_CRYPTO_FAILURE;
-
-			if (NULL != ctx->logger)
-				ctx->logger(ctx->user_ctx, "SALT_4e3m",
-					    salt_4e3m, ARRAY_SIZE_VLA(salt_4e3m));
-
-			const size_t ecc_key_len =
-				ctx->csuite[ctx->chosen_csuite_idx]
-					.ecc_key_length;
-
-			ALLOCATE_ARRAY(uint8_t, giy, ecc_key_len);
-			memset(giy, 0, ALLOCATE_ARRAY_SIZEOF(giy));
-
-			ret = comp_giy(role, ctx, auth_cred, pub_key,
-				       pub_key_len, giy, ARRAY_SIZE_VLA(giy));
-
-			if (EDHOC_SUCCESS != ret)
-				return EDHOC_ERROR_CRYPTO_FAILURE;
-
-			if (NULL != ctx->logger)
-				ctx->logger(ctx->user_ctx, "G_IY", giy,
-					    ARRAY_SIZE_VLA(giy));
-
-			ctx->prk_len =
-				ctx->csuite[ctx->chosen_csuite_idx].hash_length;
-
-			uint8_t key_id[EDHOC_KID_LEN] = { 0 };
-			ret = ctx->keys.generate_key(ctx->user_ctx,
-						     EDHOC_KT_EXTRACT, giy,
-						     ARRAY_SIZE_VLA(giy), key_id);
-			memset(giy, 0, ALLOCATE_ARRAY_SIZEOF(giy));
-
-			if (EDHOC_SUCCESS != ret)
-				return EDHOC_ERROR_CRYPTO_FAILURE;
-
-			size_t out_len = 0;
-			ret = ctx->crypto.extract(ctx->user_ctx, key_id,
-						  salt_4e3m,
-						  ARRAY_SIZE_VLA(salt_4e3m),
-						  ctx->prk, ctx->prk_len,
-						  &out_len);
-			ctx->keys.destroy_key(ctx->user_ctx, key_id);
-
-			if (EDHOC_SUCCESS != ret || ctx->prk_len != out_len)
-				return EDHOC_ERROR_CRYPTO_FAILURE;
-
-			ctx->prk_state = EDHOC_PRK_STATE_4E3M;
-			return EDHOC_SUCCESS;
-		}
-		default:
-			return EDHOC_ERROR_NOT_PERMITTED;
-		}
-	}
-
-	return EDHOC_ERROR_NOT_PERMITTED;
-}
-
-static int gen_mac_3_context(const struct edhoc_context *ctx,
-			     const struct edhoc_auth_creds *auth_cred,
-			     struct cbor_items *cbor_items)
-{
-	if (NULL == ctx || NULL == auth_cred || NULL == cbor_items)
-		return EDHOC_ERROR_INVALID_ARGUMENT;
-
-	if (EDHOC_TH_STATE_3 != ctx->th_state)
-		return EDHOC_ERROR_BAD_STATE;
-
-	const size_t nr_of_items = 1;
-
-	int ret = EDHOC_ERROR_GENERIC_ERROR;
-	size_t len = 0;
-
-	/* ID_CRED_R length. */
-	cbor_items->id_cred_i = &cbor_items->buf[0];
-
-	switch (auth_cred->label) {
-	case EDHOC_COSE_HEADER_KID:
-		len += cbor_map_overhead(nr_of_items);
-		switch (auth_cred->key_id.encode_type) {
-		case EDHOC_ENCODE_TYPE_INTEGER:
-			len += cbor_int_mem_req(auth_cred->key_id.key_id_int);
-			break;
-		case EDHOC_ENCODE_TYPE_BYTE_STRING:
-			len += auth_cred->key_id.key_id_bstr_length;
-			len += cbor_bstr_overhead(
-				auth_cred->key_id.key_id_bstr_length);
-			break;
-		default:
-			return EDHOC_ERROR_NOT_PERMITTED;
-		}
-		if (is_cbor_one_byte_int(auth_cred->key_id.key_id_int))
-			cbor_items->id_cred_i_is_cob = true;
-
-		break;
-
-	case EDHOC_COSE_HEADER_X509_CHAIN: {
-		len += cbor_map_overhead(nr_of_items);
-
-		for (size_t i = 0; i < auth_cred->x509_chain.nr_of_certs; ++i) {
-			len += auth_cred->x509_chain.cert_len[i];
-			len += cbor_bstr_overhead(
-				auth_cred->x509_chain.cert_len[i]);
-		}
-
-		if (1 < auth_cred->x509_chain.nr_of_certs)
-			len += cbor_array_overhead(
-				auth_cred->x509_chain.nr_of_certs);
-
-		break;
-	}
-
-	case EDHOC_COSE_HEADER_X509_HASH:
-		len += cbor_map_overhead(nr_of_items);
-		len += cbor_array_overhead(nr_of_items);
-
-		switch (auth_cred->x509_hash.encode_type) {
-		case EDHOC_ENCODE_TYPE_INTEGER:
-			len += cbor_int_mem_req(auth_cred->x509_hash.alg_int);
-			break;
-		case EDHOC_ENCODE_TYPE_BYTE_STRING:
-			len += auth_cred->x509_hash.alg_bstr_length;
-			len += cbor_bstr_overhead(
-				auth_cred->x509_hash.alg_bstr_length);
-			break;
-		default:
-			return EDHOC_ERROR_NOT_PERMITTED;
-		}
-
-		len += auth_cred->x509_hash.cert_fp_len + 1;
-		len += cbor_bstr_overhead(auth_cred->x509_hash.cert_fp_len);
-		break;
-
-	default:
-		return EDHOC_ERROR_CREDENTIALS_FAILURE;
-	}
-
-	cbor_items->id_cred_i_len = len;
-
-	/* Cborise ID_CRED_R. */
-	struct id_cred_x cbor_id_cred_i = { 0 };
-
-	switch (auth_cred->label) {
-	case EDHOC_COSE_HEADER_KID: {
-		cbor_id_cred_i._id_cred_x_kid_present = true;
-
-		switch (auth_cred->key_id.encode_type) {
-		case EDHOC_ENCODE_TYPE_INTEGER:
-			cbor_id_cred_i._id_cred_x_kid._id_cred_x_kid_choice =
-				_id_cred_x_kid_int;
-			cbor_id_cred_i._id_cred_x_kid._id_cred_x_kid_int =
-				auth_cred->key_id.key_id_int;
-			break;
-		case EDHOC_ENCODE_TYPE_BYTE_STRING:
-			cbor_id_cred_i._id_cred_x_kid._id_cred_x_kid_choice =
-				_id_cred_x_kid_bstr;
-			cbor_id_cred_i._id_cred_x_kid._id_cred_x_kid_bstr.value =
-				auth_cred->key_id.key_id_bstr;
-			cbor_id_cred_i._id_cred_x_kid._id_cred_x_kid_bstr.len =
-				auth_cred->key_id.key_id_bstr_length;
-			break;
-		default:
-			return EDHOC_ERROR_NOT_PERMITTED;
-		}
-
-		break;
-	}
-	case EDHOC_COSE_HEADER_X509_CHAIN: {
-		cbor_id_cred_i._id_cred_x_x5chain_present = true;
-
-		struct COSE_X509_ *cose_x509 =
-			&cbor_id_cred_i._id_cred_x_x5chain._id_cred_x_x5chain;
-
-		if (1 == auth_cred->x509_chain.nr_of_certs) {
-			cose_x509->_COSE_X509_choice = _COSE_X509_bstr;
-			cose_x509->_COSE_X509_bstr.value =
-				auth_cred->x509_chain.cert[0];
-			cose_x509->_COSE_X509_bstr.len =
-				auth_cred->x509_chain.cert_len[0];
-		} else {
-			cose_x509->_COSE_X509_choice = _COSE_X509__certs;
-			cose_x509->_COSE_X509__certs_certs_count =
-				auth_cred->x509_chain.nr_of_certs;
-
-			for (size_t i = 0;
-			     i < auth_cred->x509_chain.nr_of_certs; ++i) {
-				cose_x509->_COSE_X509__certs_certs[i].value =
-					auth_cred->x509_chain.cert[i];
-				cose_x509->_COSE_X509__certs_certs[i].len =
-					auth_cred->x509_chain.cert_len[i];
-			}
-		}
-
-		break;
-	}
-	case EDHOC_COSE_HEADER_X509_HASH: {
-		cbor_id_cred_i._id_cred_x_x5t_present = true;
-
-		struct COSE_CertHash *cose_x509 =
-			&cbor_id_cred_i._id_cred_x_x5t._id_cred_x_x5t;
-
-		cose_x509->_COSE_CertHash_hashValue.value =
-			auth_cred->x509_hash.cert_fp;
-		cose_x509->_COSE_CertHash_hashValue.len =
-			auth_cred->x509_hash.cert_fp_len;
-
-		switch (auth_cred->x509_hash.encode_type) {
-		case EDHOC_ENCODE_TYPE_INTEGER:
-			cose_x509->_COSE_CertHash_hashAlg_choice =
-				_COSE_CertHash_hashAlg_int;
-			cose_x509->_COSE_CertHash_hashAlg_int =
-				auth_cred->x509_hash.alg_int;
-			break;
-		case EDHOC_ENCODE_TYPE_BYTE_STRING:
-			cose_x509->_COSE_CertHash_hashAlg_choice =
-				_COSE_CertHash_hashAlg_tstr;
-			cose_x509->_COSE_CertHash_hashAlg_tstr.value =
-				auth_cred->x509_hash.alg_bstr;
-			cose_x509->_COSE_CertHash_hashAlg_tstr.len =
-				auth_cred->x509_hash.alg_bstr_length;
-			break;
-		default:
-			return EDHOC_ERROR_NOT_PERMITTED;
-		}
-
-		break;
-	}
-
-	default:
-		return EDHOC_ERROR_CREDENTIALS_FAILURE;
-	}
-
-	len = 0;
-	ret = cbor_encode_id_cred_x(cbor_items->id_cred_i,
-				    cbor_items->id_cred_i_len, &cbor_id_cred_i,
-				    &len);
-	if (ZCBOR_SUCCESS != ret)
-		return EDHOC_ERROR_CBOR_FAILURE;
-
-	cbor_items->id_cred_i_len = len;
-
-	/* Check compact encoding of ID_CRED_I. */
-	if (EDHOC_COSE_HEADER_KID == auth_cred->label) {
-		ret = kid_compact_encoding(auth_cred, cbor_items);
-
-		if (EDHOC_SUCCESS != ret)
-			return EDHOC_ERROR_CBOR_FAILURE;
-	}
-
-	/* TH_3 length. */
-	len = ctx->th_len;
-	cbor_items->th_3 = &cbor_items->id_cred_i[cbor_items->id_cred_i_len];
-	cbor_items->th_3_len = cbor_bstr_overhead(len) + len;
-
-	/* Cborise TH_3. */
-	const struct zcbor_string cbor_th_3 = {
-		.value = ctx->th,
-		.len = ctx->th_len,
-	};
-
-	len = 0;
-	ret = cbor_encode_byte_string_type_bstr_type(
-		cbor_items->th_3, cbor_items->th_3_len, &cbor_th_3, &len);
-
-	if (ZCBOR_SUCCESS != ret || cbor_items->th_3_len != len)
-		return EDHOC_ERROR_CBOR_FAILURE;
-
-	/* CRED_R length. */
-	cbor_items->cred_i = &cbor_items->th_3[cbor_items->th_3_len];
-	len = 0;
-
-	switch (auth_cred->label) {
-	case EDHOC_COSE_HEADER_KID:
-		len += auth_cred->key_id.cred_len;
-		len += cbor_bstr_overhead(auth_cred->key_id.cred_len);
-		break;
-
-	case EDHOC_COSE_HEADER_X509_CHAIN: {
-		const size_t end_entity_idx =
-			auth_cred->x509_chain.nr_of_certs - 1;
-		len += auth_cred->x509_chain.cert_len[end_entity_idx];
-		len += cbor_bstr_overhead(
-			auth_cred->x509_chain.cert_len[end_entity_idx]);
-		break;
-	}
-
-	case EDHOC_COSE_HEADER_X509_HASH:
-		len += auth_cred->x509_hash.cert_len;
-		len += cbor_bstr_overhead(auth_cred->x509_hash.cert_len);
-		break;
-
-	default:
-		return EDHOC_ERROR_CREDENTIALS_FAILURE;
-	}
-
-	cbor_items->cred_i_len = len;
-
-	/* Cborise CRED_R. */
-	struct zcbor_string cbor_cred_i = { 0 };
-
-	switch (auth_cred->label) {
-	case EDHOC_COSE_HEADER_KID:
-		cbor_cred_i.value = auth_cred->key_id.cred;
-		cbor_cred_i.len = auth_cred->key_id.cred_len;
-		break;
-
-	case EDHOC_COSE_HEADER_X509_CHAIN: {
-		const size_t end_entity_idx =
-			auth_cred->x509_chain.nr_of_certs - 1;
-		cbor_cred_i.value = auth_cred->x509_chain.cert[end_entity_idx];
-		cbor_cred_i.len =
-			auth_cred->x509_chain.cert_len[end_entity_idx];
-		break;
-	}
-
-	case EDHOC_COSE_HEADER_X509_HASH:
-		cbor_cred_i.value = auth_cred->x509_hash.cert;
-		cbor_cred_i.len = auth_cred->x509_hash.cert_len;
-		break;
-
-	default:
-		return EDHOC_ERROR_CREDENTIALS_FAILURE;
-	}
-
-	if (EDHOC_COSE_HEADER_KID == auth_cred->label &&
-	    true == auth_cred->key_id.cred_is_cbor) {
-		memcpy(cbor_items->cred_i, auth_cred->key_id.cred,
-		       auth_cred->key_id.cred_len);
-		cbor_items->cred_i_len = auth_cred->key_id.cred_len;
-	} else {
-		len = 0;
-		ret = cbor_encode_byte_string_type_bstr_type(
-			cbor_items->cred_i, cbor_items->cred_i_len,
-			&cbor_cred_i, &len);
-
-		if (ZCBOR_SUCCESS != ret || cbor_items->cred_i_len != len)
-			return EDHOC_ERROR_CBOR_FAILURE;
-	}
-
-	/* EAD_3 length. */
-	if (0 != ctx->nr_of_ead_tokens) {
-		len = 0;
-		for (size_t i = 0; i < ctx->nr_of_ead_tokens; ++i) {
-			len += cbor_int_mem_req(ctx->ead_token[i].label);
-			len += 1; // cbor boolean
-			len += ctx->ead_token[i].value_len;
-			len += cbor_bstr_overhead(ctx->ead_token[i].value_len);
-		}
-
-		cbor_items->is_ead_3 = true;
-		cbor_items->ead_3 = &cbor_items->cred_i[cbor_items->cred_i_len];
-		cbor_items->ead_3_len = len;
-	} else {
-		cbor_items->is_ead_3 = false;
-		cbor_items->ead_3 = NULL;
-		cbor_items->ead_3_len = 0;
-	}
-
-	/* Cborise EAD_3 if present. */
-	if (true == cbor_items->is_ead_3) {
-		struct ead_ ead_tokens = { ._ead_count =
-						   ctx->nr_of_ead_tokens };
-
-		for (size_t i = 0; i < ctx->nr_of_ead_tokens; ++i) {
-			ead_tokens._ead[i]._ead_label = ctx->ead_token[i].label;
-			ead_tokens._ead[i]._ead_value_present =
-				(NULL != ctx->ead_token[i].value);
-			ead_tokens._ead[i]._ead_value.value =
-				ctx->ead_token[i].value;
-			ead_tokens._ead[i]._ead_value.len =
-				ctx->ead_token[i].value_len;
-		}
-
-		len = 0;
-		ret = cbor_encode_ead(cbor_items->ead_3, cbor_items->ead_3_len,
-				      &ead_tokens, &len);
-
-		if (ZCBOR_SUCCESS != ret)
-			return EDHOC_ERROR_CBOR_FAILURE;
-
-		cbor_items->ead_3_len = len;
-	}
+ */
+static int comp_ciphertext(const struct edhoc_context *ctx, const uint8_t *key,
+			   size_t key_len, const uint8_t *iv, size_t iv_len,
+			   const uint8_t *aad, size_t aad_len,
+			   const uint8_t *ptxt, size_t ptxt_len, uint8_t *ctxt,
+			   size_t ctxt_size, size_t *ctxt_len);
 
