Documentation fixes
Move MBEDTLS_ECP_MAX_BYTES to a proper place,
adjust comments and descriptions, move includes
to the top of the file
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index 5b90de1..908fe5c 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -40,6 +40,9 @@
* (assuming ECP_MAX_BYTES is less than 126 for r and s,
* and less than 124 (total len <= 255) for the sequence)
*/
+#if MBEDTLS_ECP_MAX_BYTES > 124
+#error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN"
+#endif
/**
* \brief Maximum ECDSA signature size for a given curve bit size
@@ -52,10 +55,6 @@
* this is a problem, call the function
* mbedtls_ecdsa_max_sig_len instead.
*/
-#if MBEDTLS_ECP_MAX_BYTES > 124
-#error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN"
-#endif
-
#define MBEDTLS_ECDSA_MAX_SIG_LEN( bits ) \
( /*T,L of SEQUENCE*/ ( ( bits ) >= 61 * 8 ? 3 : 2 ) + \
/*T,L of r,s*/ 2 * ( ( ( bits ) >= 127 * 8 ? 3 : 2 ) + \
@@ -237,8 +236,7 @@
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
/**
- * \brief Convert a signature from numbers to ASN.1 INTEGER's,
- * then both packed together as parts of an ASN.1 SEQUENCE
+ * \brief Convert a signature from numbers to ASN.1
*
* \param r First number of the signature
* \param s Second number of the signature
@@ -250,6 +248,11 @@
* `MBEDTLS_ECDSA_MAX_SIG_LEN(grp->pbits)` bytes long if
* the signature was produced from curve \c grp,
* otherwise this function will return an error.
+ * The output ASN.1 SEQUENCE format is as follows:
+ * Ecdsa-Sig-Value ::= SEQUENCE {
+ * r INTEGER,
+ * s INTEGER
+ * }
*
* \return 0 if successful,
* or a MBEDTLS_ERR_MPI_XXX or MBEDTLS_ERR_ASN1_XXX error code
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 36fdea5..0396ea8 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -80,8 +80,11 @@
/**@{*/
/**
- * \brief Asymmetric operation context types
- */
+ * \brief Asymmetric operation context types
+ *
+ * \note An opaque key may be an RSA or ECC key or a key of an
+ * unrecognized type. Call \c mbedtls_pk_can_do() to check
+ * whether a key is of a recognized type. */
typedef enum {
MBEDTLS_PK_NONE=0, /**< Unused context object */
MBEDTLS_PK_RSA, /**< RSA key pair (normal software implementation) with PKCS#1 v1.5 or PSS context */
@@ -90,10 +93,7 @@
MBEDTLS_PK_ECDSA, /**< ECC key pair with ECDSA context */
MBEDTLS_PK_RSA_ALT, /**< RSA (alternative implementation) */
MBEDTLS_PK_RSASSA_PSS, /**< RSA key pair; same context as MBEDTLS_PK_RSA, but used to represent keys with the algorithm identifier id-RSASSA-PSS */
- /** Opaque key pair (cryptographic material held in an external module).
- * This may be an RSA or ECC key or a key of an unrecognized type. Call
- * \c mbedtls_pk_can_do() to check whether a key is of a recognized type. */
- MBEDTLS_PK_OPAQUE,
+ MBEDTLS_PK_OPAQUE, /**< Opaque key pair (cryptographic material held in an external module).*/
} mbedtls_pk_type_t;
/**