From 763fb9a150291dad9040d4b121c4f56d5ee1c8a3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 28 Jan 2019 13:29:01 +0100 Subject: [PATCH] Improve the description of PSA_ALG_ANY_HASH Make it clearer what PSA_ALG_ANY_HASH can and cannot be used for. --- include/psa/crypto_values.h | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index f072487f2..acf856dd1 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -668,15 +668,18 @@ /** SHA3-512 */ #define PSA_ALG_SHA3_512 ((psa_algorithm_t)0x01000013) -/** Allow any hash algorithm. +/** In a hash-and-sign algorithm policy, allow any hash algorithm. * - * This value may only be used to form the algorithm usage field of a policy - * for a signature algorithm that is parametrized by a hash. That is, - * suppose that `PSA_xxx_SIGNATURE` is one of the following macros: + * This value may be used to form the algorithm usage field of a policy + * for a signature algorithm that is parametrized by a hash. The key + * may then be used to perform operations using the same signature + * algorithm parametrized with any supported hash. + * + * That is, suppose that `PSA_xxx_SIGNATURE` is one of the following macros: * - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS, * - #PSA_ALG_DSA, #PSA_ALG_DETERMINISTIC_DSA, * - #PSA_ALG_ECDSA, #PSA_ALG_DETERMINISTIC_ECDSA. - * Then you may create a key as follows: + * Then you may create and use a key as follows: * - Set the key usage field using #PSA_ALG_ANY_HASH, for example: * ``` * psa_key_policy_set_usage(&policy,