-	const size_t encoded_bytes =
-		cbor_items->id_cred_i_len + cbor_items->th_3_len +
-		cbor_items->cred_i_len + cbor_items->ead_3_len;
+/**
+ * \brief Compute transcript hash 4.
+ *
+ * \param[in,out] ctx		EDHOC context.
+ * \param[in] mac_ctx        	MAC context.
+ * \param[in] ptxt		Buffer containing the PLAINTEXT_3.
+ * \param ptxt_len              Size of the \p ptxt buffer in bytes.
+ *
+ * \return EDHOC_SUCCESS on success, otherwise failure.
+ */
+static int comp_th_4(struct edhoc_context *ctx,
+		     const struct mac_context *mac_ctx, const uint8_t *ptxt,
+		     size_t ptxt_len);
 
-	if (encoded_bytes > cbor_items->buf_len)
-		return EDHOC_ERROR_BUFFER_TOO_SMALL;
+/**
+ * \brief Generate edhoc message 3.
+ *
+ * \param[in] ctxt	        Buffer continas the ciphertext.
+ * \param ctxt_len	        Size of the \p ctxt buffer in bytes.
+ * \param[out] msg_3            Buffer where the generated message 3 is to be written.
+ * \param msg_3_size            Size of the \p msg_3 buffer in bytes.
+ * \param[out] msg_3_len        On success, the number of bytes that make up the message 3.
+ *
+ * \return EDHOC_SUCCESS on success, otherwise failure.
+ */
+static int gen_msg_3(const uint8_t *ctxt, size_t ctxt_len, uint8_t *msg_3,
+		     size_t msg_3_size, size_t *msg_3_len);
 
-	cbor_items->buf_len = encoded_bytes;
-	return EDHOC_SUCCESS;
-}
+/**
+ * \brief CBOR decode message 3 and save address and length for CIPHERTEXT_3.
+ *
+ * \param[in] msg_3     	Buffer containing the message 3.
+ * \param msg_3_len     	Size of the \p msg_3 buffer in bytes.
+ * \param[out] ctxt_3	        Pointer to buffer containing the CIPHERTEXT_3.
+ * \param[out] ctxt_3_len	Size of the \p ctxt_3 buffer in bytes.
+ *
+ * \return EDHOC_SUCCESS on success, otherwise failure.
+ */
+static int parse_msg_3(const uint8_t *msg_3, size_t msg_3_len,
+		       const uint8_t **ctxt_3, size_t *ctxt_3_len);
 
-static int comp_mac_3_len(enum edhoc_role role, const struct edhoc_context *ctx,
-			  size_t *mac_3_len)
-{
-	if (NULL == ctx || NULL == mac_3_len)
-		return EDHOC_ERROR_INVALID_ARGUMENT;
+/**
+ * \brief Decrypt CIPHERTEXT_3.
+ *
+ * \param[in] ctx		EDHOC context.
+ * \param[in] key		Buffer containing the K_3.
+ * \param key_len	        Size of the \p key buffer in bytes.
+ * \param[in] iv	        Buffer containing the IV_3.
+ * \param iv_len                Size of the \p iv buffer in bytes.
+ * \param[in] aad	        Buffer containing the AAD_3.
+ * \param aad_len               Size of the \p aad buffer in bytes.
+ * \param[in] ctxt	        Pointer to buffer containing the CIPHERTEXT_3.
+ * \param ctxt_len	        Size of the \p ctxt buffer in bytes.
+ * \param[out] ptxt	        Buffer where the decrypted PLAINTEXT_3 is to be written.
+ * \param ptxt_len	        Size of the \p ptxt buffer in bytes.
+ *
+ * \return EDHOC_SUCCESS on success, otherwise failure.
+ */
+static int decrypt_ciphertext(const struct edhoc_context *ctx,
+			      const uint8_t *key, size_t key_len,
+			      const uint8_t *iv, size_t iv_len,
+			      const uint8_t *aad, size_t aad_len,
+			      const uint8_t *ctxt, size_t ctxt_len,
+			      uint8_t *ptxt, size_t ptxt_len);
 
-	const struct edhoc_cipher_suite csuite =
-		ctx->csuite[ctx->chosen_csuite_idx];
+/**
+ * \brief Parsed cborised PLAINTEXT_3 for separate buffers.
+ *
+ * \param[in] ctx		EDHOC context.
+ * \param[in] ptxt		Buffer containing the PLAINTEXT_3.
+ * \param ptxt_len              Size of the \p ptxt buffer in bytes.
+ * \param[out] parsed_ptxt     	Structure where parsed PLAINTEXT_3 is to be written.
+ *
+ * \return EDHOC_SUCCESS on success, otherwise failure.
+ */
+static int parse_plaintext(struct edhoc_context *ctx, const uint8_t *ptxt,
+			   size_t ptxt_len, struct plaintext *parsed_ptxt);
 
-	if (role == initiator) {
-		switch (ctx->method) {
-		case EDHOC_METHOD_0:
-		case EDHOC_METHOD_1:
-			*mac_3_len = csuite.hash_length;
-			return EDHOC_SUCCESS;
-
-		case EDHOC_METHOD_2:
-		case EDHOC_METHOD_3:
-			*mac_3_len = csuite.mac_length;
-			return EDHOC_SUCCESS;
-		}
-	}
+/**
+ * \brief Compute SALT_4e3m.
+ * 
+ * \param[in] ctx               EDHOC context.
+ * \param[out] salt             Buffer where the generated salt is to be written.
+ * \param salt_len              Size of the \p salt buffer in bytes.
+ *
+ * \return EDHOC_SUCCESS on success, otherwise failure.
+ */
+static int comp_salt_4e3m(const struct edhoc_context *ctx, uint8_t *salt,
+			  size_t salt_len);
 
-	if (role == responder) {
-		switch (ctx->method) {
-		case EDHOC_METHOD_0:
-		case EDHOC_METHOD_1:
-			*mac_3_len = csuite.hash_length;
-			return EDHOC_SUCCESS;
-
-		case EDHOC_METHOD_2:
-		case EDHOC_METHOD_3:
-			*mac_3_len = csuite.mac_length;
-			return EDHOC_SUCCESS;
-		}
-	}
+/**
+ * \brief Compute G_IY for PRK_4e3m.
+ * 
+ * \param[in,out] ctx           EDHOC context.
+ * \param[in] auth_cred         Authentication credentials.
+ * \param[in] pub_key           Peer public key.
+ * \param pub_key_len           Peer public key length.
+ * \param[out] giy              Buffer where the generated G_IY is to be written.
+ * \param giy_len               Size of the \p giy buffer in bytes.
+ *
+ * \return EDHOC_SUCCESS on success, otherwise failure.
+ */
+static int comp_giy(struct edhoc_context *ctx,
+		    const struct edhoc_auth_creds *auth_cred,
+		    const uint8_t *pub_key, size_t pub_key_len, uint8_t *giy,
+		    size_t giy_len);
 
-	return EDHOC_ERROR_BAD_STATE;
-}
+/* Static function definitions --------------------------------------------- */
 
-static int comp_mac_3(const struct edhoc_context *ctx,
-		      const struct cbor_items *cbor_items, uint8_t *mac_3,
-		      size_t mac_3_len)
+static int comp_prk_4e3m(struct edhoc_context *ctx,
+			 const struct edhoc_auth_creds *auth_cred,
+			 const uint8_t *pub_key, size_t pub_key_len)
 {
-	if (NULL == ctx || NULL == cbor_items || NULL == mac_3 ||
-	    0 == mac_3_len)
+	if (NULL == ctx || NULL == auth_cred)
 		return EDHOC_ERROR_INVALID_ARGUMENT;
 
-	if (EDHOC_PRK_STATE_4E3M != ctx->prk_state)
+	if (EDHOC_PRK_STATE_3E2M != ctx->prk_state)
 		return EDHOC_ERROR_BAD_STATE;
 
