psa: Expand documentation for psa_key_agreement()

Document `peer_key` parameter requirements, including an explanation of how the peer key is used and an example for EC keys.
2025-01-26 04:50:59 +00:00 · 2019-01-14 16:56:20 +00:00 · 2019-01-14 16:56:20 +00:00 · 21fec0c1c5
parent c67200d0e6
commit 21fec0c1c5
1 changed files with 22 additions and 15 deletions
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@ -2136,21 +2136,28 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
 * The resulting generator always has the maximum capacity permitted by
 * the algorithm.
 *
- * \param[in,out] generator       The generator object to set up. It must have
+ * \param[in,out] generator The generator object to set up. It must have been
- *                                been initialized as per the documentation for
+ *                          initialized as per the documentation for
- *                                #psa_crypto_generator_t and not yet in use.
+ *                          #psa_crypto_generator_t and not yet in use.
- * \param private_key             Handle to the private key to use.
+ * \param private_key       Handle to the private key to use.
- * \param[in] peer_key            Public key of the peer. It must be
+ * \param[in] peer_key      Public key of the peer. The peer key must be in the
- *                                in the same format that psa_import_key()
+ *                          same format that psa_import_key() accepts for the
- *                                accepts. The standard formats for public
+ *                          public key type corresponding to the type of
- *                                keys are documented in the documentation
+ *                          \p private_key. That is, this function performs the
- *                                of psa_export_public_key(). For EC keys, it
+ *                          equivalent of
- *                                must also be of the same group as the private
+ *                          `psa_import_key(internal_public_key_handle,
- *                                key.
+ *                          PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(private_key_type),
- * \param peer_key_length         Size of \p peer_key in bytes.
+ *                          peer_key, peer_key_length)` where
- * \param alg                     The key agreement algorithm to compute
+ *                          `private_key_type` is the type of \p private_key.
- *                                (\c PSA_ALG_XXX value such that
+ *                          For example, for EC keys, this means that \p
- *                                #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true).
+ *                          peer_key is interpreted as a point on the curve
 *                          that the private key is associated with. The
 *                          standard formats for public keys are documented in
 *                          the documentation of psa_export_public_key().
 * \param peer_key_length   Size of \p peer_key in bytes.
 * \param alg               The key agreement algorithm to compute
 *                          (\c PSA_ALG_XXX value such that
 *                          #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true).
 *
 * \retval #PSA_SUCCESS
 *         Success.