commit b711a987d3e00adb2980364bbcbee5488d70d7c2
author Valerio Setti <valerio.setti@nordicsemi.no> Mon Mar 18 17:12:49 2024 +0100
committer Valerio Setti <valerio.setti@nordicsemi.no> Thu Apr 04 09:42:01 2024 +0200
tree f4d29fd48219ef97c161579f7cabb09c2f124213
parent 7ab1861163399ff41f24b7d47dba1d8d06e8d13d

pk: improve documentation of mbedtls_pk_setup_opaque()

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

include/mbedtls/pk.h

diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 97af0a1..4113895 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -374,10 +374,19 @@
  *                  operations and, based on the key type, used algorithms will be:
  *                  * EC:
  *                      * verify: #PSA_ALG_ECDSA_ANY;
- *                      * sign: try both deterministic and non-deterministic ECDSA.
+ *                      * sign: try #PSA_ALG_DETERMINISTIC_ECDSA() first and, in
+ *                        case it fails, try with #PSA_ALG_ECDSA().
  *                  * RSA:
  *                      * sign: #PSA_ALG_RSA_PKCS1V15_SIGN();
- *                      * decrypt: #PSA_ALG_RSA_PKCS1V15_CRYPT.
+ *                      * sign_ext: use the algorithm associated with the wrapped
+ *                        PSA key;
+ *                      * verify: not supported;
+ *                      * verify_ext: not supported;
+ *                      * decrypt: #PSA_ALG_RSA_PKCS1V15_CRYPT;
+ *                      * encrypt: not supported.
+ *                  In order to have above mentioned operations to succeed it is
+ *                  mandatory that the wrapped PSA key allows the specified
+ *                  algorithm in its policy.
  *
  * \param ctx       The context to initialize. It must be empty (type NONE).
  * \param key       The PSA key to wrap, which must hold an ECC or RSA key