-	int ret = EDHOC_ERROR_GENERIC_ERROR;
-
-	struct info input_info = {
-		._info_label = EDHOC_EXTRACT_PRK_INFO_LABEL_MAC_3,
-		._info_context.value = cbor_items->buf,
-		._info_context.len = cbor_items->buf_len,
-		._info_length = (uint32_t)mac_3_len,
-	};
-
-	/* Calculate struct info cbor overhead. */
-	size_t len = 0;
-	len += cbor_int_mem_req(EDHOC_EXTRACT_PRK_INFO_LABEL_MAC_3);
-	len += cbor_items->buf_len + cbor_bstr_overhead(cbor_items->buf_len);
-	len += cbor_int_mem_req((int32_t)mac_3_len);
-
-	ALLOCATE_ARRAY(uint8_t, info, len);
-	memset(info, 0, ALLOCATE_ARRAY_SIZEOF(info));
-
-	len = 0;
-	ret = cbor_encode_info(info, ARRAY_SIZE_VLA(info), &input_info, &len);
+	switch (ctx->chosen_method) {
+	case EDHOC_METHOD_0:
+	case EDHOC_METHOD_1:
+		ctx->prk_state = EDHOC_PRK_STATE_4E3M;
+		return EDHOC_SUCCESS;
 
-	if (ZCBOR_SUCCESS != ret)
-		return EDHOC_ERROR_CBOR_FAILURE;
+	case EDHOC_METHOD_2:
+	case EDHOC_METHOD_3: {
+		const size_t hash_len =
+			ctx->csuite[ctx->chosen_csuite_idx].hash_length;
 
-	if (NULL != ctx->logger)
-		ctx->logger(ctx->user_ctx, "MAC_3 info", info, len);
+		VLA_ALLOC(uint8_t, salt_4e3m, hash_len);
+		memset(salt_4e3m, 0, VLA_SIZEOF(salt_4e3m));
 
-	uint8_t key_id[EDHOC_KID_LEN] = { 0 };
-	ret = ctx->keys.generate_key(ctx->user_ctx, EDHOC_KT_EXPAND, ctx->prk,
-				     ctx->prk_len, key_id);
+		int ret = comp_salt_4e3m(ctx, salt_4e3m, VLA_SIZE(salt_4e3m));
 
-	if (EDHOC_SUCCESS != ret)
-		return EDHOC_ERROR_CRYPTO_FAILURE;
+		if (EDHOC_SUCCESS != ret)
+			return EDHOC_ERROR_CRYPTO_FAILURE;
 
-	ret = ctx->crypto.expand(ctx->user_ctx, key_id, info, len, mac_3,
-				 mac_3_len);
-	ctx->keys.destroy_key(ctx->user_ctx, key_id);
-	memset(key_id, 0, sizeof(key_id));
+		if (NULL != ctx->logger)
+			ctx->logger(ctx->user_ctx, "SALT_4e3m", salt_4e3m,
+				    VLA_SIZE(salt_4e3m));
 
-	if (EDHOC_SUCCESS != ret)
-		return EDHOC_ERROR_CRYPTO_FAILURE;
+		const size_t ecc_key_len =
+			ctx->csuite[ctx->chosen_csuite_idx].ecc_key_length;
 
-	return EDHOC_SUCCESS;
-}
+		VLA_ALLOC(uint8_t, giy, ecc_key_len);
+		memset(giy, 0, VLA_SIZEOF(giy));
 
-static int comp_sign_or_mac_3_len(enum edhoc_role role,
-				  const struct edhoc_context *ctx,
-				  size_t *sign_or_mac_3_len)
-{
-	if (NULL == ctx || NULL == sign_or_mac_3_len)
-		return EDHOC_ERROR_INVALID_ARGUMENT;
+		ret = comp_giy(ctx, auth_cred, pub_key, pub_key_len, giy,
+			       VLA_SIZE(giy));
 
-	const struct edhoc_cipher_suite csuite =
-		ctx->csuite[ctx->chosen_csuite_idx];
+		if (EDHOC_SUCCESS != ret)
+			return EDHOC_ERROR_CRYPTO_FAILURE;
 
-	if (role == initiator) {
-		switch (ctx->method) {
-		case EDHOC_METHOD_0:
-		case EDHOC_METHOD_1:
-			*sign_or_mac_3_len = csuite.ecc_sign_length;
-			return EDHOC_SUCCESS;
-
-		case EDHOC_METHOD_2:
-		case EDHOC_METHOD_3:
-			*sign_or_mac_3_len = csuite.mac_length;
-			return EDHOC_SUCCESS;
-		}
-	}
+		if (NULL != ctx->logger)
+			ctx->logger(ctx->user_ctx, "G_IY", giy, VLA_SIZE(giy));
 
-	if (role == responder) {
-		switch (ctx->method) {
-		case EDHOC_METHOD_0:
-		case EDHOC_METHOD_1:
-			*sign_or_mac_3_len = csuite.ecc_sign_length;
-			return EDHOC_SUCCESS;
-
-		case EDHOC_METHOD_2:
-		case EDHOC_METHOD_3:
-			*sign_or_mac_3_len = csuite.mac_length;
-			return EDHOC_SUCCESS;
-		}
-	}
+		ctx->prk_len = ctx->csuite[ctx->chosen_csuite_idx].hash_length;
 
-	return EDHOC_ERROR_NOT_PERMITTED;
-}
+		uint8_t key_id[CONFIG_LIBEDHOC_KEY_ID_LEN] = { 0 };
+		ret = ctx->keys.import_key(ctx->user_ctx, EDHOC_KT_EXTRACT, giy,
+					   VLA_SIZE(giy), key_id);
+		memset(giy, 0, VLA_SIZEOF(giy));
 
-static int comp_sign_or_mac_3(const struct edhoc_context *ctx,
-			      const struct edhoc_auth_creds *auth_creds,
-			      const struct cbor_items *cbor_items,
-			      const uint8_t *mac_3, size_t mac_3_len,
-			      uint8_t *sign, size_t sign_len)
-{
-	if (NULL == ctx || NULL == auth_creds || NULL == cbor_items ||
-	    NULL == mac_3 || 0 == mac_3_len || NULL == sign || 0 == sign_len)
-		return EDHOC_ERROR_INVALID_ARGUMENT;
+		if (EDHOC_SUCCESS != ret)
+			return EDHOC_ERROR_CRYPTO_FAILURE;
 
-	int ret = EDHOC_ERROR_GENERIC_ERROR;
+		size_t out_len = 0;
+		ret = ctx->crypto.extract(ctx->user_ctx, key_id, salt_4e3m,
+					  VLA_SIZE(salt_4e3m), ctx->prk,
+					  ctx->prk_len, &out_len);
+		ctx->keys.destroy_key(ctx->user_ctx, key_id);
 
-	switch (ctx->method) {
-	case EDHOC_METHOD_0:
-	case EDHOC_METHOD_1: {
-		const struct sig_structure cose_sign_1 = {
-			._sig_structure_protected.value = cbor_items->id_cred_i,
-			._sig_structure_protected.len =
-				cbor_items->id_cred_i_len,
-			._sig_structure_external_aad.value = cbor_items->th_3,
-			._sig_structure_external_aad.len =
-				cbor_items->th_3_len + cbor_items->cred_i_len +
-				cbor_items->ead_3_len,
-			._sig_structure_payload.value = mac_3,
-			._sig_structure_payload.len = mac_3_len,
-		};
-
-		size_t len = 0;
-		len += sizeof("Signature1") +
-		       cbor_tstr_overhead(sizeof("Signature1"));
-		len += cbor_items->id_cred_i_len +
-		       cbor_bstr_overhead(cbor_items->id_cred_i_len);
-		len += cbor_items->th_3_len + cbor_items->cred_i_len +
-		       cbor_items->ead_3_len +
-		       cbor_bstr_overhead(cbor_items->th_3_len +
-					  cbor_items->cred_i_len +
-					  cbor_items->ead_3_len);
-		len += mac_3_len + cbor_bstr_overhead(mac_3_len);
-
-		ALLOCATE_ARRAY(uint8_t, cose_sign_1_buf, len);
-		memset(cose_sign_1_buf, 0, ALLOCATE_ARRAY_SIZEOF(cose_sign_1_buf));
-
-		len = 0;
-		ret = cbor_encode_sig_structure(cose_sign_1_buf,
-						ARRAY_SIZE_VLA(cose_sign_1_buf),
-						&cose_sign_1, &len);
-
-		if (ZCBOR_SUCCESS != ret)
-			return EDHOC_ERROR_CBOR_FAILURE;
-
-		const size_t cose_sign_1_buf_len = len;
-
-		len = 0;
-		ret = ctx->crypto.signature(
-			ctx->user_ctx, auth_creds->priv_key_id, cose_sign_1_buf,
-			cose_sign_1_buf_len, sign, sign_len, &len);
-
-		if (EDHOC_SUCCESS != ret || sign_len != len)
+		if (EDHOC_SUCCESS != ret || ctx->prk_len != out_len)
 			return EDHOC_ERROR_CRYPTO_FAILURE;
 
+		ctx->prk_state = EDHOC_PRK_STATE_4E3M;
 		return EDHOC_SUCCESS;
 	}
-
-	case EDHOC_METHOD_2:
-	case EDHOC_METHOD_3:
-		memcpy(sign, mac_3, mac_3_len);
-		return EDHOC_SUCCESS;
+	case EDHOC_METHOD_MAX:
+		return EDHOC_ERROR_NOT_PERMITTED;
 	}
 
-	return EDHOC_ERROR_INVALID_SIGN_OR_MAC_2;
+	return EDHOC_ERROR_NOT_PERMITTED;
 }
 
 static int comp_plaintext_3_len(const struct edhoc_context *ctx,
-				const struct cbor_items *cbor_items,
+				const struct mac_context *mac_ctx,
 				size_t sign_len, size_t *plaintext_3_len)
 {
-	if (NULL == ctx || NULL == cbor_items || 0 == sign_len ||
+	if (NULL == ctx || NULL == mac_ctx || 0 == sign_len ||
 	    NULL == plaintext_3_len)
 		return EDHOC_ERROR_INVALID_ARGUMENT;
 
@@ -1384,65 +352,67 @@ static int comp_plaintext_3_len(const struct edhoc_context *ctx,
 
 	switch (ctx->cid.encode_type) {
 	case EDHOC_CID_TYPE_ONE_BYTE_INTEGER:
-		len += cbor_int_mem_req(ctx->cid.int_value);
+		len += edhoc_cbor_int_mem_req(ctx->cid.int_value);
 		break;
 	case EDHOC_CID_TYPE_BYTE_STRING:
 		len += ctx->cid.bstr_length;
-		len += cbor_bstr_overhead(ctx->cid.bstr_length);
+		len += edhoc_cbor_bstr_oh(ctx->cid.bstr_length);
 		break;
 	}
 
-	if (true == cbor_items->id_cred_i_is_comp_enc) {
-		switch (cbor_items->id_cred_i_enc_type) {
+	if (true == mac_ctx->id_cred_is_comp_enc) {
+		switch (mac_ctx->id_cred_enc_type) {
 		case EDHOC_ENCODE_TYPE_INTEGER:
-			len += cbor_int_mem_req(cbor_items->id_cred_i_int);
+			len += edhoc_cbor_int_mem_req(mac_ctx->id_cred_int);
 			break;
 		case EDHOC_ENCODE_TYPE_BYTE_STRING:
-			len += cbor_items->id_cred_i_bstr_len;
-			len += cbor_bstr_overhead(
-				cbor_items->id_cred_i_bstr_len);
+			len += mac_ctx->id_cred_bstr_len;
+			len += edhoc_cbor_bstr_oh(mac_ctx->id_cred_bstr_len);
 			break;
 		}
 	} else {
-		len += cbor_items->id_cred_i_len;
+		len += mac_ctx->id_cred_len;
 	}
 
 	len += sign_len;
-	len += cbor_bstr_overhead(sign_len);
-	len += cbor_items->ead_3_len;
+	len += edhoc_cbor_bstr_oh(sign_len);
+	len += mac_ctx->ead_len;
 
 	*plaintext_3_len = len;
 	return EDHOC_SUCCESS;
 }
 
-static int prepare_plaintext_3(const struct cbor_items *cbor_items,
+static int prepare_plaintext_3(const struct mac_context *mac_ctx,
 			       const uint8_t *sign, size_t sign_len,
 			       uint8_t *ptxt, size_t ptxt_size,
 			       size_t *ptxt_len)
 {
+	if (NULL == mac_ctx || NULL == sign || 0 == sign_len || NULL == ptxt ||
+	    0 == ptxt_size || NULL == ptxt_len)
+		return EDHOC_ERROR_INVALID_ARGUMENT;
+
 	int ret = EDHOC_ERROR_GENERIC_ERROR;
 
 	size_t offset = 0;
 
