diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 2fe797a3b9..3df82d91d8 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4556,7 +4556,11 @@ psa_status_t psa_pake_set_side(psa_pake_operation_t *operation, * \param[in,out] operation Active PAKE operation. * \param step The step of the algorithm for which the output is * requested. - * \param[out] output Buffer where the output is to be written. + * \param[out] output Buffer where the output is to be written in the + * format appropriate for this \p step. Refer to + * the documentation of the individual + * \c PSA_PAKE_STEP_XXX constants for more + * information. * \param output_size Size of the \p output buffer in bytes. This must * be at least #PSA_PAKE_OUTPUT_SIZE(\p alg, \c * cipher_suite, \p type). @@ -4603,7 +4607,11 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, * * \param[in,out] operation Active PAKE operation. * \param step The step for which the input is provided. - * \param[out] input Buffer containing the input. + * \param[out] input Buffer containing the input in the format + * appropriate for this \p step. Refer to the + * documentation of the individual + * \c PSA_PAKE_STEP_XXX constants for more + * information. * \param[out] input_length Size of the \p input buffer in bytes. * * \retval #PSA_SUCCESS diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 527b9c30d2..ab9bb5b8bd 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2597,29 +2597,47 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) /** The key share being sent to or received from the peer. * - * Unless the documentation of the PAKE algorithm says otherwise this is a - * group element. + * The format for both input and output at this step is the same as for public + * keys on the group determined by the primitive (::psa_pake_primitive_t) would + * be. * - * For information regarding representation consult the documentation of - * individual ::psa_pake_primitive_type_t constants. + * For more information on the format, consult the documentation of + * psa_export_public_key(). + * + * For information regarding how the group is determined, consult the + * documentation #PSA_PAKE_PRIMITIVE. */ #define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t)0x01) /** A Schnorr NIZKP public key. * - * This is a group element. + * The format for both input and output at this step is the same as for public + * keys on the group determined by the primitive (::psa_pake_primitive_t) would + * be. * - * For information regarding representation consult the documentation of - * individual ::psa_pake_primitive_type_t constants. + * For more information on the format, consult the documentation of + * psa_export_public_key(). + * + * For information regarding how the group is determined, consult the + * documentation #PSA_PAKE_PRIMITIVE. */ #define PSA_PAKE_STEP_ZK_PUBLIC ((psa_pake_step_t)0x02) /** A Schnorr NIZKP proof. * - * This is a scalar value. + * The format for both input and output at this step is the same as for private + * keys on the group determined by the primitive (::psa_pake_primitive_t) would + * be. * - * For information regarding representation consult the documentation of - * individual ::psa_pake_primitive_type_t constants. + * Some public key algorithms mask the private keys and this might be reflected + * in the export format. Even if this is the case the masking is omitted at + * this step. + * + * For more information on the format, consult the documentation of + * psa_export_key(). + * + * For information regarding how the group is determined, consult the + * documentation #PSA_PAKE_PRIMITIVE. */ #define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03)