psa: Expand documentation for psa_key_agreement()

Document `peer_key` parameter requirements, including an explanation of how the peer key is used and an example for EC keys.
2024-11-23 19:55:44 +01:00 · 2019-01-14 16:56:20 +00:00 · 2019-01-14 16:56:20 +00:00 · 8afbff82dd
commit 8afbff82dd
parent 08ad32721c
1 changed files with 22 additions and 15 deletions
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@ -2136,21 +2136,28 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
 * The resulting generator always has the maximum capacity permitted by
 * the algorithm.
 *
- * \param[in,out] generator       The generator object to set up. It must have
+ * \param[in,out] generator The generator object to set up. It must have been
- *                                been initialized as per the documentation for
+ *                          initialized as per the documentation for
- *                                #psa_crypto_generator_t and not yet in use.
+ *                          #psa_crypto_generator_t and not yet in use.
- * \param private_key             Handle to the private key to use.
+ * \param private_key       Handle to the private key to use.
- * \param[in] peer_key            Public key of the peer. It must be
+ * \param[in] peer_key      Public key of the peer. The peer key must be in the
- *                                in the same format that psa_import_key()
+ *                          same format that psa_import_key() accepts for the
- *                                accepts. The standard formats for public
+ *                          public key type corresponding to the type of
- *                                keys are documented in the documentation
+ *                          private_key. That is, this function performs the
- *                                of psa_export_public_key(). For EC keys, it
+ *                          equivalent of
- *                                must also be of the same group as the private
+ *                          `psa_import_key(internal_public_key_handle,
- *                                key.
+ *                          PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(private_key_type),
- * \param peer_key_length         Size of \p peer_key in bytes.
+ *                          peer_key, peer_key_length)` where
- * \param alg                     The key agreement algorithm to compute
+ *                          `private_key_type` is the type of `private_key`.
- *                                (\c PSA_ALG_XXX value such that
+ *                          For example, for EC keys, this means that peer_key
- *                                #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true).
+ *                          is interpreted as a point on the curve that the
 *                          private key is on. The standard formats for public
 *                          keys are documented in the documentation of
 *                          psa_export_public_key().
 * \param peer_key_length   Size of \p peer_key in bytes.
 * \param alg               The key agreement algorithm to compute
 *                          (\c PSA_ALG_XXX value such that
 *                          #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true).
 *
 * \retval #PSA_SUCCESS
 *         Success.