 	/* ID_CRED_I. */
-	if (cbor_items->id_cred_i_is_comp_enc) {
-		switch (cbor_items->id_cred_i_enc_type) {
+	if (mac_ctx->id_cred_is_comp_enc) {
+		switch (mac_ctx->id_cred_enc_type) {
 		case EDHOC_ENCODE_TYPE_INTEGER:
-			memcpy(&ptxt[offset], &cbor_items->id_cred_i_int, 1);
+			memcpy(&ptxt[offset], &mac_ctx->id_cred_int, 1);
 			offset += 1;
 			break;
 		case EDHOC_ENCODE_TYPE_BYTE_STRING:
-			memcpy(&ptxt[offset], &cbor_items->id_cred_i_bstr,
-			       cbor_items->id_cred_i_bstr_len);
-			offset += cbor_items->id_cred_i_bstr_len;
+			memcpy(&ptxt[offset], &mac_ctx->id_cred_bstr,
+			       mac_ctx->id_cred_bstr_len);
+			offset += mac_ctx->id_cred_bstr_len;
 			break;
 		default:
 			return EDHOC_ERROR_NOT_PERMITTED;
 		}
 	} else {
-		memcpy(&ptxt[offset], cbor_items->id_cred_i,
-		       cbor_items->id_cred_i_len);
-		offset += cbor_items->id_cred_i_len;
+		memcpy(&ptxt[offset], mac_ctx->id_cred, mac_ctx->id_cred_len);
+		offset += mac_ctx->id_cred_len;
 	}
 	const struct zcbor_string cbor_sign_or_mac_3 = {
 		.value = sign,
@@ -1451,19 +421,18 @@ static int prepare_plaintext_3(const struct cbor_items *cbor_items,
 
 	size_t len = 0;
 	ret = cbor_encode_byte_string_type_bstr_type(
-		&ptxt[offset], sign_len + cbor_bstr_overhead(sign_len) + 1,
+		&ptxt[offset], sign_len + edhoc_cbor_bstr_oh(sign_len),
 		&cbor_sign_or_mac_3, &len);
 
-	if (ZCBOR_SUCCESS != ret ||
-	    (sign_len + cbor_bstr_overhead(sign_len)) != len)
+	if (ZCBOR_SUCCESS != ret)
 		return EDHOC_ERROR_CBOR_FAILURE;
 
 	offset += len;
 
 	/* EAD_3 if present. */
-	if (cbor_items->is_ead_3) {
-		memcpy(&ptxt[offset], cbor_items->ead_3, cbor_items->ead_3_len);
-		offset += cbor_items->ead_3_len;
+	if (mac_ctx->is_ead) {
+		memcpy(&ptxt[offset], mac_ctx->ead, mac_ctx->ead_len);
+		offset += mac_ctx->ead_len;
 	}
 
 	if (offset > ptxt_size)
@@ -1481,9 +450,9 @@ static int comp_aad_3_len(const struct edhoc_context *ctx, size_t *aad_3_len)
 
 	size_t len = 0;
 
-	len += sizeof("Encrypt0") + cbor_tstr_overhead(sizeof("Encrypt0"));
-	len += 0 + cbor_bstr_overhead(0);
-	len += ctx->th_len + cbor_bstr_overhead(ctx->th_len);
+	len += sizeof("Encrypt0") + edhoc_cbor_tstr_oh(sizeof("Encrypt0"));
+	len += 1; /* One byte for cbor bstr with 0 value. */
+	len += ctx->th_len + edhoc_cbor_bstr_oh(ctx->th_len);
 
 	*aad_3_len = len;
 	return EDHOC_SUCCESS;
@@ -1505,35 +474,35 @@ static int comp_key_iv_aad(const struct edhoc_context *ctx, uint8_t *key,
 	const struct edhoc_cipher_suite csuite =
 		ctx->csuite[ctx->chosen_csuite_idx];
 
-	uint8_t key_id[EDHOC_KID_LEN] = { 0 };
+	uint8_t key_id[CONFIG_LIBEDHOC_KEY_ID_LEN] = { 0 };
 	struct info input_info = { 0 };
 
 	/* Calculate struct info cbor overhead. */
 	size_t len = 0;
-	len += cbor_int_mem_req(EDHOC_EXTRACT_PRK_INFO_LABEL_IV_3);
-	len += ctx->th_len + cbor_bstr_overhead(ctx->th_len);
-	len += cbor_int_mem_req((int32_t)csuite.aead_key_length);
+	len += edhoc_cbor_int_mem_req(EDHOC_EXTRACT_PRK_INFO_LABEL_IV_3);
+	len += ctx->th_len + edhoc_cbor_bstr_oh(ctx->th_len);
+	len += edhoc_cbor_int_mem_req((int32_t)csuite.aead_key_length);
 
-	ALLOCATE_ARRAY(uint8_t, info, len);
-	memset(info, 0, ALLOCATE_ARRAY_SIZEOF(info));
+	VLA_ALLOC(uint8_t, info, len);
+	memset(info, 0, VLA_SIZEOF(info));
 
 	/* Generate K_3. */
 	input_info = (struct info){
-		._info_label = EDHOC_EXTRACT_PRK_INFO_LABEL_K_3,
-		._info_context.value = ctx->th,
-		._info_context.len = ctx->th_len,
-		._info_length = (uint32_t)csuite.aead_key_length,
+		.info_label = EDHOC_EXTRACT_PRK_INFO_LABEL_K_3,
+		.info_context.value = ctx->th,
+		.info_context.len = ctx->th_len,
+		.info_length = (uint32_t)csuite.aead_key_length,
 	};
 
-	memset(info, 0, sizeof(info));
+	memset(info, 0, VLA_SIZEOF(info));
 	len = 0;
-	ret = cbor_encode_info(info, ARRAY_SIZE_VLA(info), &input_info, &len);
+	ret = cbor_encode_info(info, VLA_SIZE(info), &input_info, &len);
 
 	if (ZCBOR_SUCCESS != ret)
 		return EDHOC_ERROR_CBOR_FAILURE;
 
-	ret = ctx->keys.generate_key(ctx->user_ctx, EDHOC_KT_EXPAND, ctx->prk,
-				     ctx->prk_len, key_id);
+	ret = ctx->keys.import_key(ctx->user_ctx, EDHOC_KT_EXPAND, ctx->prk,
+				   ctx->prk_len, key_id);
 
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_CRYPTO_FAILURE;
@@ -1548,21 +517,21 @@ static int comp_key_iv_aad(const struct edhoc_context *ctx, uint8_t *key,
 
 	/* Generate IV_3. */
 	input_info = (struct info){
-		._info_label = EDHOC_EXTRACT_PRK_INFO_LABEL_IV_3,
-		._info_context.value = ctx->th,
-		._info_context.len = ctx->th_len,
-		._info_length = (uint32_t)csuite.aead_iv_length,
+		.info_label = EDHOC_EXTRACT_PRK_INFO_LABEL_IV_3,
+		.info_context.value = ctx->th,
+		.info_context.len = ctx->th_len,
+		.info_length = (uint32_t)csuite.aead_iv_length,
 	};
 
-	memset(info, 0, sizeof(info));
+	memset(info, 0, VLA_SIZEOF(info));
 	len = 0;
-	ret = cbor_encode_info(info, ARRAY_SIZE_VLA(info), &input_info, &len);
+	ret = cbor_encode_info(info, VLA_SIZE(info), &input_info, &len);
 
 	if (ZCBOR_SUCCESS != ret)
 		return EDHOC_ERROR_CBOR_FAILURE;
 
-	ret = ctx->keys.generate_key(ctx->user_ctx, EDHOC_KT_EXPAND, ctx->prk,
-				     ctx->prk_len, key_id);
+	ret = ctx->keys.import_key(ctx->user_ctx, EDHOC_KT_EXPAND, ctx->prk,
+				   ctx->prk_len, key_id);
 
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_CRYPTO_FAILURE;
@@ -1576,10 +545,10 @@ static int comp_key_iv_aad(const struct edhoc_context *ctx, uint8_t *key,
 
 	/* Generate AAD_3. */
 	struct enc_structure cose_enc_0 = {
-		._enc_structure_protected.value = NULL,
-		._enc_structure_protected.len = 0,
-		._enc_structure_external_aad.value = ctx->th,
-		._enc_structure_external_aad.len = ctx->th_len,
+		.enc_structure_protected.value = NULL,
+		.enc_structure_protected.len = 0,
+		.enc_structure_external_aad.value = ctx->th,
+		.enc_structure_external_aad.len = ctx->th_len,
 	};
 
 	len = 0;
@@ -1597,11 +566,16 @@ static int comp_ciphertext(const struct edhoc_context *ctx, const uint8_t *key,
 			   const uint8_t *ptxt, size_t ptxt_len, uint8_t *ctxt,
 			   size_t ctxt_size, size_t *ctxt_len)
 {
+	if (NULL == ctx || NULL == key || 0 == key_len || NULL == iv ||
+	    0 == iv_len || NULL == aad || 0 == aad_len || NULL == ptxt ||
+	    0 == ptxt_len || NULL == ctxt || 0 == ctxt_size || NULL == ctxt_len)
+		return EDHOC_ERROR_INVALID_ARGUMENT;
+
 	int ret = EDHOC_ERROR_GENERIC_ERROR;
 
-	uint8_t key_id[EDHOC_KID_LEN] = { 0 };
-	ret = ctx->keys.generate_key(ctx->user_ctx, EDHOC_KT_ENCRYPT, key,
-				     key_len, key_id);
+	uint8_t key_id[CONFIG_LIBEDHOC_KEY_ID_LEN] = { 0 };
+	ret = ctx->keys.import_key(ctx->user_ctx, EDHOC_KT_ENCRYPT, key,
+				   key_len, key_id);
 
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_CRYPTO_FAILURE;
@@ -1619,10 +593,10 @@ static int comp_ciphertext(const struct edhoc_context *ctx, const uint8_t *key,
 }
 
 static int comp_th_4(struct edhoc_context *ctx,
-		     const struct cbor_items *cbor_items, const uint8_t *ptxt,
+		     const struct mac_context *mac_ctx, const uint8_t *ptxt,
 		     size_t ptxt_len)
 {
-	if (NULL == ctx || NULL == cbor_items || NULL == ptxt || 0 == ptxt_len)
+	if (NULL == ctx || NULL == mac_ctx || NULL == ptxt || 0 == ptxt_len)
 		return EDHOC_ERROR_INVALID_ARGUMENT;
 
 	if (EDHOC_TH_STATE_3 != ctx->th_state)
@@ -1634,12 +608,12 @@ static int comp_th_4(struct edhoc_context *ctx,
 
 	/* Calculate required buffer length for TH_4. */
 	len = 0;
-	len += ctx->th_len + cbor_bstr_overhead(ctx->th_len);
+	len += ctx->th_len + edhoc_cbor_bstr_oh(ctx->th_len);
 	len += ptxt_len;
-	len += cbor_items->cred_i_len;
+	len += mac_ctx->cred_len;
 
-	ALLOCATE_ARRAY(uint8_t, th_4, len);
-	memset(th_4, 0, ALLOCATE_ARRAY_SIZEOF(th_4));
+	VLA_ALLOC(uint8_t, th_4, len);
+	memset(th_4, 0, VLA_SIZEOF(th_4));
 
 	/* TH_3. */
 	const struct zcbor_string cbor_th_3 = {
@@ -1649,7 +623,7 @@ static int comp_th_4(struct edhoc_context *ctx,
 
 	len = 0;
 	ret = cbor_encode_byte_string_type_bstr_type(
-		&th_4[offset], ARRAY_SIZE_VLA(th_4), &cbor_th_3, &len);
+		&th_4[offset], VLA_SIZE(th_4), &cbor_th_3, &len);
 
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_CBOR_FAILURE;
@@ -1661,17 +635,17 @@ static int comp_th_4(struct edhoc_context *ctx,
 	offset += ptxt_len;
 
 	/* CRED_I. */
-	memcpy(&th_4[offset], cbor_items->cred_i, cbor_items->cred_i_len);
-	offset += cbor_items->cred_i_len;
+	memcpy(&th_4[offset], mac_ctx->cred, mac_ctx->cred_len);
+	offset += mac_ctx->cred_len;
 
-	if (ARRAY_SIZE_VLA(th_4) < offset)
+	if (VLA_SIZE(th_4) < offset)
 		return EDHOC_ERROR_BUFFER_TOO_SMALL;
 
