TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / a0f4b595c52ab797a0ae93353994f4e81c8e6024^! / . / include / psa / crypto.h
commita0f4b595c52ab797a0ae93353994f4e81c8e6024[log] [tgz]
authorAndrew Thoelke <andrew.thoelke@arm.com>Thu Jun 24 16:47:14 2021 +0100
committerGitHub <noreply@github.com>Thu Jun 24 16:47:14 2021 +0100
tree0715d888014dbf3dbaa275d03bc20203a91ea82c
parentfedd52ca19cbc8e20f7f34b13d0d1732c3d1d7b9 [diff] [blame]
Fixes for PBKDF2 documentation

Fix typos in the PBKDF2 documentation

Correct the constraints on PSA_KEY_USAGE_DERIVE and PSA_KEY_USAGE_VERIFY_DERIVATION, aligning them with the note against psa_key_derivation_input_key(). All key inputs must have the required usage flag to permit output or verification.

Correct the constraints on PSA_KEY_DERIVATION_INPUT_SECRET and PSA_KEY_DERIVATION_INPUT_PASSWORD, aligning them with 4feb611. psa_key_derivation_verify_key() does not require the secret/password input to be a key.

Signed-off-by: Andrew Thoelke <andrew.thoelke@arm.com>
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 3532fef..b3ef363 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h

@@ -3805,7 +3805,7 @@
  * This function calculates output bytes from a key derivation algorithm and
  * compares those bytes to an expected value in constant time.
  * If you view the key derivation's output as a stream of bytes, this
- * function destructively reads the requested number of bytes from the
+ * function destructively reads the expected number of bytes from the
  * stream before comparing them.
  * The operation's capacity decreases by the number of bytes read.
  *
@@ -3824,13 +3824,13 @@
  * psa_key_derivation_abort().
  *
  * \param[in,out] operation The key derivation operation object to read from.
- * \param[in] expected_output Buffer where the output will be written.
+ * \param[in] expected_output Buffer containing the expected derivation output.
  * \param output_length     Length ot the expected output; this is also the
  *                          number of bytes that will be read.
  *
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The output was read successfully, but if differs from the expected
+ *         The output was read successfully, but it differs from the expected
  *         output.
  * \retval #PSA_ERROR_NOT_PERMITTED
  *         One of the inputs was a key whose policy didn't allow
@@ -3840,7 +3840,7 @@
  *                          \p output_length bytes. Note that in this case,
  *                          the operation's capacity is set to 0, thus
  *                          subsequent calls to this function will not
- *                          succeed, even with a smaller output buffer.
+ *                          succeed, even with a smaller expected output.
  * \retval #PSA_ERROR_BAD_STATE
  *         The operation state is not valid (it must be active and completed
  *         all required input steps).
@@ -3905,7 +3905,7 @@
  *                          the length of the expected value. In this case,
  *                          the operation's capacity is set to 0, thus
  *                          subsequent calls to this function will not
- *                          succeed, even with a smaller output buffer.
+ *                          succeed, even with a smaller expected output.
  * \retval #PSA_ERROR_BAD_STATE
  *         The operation state is not valid (it must be active and completed
  *         all required input steps).