PSA PAKE: improve documentation
Signed-off-by: Janos Follath <janos.follath@arm.com>
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index dd99839..66c9f9c 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -1606,9 +1606,10 @@
* party who used the same password is able to compute the key. But there is no
* guarantee that the peer is the party it claims to be and was able to do so.
*
- * That is, the authentication is only implicit (the peer is not authenticated
- * at this point, and no action should be taken that assume that they are - like
- * for example accessing restricted files).
+ * That is, the authentication is only implicit. Since the peer is not
+ * authenticated yet, no action should be taken yet that assumes that the peer
+ * is who it claims to be. For example, do not access restricted files on the
+ * peer's behalf until an explicit authentication has succeeded.
*
* This function can be called after the key exchange phase of the operation
* has completed. It imports the shared secret output of the PAKE into the
@@ -1683,8 +1684,9 @@
/** A sufficient input buffer size for psa_pake_input().
*
- * If the size of the input is larger than this, it is guaranteed
- * that psa_pake_input() will fail with #PSA_ERROR_INVALID_ARGUMENT.
+ * The value returned by this macro is guaranteed to be large enough for any
+ * valid input to psa_pake_input() in an operation with the specified
+ * parameters.
*
* See also #PSA_PAKE_INPUT_MAX_SIZE
*