 	/* Calculate TH_4. */
 	ctx->th_len = ctx->csuite[ctx->chosen_csuite_idx].hash_length;
 
 	size_t hash_length = 0;
-	ret = ctx->crypto.hash(ctx->user_ctx, th_4, ARRAY_SIZE_VLA(th_4), ctx->th,
+	ret = ctx->crypto.hash(ctx->user_ctx, th_4, VLA_SIZE(th_4), ctx->th,
 			       ctx->th_len, &hash_length);
 
 	if (EDHOC_SUCCESS != ret || ctx->th_len != hash_length)
@@ -1734,11 +708,16 @@ static int decrypt_ciphertext(const struct edhoc_context *ctx,
 			      const uint8_t *ctxt, size_t ctxt_len,
 			      uint8_t *ptxt, size_t ptxt_len)
 {
+	if (NULL == ctx || NULL == key || 0 == key_len || NULL == iv ||
+	    0 == iv_len || NULL == aad || 0 == aad_len || 0 == ctxt_len ||
+	    NULL == ptxt || 0 == ptxt_len)
+		return EDHOC_ERROR_INVALID_ARGUMENT;
+
 	int ret = EDHOC_ERROR_GENERIC_ERROR;
 
-	uint8_t key_id[EDHOC_KID_LEN] = { 0 };
-	ret = ctx->keys.generate_key(ctx->user_ctx, EDHOC_KT_DECRYPT, key,
-				     key_len, key_id);
+	uint8_t key_id[CONFIG_LIBEDHOC_KEY_ID_LEN] = { 0 };
+	ret = ctx->keys.import_key(ctx->user_ctx, EDHOC_KT_DECRYPT, key,
+				   key_len, key_id);
 
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_CRYPTO_FAILURE;
@@ -1772,71 +751,71 @@ static int parse_plaintext(struct edhoc_context *ctx, const uint8_t *ptxt,
 		return EDHOC_ERROR_CBOR_FAILURE;
 
 	/* ID_CRED_I */
-	switch (cbor_ptxt_3._plaintext_3_ID_CRED_I_choice) {
-	case _plaintext_3_ID_CRED_I_int: {
-		parsed_ptxt->auth_creds.label = EDHOC_COSE_HEADER_KID;
-		parsed_ptxt->auth_creds.key_id.encode_type =
+	switch (cbor_ptxt_3.plaintext_3_ID_CRED_I_choice) {
+	case plaintext_3_ID_CRED_I_int_c: {
+		parsed_ptxt->auth_cred.label = EDHOC_COSE_HEADER_KID;
+		parsed_ptxt->auth_cred.key_id.encode_type =
 			EDHOC_ENCODE_TYPE_INTEGER;
-		parsed_ptxt->auth_creds.key_id.key_id_int =
-			cbor_ptxt_3._plaintext_3_ID_CRED_I_int;
+		parsed_ptxt->auth_cred.key_id.key_id_int =
+			cbor_ptxt_3.plaintext_3_ID_CRED_I_int;
 		break;
 	}
 
-	case _plaintext_3_ID_CRED_I_bstr:
-		parsed_ptxt->auth_creds.label = EDHOC_COSE_HEADER_KID;
-		parsed_ptxt->auth_creds.key_id.encode_type =
+	case plaintext_3_ID_CRED_I_bstr_c:
+		parsed_ptxt->auth_cred.label = EDHOC_COSE_HEADER_KID;
+		parsed_ptxt->auth_cred.key_id.encode_type =
 			EDHOC_ENCODE_TYPE_BYTE_STRING;
-		parsed_ptxt->auth_creds.key_id.key_id_bstr_length =
-			cbor_ptxt_3._plaintext_3_ID_CRED_I_bstr.len;
-		memcpy(parsed_ptxt->auth_creds.key_id.key_id_bstr,
-		       cbor_ptxt_3._plaintext_3_ID_CRED_I_bstr.value,
-		       cbor_ptxt_3._plaintext_3_ID_CRED_I_bstr.len);
+		parsed_ptxt->auth_cred.key_id.key_id_bstr_length =
+			cbor_ptxt_3.plaintext_3_ID_CRED_I_bstr.len;
+		memcpy(parsed_ptxt->auth_cred.key_id.key_id_bstr,
+		       cbor_ptxt_3.plaintext_3_ID_CRED_I_bstr.value,
+		       cbor_ptxt_3.plaintext_3_ID_CRED_I_bstr.len);
 		break;
 
-	case _plaintext_3_ID_CRED_I__map: {
+	case plaintext_3_ID_CRED_I_map_m_c: {
 		const struct map *cbor_map =
-			&cbor_ptxt_3._plaintext_3_ID_CRED_I__map;
+			&cbor_ptxt_3.plaintext_3_ID_CRED_I_map_m;
 
-		if (cbor_map->_map_x5chain_present) {
-			const struct COSE_X509_ *cose_x509 =
-				&cbor_map->_map_x5chain._map_x5chain;
+		if (cbor_map->map_x5chain_present) {
+			const struct COSE_X509_r *cose_x509 =
+				&cbor_map->map_x5chain.map_x5chain;
 
-			parsed_ptxt->auth_creds.label =
+			parsed_ptxt->auth_cred.label =
 				EDHOC_COSE_HEADER_X509_CHAIN;
 
-			switch (cose_x509->_COSE_X509_choice) {
-			case _COSE_X509_bstr:
-				parsed_ptxt->auth_creds.x509_chain.nr_of_certs =
+			switch (cose_x509->COSE_X509_choice) {
+			case COSE_X509_bstr_c:
+				parsed_ptxt->auth_cred.x509_chain.nr_of_certs =
 					1;
-				parsed_ptxt->auth_creds.x509_chain.cert[0] =
-					cose_x509->_COSE_X509_bstr.value;
-				parsed_ptxt->auth_creds.x509_chain.cert_len[0] =
-					cose_x509->_COSE_X509_bstr.len;
+				parsed_ptxt->auth_cred.x509_chain.cert[0] =
+					cose_x509->COSE_X509_bstr.value;
+				parsed_ptxt->auth_cred.x509_chain.cert_len[0] =
+					cose_x509->COSE_X509_bstr.len;
 				break;
 
-			case _COSE_X509__certs: {
-				parsed_ptxt->auth_creds.x509_chain.nr_of_certs =
-					cose_x509->_COSE_X509__certs_certs_count;
+			case COSE_X509_certs_l_c: {
+				parsed_ptxt->auth_cred.x509_chain.nr_of_certs =
+					cose_x509->COSE_X509_certs_l_certs_count;
 
-				if (ARRAY_SIZE(parsed_ptxt->auth_creds
-						       .x509_chain.cert) <
-				    cose_x509->_COSE_X509__certs_certs_count)
+				if (ARRAY_SIZE(parsed_ptxt->auth_cred.x509_chain
+						       .cert) <
+				    cose_x509->COSE_X509_certs_l_certs_count)
 					return EDHOC_ERROR_BUFFER_TOO_SMALL;
 
 				for (size_t i = 0;
 				     i <
-				     cose_x509->_COSE_X509__certs_certs_count;
+				     cose_x509->COSE_X509_certs_l_certs_count;
 				     ++i) {
-					parsed_ptxt->auth_creds.x509_chain
+					parsed_ptxt->auth_cred.x509_chain
 						.cert[i] =
 						cose_x509
-							->_COSE_X509__certs_certs
+							->COSE_X509_certs_l_certs
 								[i]
 							.value;
-					parsed_ptxt->auth_creds.x509_chain
+					parsed_ptxt->auth_cred.x509_chain
 						.cert_len[i] =
 						cose_x509
-							->_COSE_X509__certs_certs
+							->COSE_X509_certs_l_certs
 								[i]
 							.len;
 				}
@@ -1848,42 +827,41 @@ static int parse_plaintext(struct edhoc_context *ctx, const uint8_t *ptxt,
 			break;
 		}
 
-		if (cbor_map->_map_x5t_present) {
-			parsed_ptxt->auth_creds.label =
+		if (cbor_map->map_x5t_present) {
+			parsed_ptxt->auth_cred.label =
 				EDHOC_COSE_HEADER_X509_HASH;
 
 			const struct COSE_CertHash *cose_x509 =
-				&cbor_map->_map_x5t._map_x5t;
+				&cbor_map->map_x5t.map_x5t;
 
-			parsed_ptxt->auth_creds.x509_hash.cert_fp =
-				cose_x509->_COSE_CertHash_hashValue.value;
-			parsed_ptxt->auth_creds.x509_hash.cert_fp_len =
-				cose_x509->_COSE_CertHash_hashValue.len;
+			parsed_ptxt->auth_cred.x509_hash.cert_fp =
+				cose_x509->COSE_CertHash_hashValue.value;
+			parsed_ptxt->auth_cred.x509_hash.cert_fp_len =
+				cose_x509->COSE_CertHash_hashValue.len;
 
-			switch (cose_x509->_COSE_CertHash_hashAlg_choice) {
-			case _COSE_CertHash_hashAlg_int:
-				parsed_ptxt->auth_creds.x509_hash.encode_type =
+			switch (cose_x509->COSE_CertHash_hashAlg_choice) {
+			case COSE_CertHash_hashAlg_int_c:
+				parsed_ptxt->auth_cred.x509_hash.encode_type =
 					EDHOC_ENCODE_TYPE_INTEGER;
-				parsed_ptxt->auth_creds.x509_hash.alg_int =
-					cose_x509->_COSE_CertHash_hashAlg_int;
+				parsed_ptxt->auth_cred.x509_hash.alg_int =
+					cose_x509->COSE_CertHash_hashAlg_int;
 				break;
-			case _COSE_CertHash_hashAlg_tstr:
-				if (ARRAY_SIZE(parsed_ptxt->auth_creds.x509_hash
+			case COSE_CertHash_hashAlg_tstr_c:
+				if (ARRAY_SIZE(parsed_ptxt->auth_cred.x509_hash
 						       .alg_bstr) <
-				    cose_x509->_COSE_CertHash_hashAlg_tstr.len)
+				    cose_x509->COSE_CertHash_hashAlg_tstr.len)
 					return EDHOC_ERROR_BUFFER_TOO_SMALL;
 
-				parsed_ptxt->auth_creds.x509_hash.encode_type =
+				parsed_ptxt->auth_cred.x509_hash.encode_type =
 					EDHOC_ENCODE_TYPE_BYTE_STRING;
-				parsed_ptxt->auth_creds.x509_hash
+				parsed_ptxt->auth_cred.x509_hash
 					.alg_bstr_length =
-					cose_x509->_COSE_CertHash_hashAlg_tstr
+					cose_x509->COSE_CertHash_hashAlg_tstr
 						.len;
-				memcpy(parsed_ptxt->auth_creds.x509_hash
-					       .alg_bstr,
-				       cose_x509->_COSE_CertHash_hashAlg_tstr
+				memcpy(parsed_ptxt->auth_cred.x509_hash.alg_bstr,
+				       cose_x509->COSE_CertHash_hashAlg_tstr
 					       .value,
-				       cose_x509->_COSE_CertHash_hashAlg_tstr
+				       cose_x509->COSE_CertHash_hashAlg_tstr
 					       .len);
 				break;
 			default:
@@ -1897,189 +875,26 @@ static int parse_plaintext(struct edhoc_context *ctx, const uint8_t *ptxt,
 
 	/* Sign_or_MAC_3 */
 	parsed_ptxt->sign_or_mac =
-		cbor_ptxt_3._plaintext_3_Signature_or_MAC_3.value;
+		cbor_ptxt_3.plaintext_3_Signature_or_MAC_3.value;
 	parsed_ptxt->sign_or_mac_len =
-		cbor_ptxt_3._plaintext_3_Signature_or_MAC_3.len;
+		cbor_ptxt_3.plaintext_3_Signature_or_MAC_3.len;
 
 	/* EAD_3 if present */
-	if (cbor_ptxt_3._plaintext_3_EAD_3_present) {
+	if (cbor_ptxt_3.plaintext_3_EAD_3_m_present) {
 		ctx->nr_of_ead_tokens =
-			cbor_ptxt_3._plaintext_3_EAD_3._ead_x_count;
+			cbor_ptxt_3.plaintext_3_EAD_3_m.EAD_3_count;
 
 		for (size_t i = 0; i < ctx->nr_of_ead_tokens; ++i) {
 			ctx->ead_token[i].label =
-				cbor_ptxt_3._plaintext_3_EAD_3._ead_x[i]
-					._ead_x_ead_label;
+				cbor_ptxt_3.plaintext_3_EAD_3_m.EAD_3[i]
+					.ead_y_ead_label;
 			ctx->ead_token[i].value =
-				cbor_ptxt_3._plaintext_3_EAD_3._ead_x[i]
-					._ead_x_ead_value.value;
+				cbor_ptxt_3.plaintext_3_EAD_3_m.EAD_3[i]
+					.ead_y_ead_value.value;
 			ctx->ead_token[i].value_len =
-				cbor_ptxt_3._plaintext_3_EAD_3._ead_x[i]
-					._ead_x_ead_value.len;
-		}
-	}
-
-	return EDHOC_SUCCESS;
-}
-
-static int verify_sign_or_mac_3(const struct edhoc_context *ctx,
-				const struct cbor_items *cbor_items,
-				const struct plaintext *parsed_ptxt,
-				const uint8_t *pub_key, size_t pub_key_len,
-				const uint8_t *mac_3, size_t mac_3_len)
-{
-	if (NULL == ctx || NULL == cbor_items || NULL == parsed_ptxt ||
-	    NULL == pub_key || 0 == pub_key_len || NULL == mac_3 ||
-	    0 == mac_3_len)
-		return EDHOC_ERROR_INVALID_ARGUMENT;
-
-	int ret = EDHOC_ERROR_GENERIC_ERROR;
-
-	switch (ctx->method) {
-	case EDHOC_METHOD_0:
-	case EDHOC_METHOD_1: {
-		size_t len = 0;
-
-		const struct sig_structure cose_sign_1 = {
-			._sig_structure_protected.value = cbor_items->id_cred_i,
-			._sig_structure_protected.len =
-				cbor_items->id_cred_i_len,
-			._sig_structure_external_aad.value = cbor_items->th_3,
-			._sig_structure_external_aad.len =
-				cbor_items->th_3_len + cbor_items->cred_i_len +
-				cbor_items->ead_3_len,
-			._sig_structure_payload.value = mac_3,
-			._sig_structure_payload.len = mac_3_len,
-		};
-
-		len = 0;
-		len += sizeof("Signature1") +
-		       cbor_tstr_overhead(sizeof("Signature1"));
-		len += cbor_items->id_cred_i_len +
-		       cbor_bstr_overhead(cbor_items->id_cred_i_len);
-		len += cbor_items->th_3_len + cbor_items->cred_i_len +
-		       cbor_items->ead_3_len +
-		       cbor_bstr_overhead(cbor_items->th_3_len +
-					  cbor_items->cred_i_len +
-					  cbor_items->ead_3_len);
-		len += mac_3_len + cbor_bstr_overhead(mac_3_len);
-
-		ALLOCATE_ARRAY(uint8_t, cose_sign_1_buf, len);
-		memset(cose_sign_1_buf, 0, ALLOCATE_ARRAY_SIZEOF(cose_sign_1_buf));
-
-		len = 0;
-		ret = cbor_encode_sig_structure(cose_sign_1_buf,
-						ARRAY_SIZE_VLA(cose_sign_1_buf),
-						&cose_sign_1, &len);
-
-		if (ZCBOR_SUCCESS != ret)
-			return EDHOC_ERROR_CBOR_FAILURE;
-
-		uint8_t key_id[EDHOC_KID_LEN] = { 0 };
-		ret = ctx->keys.generate_key(ctx->user_ctx, EDHOC_KT_VERIFY,
-					     pub_key, pub_key_len, key_id);
-
-		if (EDHOC_SUCCESS != ret)
-			return EDHOC_ERROR_CRYPTO_FAILURE;
-
-		ret = ctx->crypto.verify(ctx->user_ctx, key_id, cose_sign_1_buf,
-					 len, parsed_ptxt->sign_or_mac,
-					 parsed_ptxt->sign_or_mac_len);
-		ctx->keys.destroy_key(ctx->user_ctx, key_id);
-
-		if (EDHOC_SUCCESS != ret)
-			return EDHOC_ERROR_CRYPTO_FAILURE;
-
-		return EDHOC_SUCCESS;
-	}
-
-	case EDHOC_METHOD_2:
-	case EDHOC_METHOD_3: {
-		if (mac_3_len != parsed_ptxt->sign_or_mac_len ||
-		    0 != memcmp(parsed_ptxt->sign_or_mac, mac_3, mac_3_len))
-			return EDHOC_ERROR_INVALID_SIGN_OR_MAC_2;
-
-		return EDHOC_SUCCESS;
-	}
-	default:
-		return EDHOC_ERROR_NOT_PERMITTED;
-	}
-}
-
-static int kid_compact_encoding(const struct edhoc_auth_creds *auth_cred,
-				struct cbor_items *cbor_items)
-{
-	int ret = EDHOC_ERROR_GENERIC_ERROR;
-	size_t len = 0;
-
-	cbor_items->id_cred_i_is_comp_enc = true;
-
-	switch (auth_cred->key_id.encode_type) {
-	case EDHOC_ENCODE_TYPE_INTEGER: {
-		cbor_items->id_cred_i_enc_type = EDHOC_ENCODE_TYPE_INTEGER;
-		if (true == auth_cred->key_id.cred_is_cbor) {
-			cbor_items->id_cred_i_int =
-				auth_cred->key_id.key_id_int;
-		} else {
-			len = 0;
-			ret = cbor_encode_integer_type_int_type(
-				(uint8_t *)&cbor_items->id_cred_i_int,
-				sizeof(cbor_items->id_cred_i_int),
-				&auth_cred->key_id.key_id_int, &len);
-
-			if (ZCBOR_SUCCESS != ret)
-				return EDHOC_ERROR_CBOR_FAILURE;
-		}
-		break;
-	}
-
-	case EDHOC_ENCODE_TYPE_BYTE_STRING: {
-		cbor_items->id_cred_i_enc_type = EDHOC_ENCODE_TYPE_BYTE_STRING;
-
-		if (true == auth_cred->key_id.cred_is_cbor) {
-			if (1 == auth_cred->key_id.key_id_bstr_length) {
-				int32_t val = auth_cred->key_id.key_id_bstr[0];
-				int32_t result = 0;
-
-				len = 0;
-				ret = cbor_decode_integer_type_int_type(
-					(uint8_t *)&val, sizeof(val), &result,
-					&len);
-
-				if (ZCBOR_SUCCESS != ret)
-					return EDHOC_ERROR_CBOR_FAILURE;
-
-				if (true == is_cbor_one_byte_int(result)) {
-					cbor_items->id_cred_i_int = val;
-					cbor_items->id_cred_i_enc_type =
-						EDHOC_ENCODE_TYPE_INTEGER;
-					break;
-				}
-			}
-
-			cbor_items->id_cred_i_bstr_len =
-				auth_cred->key_id.key_id_bstr_length;
-			memcpy(cbor_items->id_cred_i_bstr,
-			       auth_cred->key_id.key_id_bstr,
-			       auth_cred->key_id.key_id_bstr_length);
-		} else {
-			const struct zcbor_string input = {
-				.value = auth_cred->key_id.key_id_bstr,
-				.len = auth_cred->key_id.key_id_bstr_length,
-			};
-
-			ret = cbor_encode_byte_string_type_bstr_type(
-				cbor_items->id_cred_i_bstr,
-				ARRAY_SIZE(cbor_items->id_cred_i_bstr) - 1,
-				&input, &cbor_items->id_cred_i_bstr_len);
-
-			if (ZCBOR_SUCCESS != ret)
-				return EDHOC_ERROR_CBOR_FAILURE;
+				cbor_ptxt_3.plaintext_3_EAD_3_m.EAD_3[i]
+					.ead_y_ead_value.len;
 		}
-		break;
-	}
-	default:
-		return EDHOC_ERROR_NOT_PERMITTED;
 	}
 
 	return EDHOC_SUCCESS;
@@ -2099,34 +914,34 @@ static int comp_salt_4e3m(const struct edhoc_context *ctx, uint8_t *salt,
 	const size_t hash_len = ctx->csuite[ctx->chosen_csuite_idx].hash_length;
 
 	const struct info input_info = {
-		._info_label = EDHOC_EXTRACT_PRK_INFO_LABEL_SALT_4E3M,
-		._info_context.value = ctx->th,
-		._info_context.len = ctx->th_len,
-		._info_length = (uint32_t)hash_len,
+		.info_label = EDHOC_EXTRACT_PRK_INFO_LABEL_SALT_4E3M,
+		.info_context.value = ctx->th,
+		.info_context.len = ctx->th_len,
+		.info_length = (uint32_t)hash_len,
 	};
 
 	size_t len = 0;
-	len += cbor_int_mem_req(EDHOC_EXTRACT_PRK_INFO_LABEL_SALT_4E3M);
-	len += ctx->th_len + cbor_bstr_overhead(ctx->th_len);
-	len += cbor_int_mem_req((int32_t)hash_len);
+	len += edhoc_cbor_int_mem_req(EDHOC_EXTRACT_PRK_INFO_LABEL_SALT_4E3M);
+	len += ctx->th_len + edhoc_cbor_bstr_oh(ctx->th_len);
+	len += edhoc_cbor_int_mem_req((int32_t)hash_len);
 
-	ALLOCATE_ARRAY(uint8_t, info, len);
-	memset(info, 0, ALLOCATE_ARRAY_SIZEOF(info));
+	VLA_ALLOC(uint8_t, info, len);
+	memset(info, 0, VLA_SIZEOF(info));
 
 	len = 0;
-	ret = cbor_encode_info(info, ARRAY_SIZE_VLA(info), &input_info, &len);
+	ret = cbor_encode_info(info, VLA_SIZE(info), &input_info, &len);
 
-	if (ZCBOR_SUCCESS != ret || ARRAY_SIZE_VLA(info) != len)
+	if (ZCBOR_SUCCESS != ret || VLA_SIZE(info) != len)
 		return EDHOC_ERROR_CBOR_FAILURE;
 
-	uint8_t key_id[EDHOC_KID_LEN] = { 0 };
-	ret = ctx->keys.generate_key(ctx->user_ctx, EDHOC_KT_EXPAND, ctx->prk,
-				     ctx->prk_len, key_id);
+	uint8_t key_id[CONFIG_LIBEDHOC_KEY_ID_LEN] = { 0 };
+	ret = ctx->keys.import_key(ctx->user_ctx, EDHOC_KT_EXPAND, ctx->prk,
+				   ctx->prk_len, key_id);
 
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_CRYPTO_FAILURE;
 
-	ret = ctx->crypto.expand(ctx->user_ctx, key_id, info, ARRAY_SIZE_VLA(info),
+	ret = ctx->crypto.expand(ctx->user_ctx, key_id, info, VLA_SIZE(info),
 				 salt, salt_len);
 	ctx->keys.destroy_key(ctx->user_ctx, key_id);
 
@@ -2136,7 +951,7 @@ static int comp_salt_4e3m(const struct edhoc_context *ctx, uint8_t *salt,
 	return EDHOC_SUCCESS;
 }
 
-static int comp_giy(enum edhoc_role role, struct edhoc_context *ctx,
+static int comp_giy(struct edhoc_context *ctx,
 		    const struct edhoc_auth_creds *auth_cred,
 		    const uint8_t *pub_key, size_t pub_key_len, uint8_t *giy,
 		    size_t giy_len)
@@ -2146,8 +961,8 @@ static int comp_giy(enum edhoc_role role, struct edhoc_context *ctx,
 
 	int ret = EDHOC_ERROR_GENERIC_ERROR;
 
-	switch (role) {
-	case initiator: {
+	switch (ctx->role) {
+	case EDHOC_INITIATOR: {
 		size_t secret_len = 0;
 		ret = ctx->crypto.key_agreement(ctx->user_ctx,
 						auth_cred->priv_key_id,
@@ -2161,12 +976,12 @@ static int comp_giy(enum edhoc_role role, struct edhoc_context *ctx,
 		return EDHOC_SUCCESS;
 	}
 
-	case responder: {
-		uint8_t key_id[EDHOC_KID_LEN] = { 0 };
-		ret = ctx->keys.generate_key(ctx->user_ctx,
-					     EDHOC_KT_KEY_AGREEMENT,
-					     ctx->dh_priv_key,
-					     ctx->dh_priv_key_len, key_id);
+	case EDHOC_RESPONDER: {
+		uint8_t key_id[CONFIG_LIBEDHOC_KEY_ID_LEN] = { 0 };
+		ret = ctx->keys.import_key(ctx->user_ctx,
+					   EDHOC_KT_KEY_AGREEMENT,
+					   ctx->dh_priv_key,
+					   ctx->dh_priv_key_len, key_id);
 		ctx->dh_priv_key_len = 0;
 		memset(ctx->dh_priv_key, 0, ARRAY_SIZE(ctx->dh_priv_key));
 
@@ -2227,6 +1042,8 @@ int edhoc_message_3_compose(struct edhoc_context *ctx, uint8_t *msg_3,
 
 	ctx->status = EDHOC_SM_ABORTED;
 	ctx->error_code = EDHOC_ERROR_CODE_UNSPECIFIED_ERROR;
+	ctx->message = EDHOC_MSG_3;
+	ctx->role = EDHOC_INITIATOR;
 
 	int ret = EDHOC_ERROR_GENERIC_ERROR;
 
@@ -2236,7 +1053,7 @@ int edhoc_message_3_compose(struct edhoc_context *ctx, uint8_t *msg_3,
 
 	/* 2. Compose EAD_3 if present. */
 	if (NULL != ctx->ead.compose && 0 != ARRAY_SIZE(ctx->ead_token) - 1) {
-		ret = ctx->ead.compose(ctx->user_ctx, EDHOC_MSG_3,
+		ret = ctx->ead.compose(ctx->user_ctx, ctx->message,
 				       ctx->ead_token,
 				       ARRAY_SIZE(ctx->ead_token) - 1,
 				       &ctx->nr_of_ead_tokens);
@@ -2271,35 +1088,35 @@ int edhoc_message_3_compose(struct edhoc_context *ctx, uint8_t *msg_3,
 		return EDHOC_ERROR_CREDENTIALS_FAILURE;
 
 	/* 4. Compute K_3, IV_3 and AAD_3. */
-	ALLOCATE_ARRAY(uint8_t, key, csuite.aead_key_length);
-	memset(key, 0, ALLOCATE_ARRAY_SIZEOF(key));
+	VLA_ALLOC(uint8_t, key, csuite.aead_key_length);
+	memset(key, 0, VLA_SIZEOF(key));
 
-	ALLOCATE_ARRAY(uint8_t, iv, csuite.aead_iv_length);
-	memset(iv, 0, ALLOCATE_ARRAY_SIZEOF(iv));
+	VLA_ALLOC(uint8_t, iv, csuite.aead_iv_length);
+	memset(iv, 0, VLA_SIZEOF(iv));
 
 	size_t aad_len = 0;
 	ret = comp_aad_3_len(ctx, &aad_len);
 
 	if (EDHOC_SUCCESS != ret)
-		return EDHOC_ERROR_BUFFER_TOO_SMALL;
+		return ret;
 
-	ALLOCATE_ARRAY(uint8_t, aad, aad_len);
-	memset(aad, 0, ALLOCATE_ARRAY_SIZEOF(aad));
+	VLA_ALLOC(uint8_t, aad, aad_len);
+	memset(aad, 0, VLA_SIZEOF(aad));
 
-	ret = comp_key_iv_aad(ctx, key, ARRAY_SIZE_VLA(key), iv, ARRAY_SIZE_VLA(iv),
-			      aad, ARRAY_SIZE_VLA(aad));
+	ret = comp_key_iv_aad(ctx, key, VLA_SIZE(key), iv, VLA_SIZE(iv), aad,
+			      VLA_SIZE(aad));
 
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_CRYPTO_FAILURE;
 
 	if (NULL != ctx->logger) {
-		ctx->logger(ctx->user_ctx, "K_3", key, ARRAY_SIZE_VLA(key));
-		ctx->logger(ctx->user_ctx, "IV_3", iv, ARRAY_SIZE_VLA(iv));
-		ctx->logger(ctx->user_ctx, "AAD_3", aad, ARRAY_SIZE_VLA(aad));
+		ctx->logger(ctx->user_ctx, "K_3", key, VLA_SIZE(key));
+		ctx->logger(ctx->user_ctx, "IV_3", iv, VLA_SIZE(iv));
+		ctx->logger(ctx->user_ctx, "AAD_3", aad, VLA_SIZE(aad));
 	}
 
 	/* 5. Compute PRK_4e3m. */
-	ret = comp_prk_4e3m(initiator, ctx, &auth_creds, NULL, 0);
+	ret = comp_prk_4e3m(ctx, &auth_creds, NULL, 0);
 
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_CRYPTO_FAILURE;
@@ -2307,88 +1124,82 @@ int edhoc_message_3_compose(struct edhoc_context *ctx, uint8_t *msg_3,
 	if (NULL != ctx->logger)
 		ctx->logger(ctx->user_ctx, "PRK_4e3m", ctx->prk, ctx->prk_len);
 
-	/* 6a. Compute required buffer length for context_3. */
-	size_t context_3_len = 0;
-	ret = comp_mac_3_input_len(ctx, &auth_creds, &context_3_len);
+	size_t mac_context_length = 0;
+	ret = edhoc_comp_mac_context_length(ctx, &auth_creds,
+					    &mac_context_length);
 
 	if (EDHOC_SUCCESS != ret)
-		return EDHOC_ERROR_INVALID_MAC_3;
-
-	ALLOCATE_ARRAY(uint8_t, mac_3_content, sizeof(struct cbor_items) + context_3_len);
-	memset(mac_3_content, 0, ALLOCATE_ARRAY_SIZEOF(mac_3_content));
-
-	struct cbor_items *cbor_items = (struct cbor_items *)mac_3_content;
-	cbor_items->buf_len = context_3_len;
+		return ret;
 
 	/* 6b. Cborise items required by context_3. */
-	ret = gen_mac_3_context(ctx, &auth_creds, cbor_items);
+	VLA_ALLOC(uint8_t, mac_3_context_buf,
+		  sizeof(struct mac_context) + mac_context_length);
+	memset(mac_3_context_buf, 0, VLA_SIZEOF(mac_3_context_buf));
+
+	struct mac_context *mac_context = (void *)mac_3_context_buf;
+	mac_context->buf_len = mac_context_length;
 
+	ret = edhoc_comp_mac_context(ctx, &auth_creds, mac_context);
 	if (EDHOC_SUCCESS != ret)
-		return EDHOC_ERROR_INVALID_MAC_3;
+		return ret;
 
 	if (NULL != ctx->logger) {
-		ctx->logger(ctx->user_ctx, "ID_CRED_I", cbor_items->id_cred_i,
-			    cbor_items->id_cred_i_len);
-		ctx->logger(ctx->user_ctx, "TH_3", cbor_items->th_3,
-			    cbor_items->th_3_len);
-		ctx->logger(ctx->user_ctx, "CRED_I", cbor_items->cred_i,
-			    cbor_items->cred_i_len);
-		ctx->logger(ctx->user_ctx, "context_3", cbor_items->buf,
-			    cbor_items->buf_len);
+		ctx->logger(ctx->user_ctx, "ID_CRED_I", mac_context->id_cred,
+			    mac_context->id_cred_len);
+		ctx->logger(ctx->user_ctx, "TH_3", mac_context->th,
+			    mac_context->th_len);
+		ctx->logger(ctx->user_ctx, "CRED_I", mac_context->cred,
+			    mac_context->cred_len);
+		ctx->logger(ctx->user_ctx, "context_3", mac_context->buf,
+			    mac_context->buf_len);
 	}
 
 	/* 6c. Compute Message Authentication Code (MAC_3). */
-	size_t mac_3_len = 0;
-	ret = comp_mac_3_len(initiator, ctx, &mac_3_len);
-
+	size_t mac_length = 0;
+	ret = edhoc_comp_mac_length(ctx, &mac_length);
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_INVALID_MAC_3;
 
-	ALLOCATE_ARRAY(uint8_t, mac_3, mac_3_len);
-	memset(mac_3, 0, ALLOCATE_ARRAY_SIZEOF(mac_3));
-
-	ret = comp_mac_3(ctx, cbor_items, mac_3, ARRAY_SIZE_VLA(mac_3));
-
+	VLA_ALLOC(uint8_t, mac_buf, mac_length);
+	memset(mac_buf, 0, VLA_SIZEOF(mac_buf));
+	ret = edhoc_comp_mac(ctx, mac_context, mac_buf, mac_length);
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_INVALID_MAC_3;
 
-	if (NULL != ctx->logger)
-		ctx->logger(ctx->user_ctx, "MAC_3", mac_3, ARRAY_SIZE_VLA(mac_3));
-
 	/* 7. Compute signature if needed (Signature_or_MAC_3). */
-	size_t sign_or_mac_len = 0;
-	ret = comp_sign_or_mac_3_len(responder, ctx, &sign_or_mac_len);
-
+	size_t sign_or_mac_length = 0;
+	ret = edhoc_comp_sign_or_mac_length(ctx, &sign_or_mac_length);
 	if (EDHOC_SUCCESS != ret)
-		return EDHOC_ERROR_INVALID_SIGN_OR_MAC_3;
-
-	ALLOCATE_ARRAY(uint8_t, sign, sign_or_mac_len);
-	memset(sign, 0, ALLOCATE_ARRAY_SIZEOF(sign));
-
-	ret = comp_sign_or_mac_3(ctx, &auth_creds, cbor_items, mac_3,
-				 ARRAY_SIZE_VLA(mac_3), sign, ARRAY_SIZE_VLA(sign));
-
+		return ret;
+
+	size_t signature_length = 0;
+	VLA_ALLOC(uint8_t, signature, sign_or_mac_length);
+	memset(signature, 0, VLA_SIZEOF(signature));
+	ret = edhoc_comp_sign_or_mac(ctx, &auth_creds, mac_context, mac_buf,
+				     mac_length, signature, VLA_SIZE(signature),
+				     &signature_length);
 	if (EDHOC_SUCCESS != ret)
-		return EDHOC_ERROR_INVALID_SIGN_OR_MAC_3;
+		return ret;
 
 	if (NULL != ctx->logger)
-		ctx->logger(ctx->user_ctx, "Signature_or_MAC_3", sign,
-			    ARRAY_SIZE_VLA(sign));
+		ctx->logger(ctx->user_ctx, "Signature_or_MAC_3", signature,
+			    signature_length);
 
 	/* 8. Prepare plaintext (PLAINTEXT_3). */
 	size_t plaintext_len = 0;
-	ret = comp_plaintext_3_len(ctx, cbor_items, ARRAY_SIZE_VLA(sign),
+	ret = comp_plaintext_3_len(ctx, mac_context, signature_length,
 				   &plaintext_len);
 
 	if (EDHOC_SUCCESS != ret)
-		return EDHOC_ERROR_BUFFER_TOO_SMALL;
+		return ret;
 
-	ALLOCATE_ARRAY(uint8_t, plaintext, plaintext_len);
-	memset(plaintext, 0, ALLOCATE_ARRAY_SIZEOF(plaintext));
+	VLA_ALLOC(uint8_t, plaintext, plaintext_len);
+	memset(plaintext, 0, VLA_SIZEOF(plaintext));
 
 	plaintext_len = 0;
-	ret = prepare_plaintext_3(cbor_items, sign, ARRAY_SIZE_VLA(sign), plaintext,
-				  ARRAY_SIZE_VLA(plaintext), &plaintext_len);
+	ret = prepare_plaintext_3(mac_context, signature, signature_length,
+				  plaintext, VLA_SIZE(plaintext),
+				  &plaintext_len);
 
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_CBOR_FAILURE;
@@ -2399,12 +1210,12 @@ int edhoc_message_3_compose(struct edhoc_context *ctx, uint8_t *msg_3,
 
 	/* 9. Compute ciphertext. */
 	size_t ciphertext_len = 0;
-	ALLOCATE_ARRAY(uint8_t, ciphertext, plaintext_len + csuite.aead_tag_length);
-	memset(ciphertext, 0, ALLOCATE_ARRAY_SIZEOF(ciphertext));
+	VLA_ALLOC(uint8_t, ciphertext, plaintext_len + csuite.aead_tag_length);
+	memset(ciphertext, 0, VLA_SIZEOF(ciphertext));
 
-	ret = comp_ciphertext(ctx, key, ARRAY_SIZE_VLA(key), iv, ARRAY_SIZE_VLA(iv),
-			      aad, ARRAY_SIZE_VLA(aad), plaintext, plaintext_len,
-			      ciphertext, ARRAY_SIZE_VLA(ciphertext),
+	ret = comp_ciphertext(ctx, key, VLA_SIZE(key), iv, VLA_SIZE(iv), aad,
+			      VLA_SIZE(aad), plaintext, plaintext_len,
+			      ciphertext, VLA_SIZE(ciphertext),
 			      &ciphertext_len);
 
 	if (EDHOC_SUCCESS != ret)
@@ -2415,7 +1226,7 @@ int edhoc_message_3_compose(struct edhoc_context *ctx, uint8_t *msg_3,
 			    ciphertext_len);
 
 	/* 10. Compute transcript hash 4. */
-	ret = comp_th_4(ctx, cbor_items, plaintext, plaintext_len);
+	ret = comp_th_4(ctx, mac_context, plaintext, plaintext_len);
 
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_TRANSCRIPT_HASH_FAILURE;
@@ -2473,6 +1284,8 @@ int edhoc_message_3_process(struct edhoc_context *ctx, const uint8_t *msg_3,
 
 	ctx->status = EDHOC_SM_ABORTED;
 	ctx->error_code = EDHOC_ERROR_CODE_UNSPECIFIED_ERROR;
+	ctx->message = EDHOC_MSG_3;
+	ctx->role = EDHOC_RESPONDER;
 
 	int ret = EDHOC_ERROR_GENERIC_ERROR;
 
@@ -2490,11 +1303,11 @@ int edhoc_message_3_process(struct edhoc_context *ctx, const uint8_t *msg_3,
 		return EDHOC_ERROR_MSG_3_PROCESS_FAILURE;
 
 	/* 3. Compute K_3, IV_3 and AAD_3. */
-	ALLOCATE_ARRAY(uint8_t, key, csuite.aead_key_length);
-	memset(key, 0, ALLOCATE_ARRAY_SIZEOF(key));
+	VLA_ALLOC(uint8_t, key, csuite.aead_key_length);
+	memset(key, 0, VLA_SIZEOF(key));
 
-	ALLOCATE_ARRAY(uint8_t, iv, csuite.aead_iv_length);
-	memset(iv, 0, ALLOCATE_ARRAY_SIZEOF(iv));
+	VLA_ALLOC(uint8_t, iv, csuite.aead_iv_length);
+	memset(iv, 0, VLA_SIZEOF(iv));
 
 	size_t aad_len = 0;
 	ret = comp_aad_3_len(ctx, &aad_len);
@@ -2502,39 +1315,38 @@ int edhoc_message_3_process(struct edhoc_context *ctx, const uint8_t *msg_3,
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_BUFFER_TOO_SMALL;
 
-	ALLOCATE_ARRAY(uint8_t, aad, aad_len);
-	memset(aad, 0, ALLOCATE_ARRAY_SIZEOF(aad));
+	VLA_ALLOC(uint8_t, aad, aad_len);
+	memset(aad, 0, VLA_SIZEOF(aad));
 
-	ret = comp_key_iv_aad(ctx, key, ARRAY_SIZE_VLA(key), iv, ARRAY_SIZE_VLA(iv),
-			      aad, ARRAY_SIZE_VLA(aad));
+	ret = comp_key_iv_aad(ctx, key, VLA_SIZE(key), iv, VLA_SIZE(iv), aad,
+			      VLA_SIZE(aad));
 
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_CRYPTO_FAILURE;
 
 	if (NULL != ctx->logger) {
-		ctx->logger(ctx->user_ctx, "K_3", key, ARRAY_SIZE_VLA(key));
-		ctx->logger(ctx->user_ctx, "IV_3", iv, ARRAY_SIZE_VLA(iv));
-		ctx->logger(ctx->user_ctx, "AAD_3", aad, ARRAY_SIZE_VLA(aad));
+		ctx->logger(ctx->user_ctx, "K_3", key, VLA_SIZE(key));
+		ctx->logger(ctx->user_ctx, "IV_3", iv, VLA_SIZE(iv));
+		ctx->logger(ctx->user_ctx, "AAD_3", aad, VLA_SIZE(aad));
 	}
 
 	/* 4. Decrypt ciphertext. */
-	ALLOCATE_ARRAY(uint8_t, ptxt, ctxt_len - csuite.aead_tag_length);
-	memset(ptxt, 0, ALLOCATE_ARRAY_SIZEOF(ptxt));
+	VLA_ALLOC(uint8_t, ptxt, ctxt_len - csuite.aead_tag_length);
+	memset(ptxt, 0, VLA_SIZEOF(ptxt));
 
-	ret = decrypt_ciphertext(ctx, key, ARRAY_SIZE_VLA(key), iv, ARRAY_SIZE_VLA(iv),
-				 aad, ARRAY_SIZE_VLA(aad), ctxt, ctxt_len, ptxt,
-				 ARRAY_SIZE_VLA(ptxt));
+	ret = decrypt_ciphertext(ctx, key, VLA_SIZE(key), iv, VLA_SIZE(iv), aad,
+				 VLA_SIZE(aad), ctxt, ctxt_len, ptxt,
+				 VLA_SIZE(ptxt));
 
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_CRYPTO_FAILURE;
 
 	if (NULL != ctx->logger)
-		ctx->logger(ctx->user_ctx, "PLAINTEXT_3", ptxt,
-			    ARRAY_SIZE_VLA(ptxt));
+		ctx->logger(ctx->user_ctx, "PLAINTEXT_3", ptxt, VLA_SIZE(ptxt));
 
 	/* 5. Parse CBOR plaintext (PLAINTEXT_3). */
 	struct plaintext parsed_ptxt = { 0 };
-	ret = parse_plaintext(ctx, ptxt, ARRAY_SIZE_VLA(ptxt), &parsed_ptxt);
+	ret = parse_plaintext(ctx, ptxt, VLA_SIZE(ptxt), &parsed_ptxt);
 
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_CBOR_FAILURE;
@@ -2542,7 +1354,7 @@ int edhoc_message_3_process(struct edhoc_context *ctx, const uint8_t *msg_3,
 	/* 6. Process EAD_3 if present. */
 	if (NULL != ctx->ead.process && 0 != ARRAY_SIZE(ctx->ead_token) - 1 &&
 	    0 != ctx->nr_of_ead_tokens) {
-		ret = ctx->ead.process(ctx->user_ctx, EDHOC_MSG_3,
+		ret = ctx->ead.process(ctx->user_ctx, ctx->message,
 				       ctx->ead_token, ctx->nr_of_ead_tokens);
 
 		if (EDHOC_SUCCESS != ret)
@@ -2569,7 +1381,7 @@ int edhoc_message_3_process(struct edhoc_context *ctx, const uint8_t *msg_3,
 	/* 7. Verify if credentials from peer are trusted. */
 	const uint8_t *pub_key = NULL;
 	size_t pub_key_len = 0;
-	ret = ctx->cred.verify(ctx->user_ctx, &parsed_ptxt.auth_creds, &pub_key,
+	ret = ctx->cred.verify(ctx->user_ctx, &parsed_ptxt.auth_cred, &pub_key,
 			       &pub_key_len);
 
 	if (EDHOC_SUCCESS != ret) {
@@ -2579,70 +1391,67 @@ int edhoc_message_3_process(struct edhoc_context *ctx, const uint8_t *msg_3,
 	}
 
 	/* 8. Compute PRK_4e3m. */
-	ret = comp_prk_4e3m(responder, ctx, &parsed_ptxt.auth_creds, pub_key,
-			    pub_key_len);
+	ret = comp_prk_4e3m(ctx, &parsed_ptxt.auth_cred, pub_key, pub_key_len);
 
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_CRYPTO_FAILURE;
 
 	/* 9a. Compute required buffer length for context_3. */
-	size_t context_3_len = 0;
-	ret = comp_mac_3_input_len(ctx, &parsed_ptxt.auth_creds,
-				   &context_3_len);
+	size_t mac_context_len = 0;
+	ret = edhoc_comp_mac_context_length(ctx, &parsed_ptxt.auth_cred,
+					    &mac_context_len);
 
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_INVALID_MAC_3;
 
-	ALLOCATE_ARRAY(uint8_t, mac_3_content, sizeof(struct cbor_items) + context_3_len);
-	memset(mac_3_content, 0, ALLOCATE_ARRAY_SIZEOF(mac_3_content));
-
-	struct cbor_items *cbor_items = (struct cbor_items *)mac_3_content;
-	cbor_items->buf_len = context_3_len;
-
 	/* 9b. Cborise items required by context_3. */
-	ret = gen_mac_3_context(ctx, &parsed_ptxt.auth_creds, cbor_items);
+	VLA_ALLOC(uint8_t, mac_3_context_buf,
+		  sizeof(struct mac_context) + mac_context_len);
+	memset(mac_3_context_buf, 0, VLA_SIZEOF(mac_3_context_buf));
+
+	struct mac_context *mac_context = (void *)mac_3_context_buf;
+	mac_context->buf_len = mac_context_len;
 
+	ret = edhoc_comp_mac_context(ctx, &parsed_ptxt.auth_cred, mac_context);
 	if (EDHOC_SUCCESS != ret)
-		return EDHOC_ERROR_INVALID_MAC_3;
+		return ret;
 
 	if (NULL != ctx->logger) {
-		ctx->logger(ctx->user_ctx, "ID_CRED_I", cbor_items->id_cred_i,
-			    cbor_items->id_cred_i_len);
-		ctx->logger(ctx->user_ctx, "TH_3", cbor_items->th_3,
-			    cbor_items->th_3_len);
-		ctx->logger(ctx->user_ctx, "CRED_I", cbor_items->cred_i,
-			    cbor_items->cred_i_len);
-		ctx->logger(ctx->user_ctx, "context_3", cbor_items->buf,
-			    cbor_items->buf_len);
+		ctx->logger(ctx->user_ctx, "C_I", mac_context->conn_id,
+			    mac_context->conn_id_len);
+		ctx->logger(ctx->user_ctx, "ID_CRED_I", mac_context->id_cred,
+			    mac_context->id_cred_len);
+		ctx->logger(ctx->user_ctx, "TH_3", mac_context->th,
+			    mac_context->th_len);
+		ctx->logger(ctx->user_ctx, "CRED_I", mac_context->cred,
+			    mac_context->cred_len);
+		ctx->logger(ctx->user_ctx, "context_3", mac_context->buf,
+			    mac_context->buf_len);
 	}
 
 	/* 9c. Compute Message Authentication Code (MAC_3). */
-	size_t mac_3_len = 0;
-	ret = comp_mac_3_len(initiator, ctx, &mac_3_len);
-
+	size_t mac_length = 0;
+	ret = edhoc_comp_mac_length(ctx, &mac_length);
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_INVALID_MAC_3;
 
-	ALLOCATE_ARRAY(uint8_t, mac_3, mac_3_len);
-	memset(mac_3, 0, ALLOCATE_ARRAY_SIZEOF(mac_3));
-
-	ret = comp_mac_3(ctx, cbor_items, mac_3, ARRAY_SIZE_VLA(mac_3));
-
+	VLA_ALLOC(uint8_t, mac_buf, mac_length);
+	memset(mac_buf, 0, VLA_SIZEOF(mac_buf));
+	ret = edhoc_comp_mac(ctx, mac_context, mac_buf, mac_length);
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_INVALID_MAC_3;
 
-	if (NULL != ctx->logger)
-		ctx->logger(ctx->user_ctx, "MAC_3", mac_3, ARRAY_SIZE_VLA(mac_3));
-
 	/* 10. Verify Signature_or_MAC_3. */
-	ret = verify_sign_or_mac_3(ctx, cbor_items, &parsed_ptxt, pub_key,
-				   pub_key_len, mac_3, ARRAY_SIZE_VLA(mac_3));
+	ret = edhoc_verify_sign_or_mac(ctx, mac_context, pub_key, pub_key_len,
+				       parsed_ptxt.sign_or_mac,
+				       parsed_ptxt.sign_or_mac_len, mac_buf,
+				       mac_length);
 
 	if (EDHOC_SUCCESS != ret)
-		return EDHOC_ERROR_INVALID_SIGN_OR_MAC_3;
+		return EDHOC_ERROR_INVALID_SIGN_OR_MAC_2;
 
 	/* 11. Compute transcript hash 4. */
-	ret = comp_th_4(ctx, cbor_items, ptxt, ARRAY_SIZE_VLA(ptxt));
+	ret = comp_th_4(ctx, mac_context, ptxt, VLA_SIZE(ptxt));
 
 	if (EDHOC_SUCCESS != ret)
 		return EDHOC_ERROR_TRANSCRIPT_HASH_FAILURE;