Fixes for PBKDF2 documentation

Fix typos in the PBKDF2 documentation Correct the constraints on PSA_KEY_USAGE_DERIVE and PSA_KEY_USAGE_VERIFY_DERIVATION, aligning them with the note against psa_key_derivation_input_key(). All key inputs must have the required usage flag to permit output or verification. Correct the constraints on PSA_KEY_DERIVATION_INPUT_SECRET and PSA_KEY_DERIVATION_INPUT_PASSWORD, aligning them with 4feb611. psa_key_derivation_verify_key() does not require the secret/password input to be a key. Signed-off-by: Andrew Thoelke <andrew.thoelke@arm.com>
2025-12-24 17:41:01 +03:00 · 2021-06-24 16:47:14 +01:00
parent fedd52ca19
commit a0f4b595c5
2 changed files with 31 additions and 30 deletions
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -3805,7 +3805,7 @@ psa_status_t psa_key_derivation_output_key(
 * This function calculates output bytes from a key derivation algorithm and
 * compares those bytes to an expected value in constant time.
 * If you view the key derivation's output as a stream of bytes, this
- * function destructively reads the requested number of bytes from the
+ * function destructively reads the expected number of bytes from the
 * stream before comparing them.
 * The operation's capacity decreases by the number of bytes read.
 *
@@ -3824,13 +3824,13 @@ psa_status_t psa_key_derivation_output_key(
 * psa_key_derivation_abort().
 *
 * \param[in,out] operation The key derivation operation object to read from.
- * \param[in] expected_output Buffer where the output will be written.
+ * \param[in] expected_output Buffer containing the expected derivation output.
 * \param output_length     Length ot the expected output; this is also the
 *                          number of bytes that will be read.
 *
 * \retval #PSA_SUCCESS
 * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The output was read successfully, but if differs from the expected
+ *         The output was read successfully, but it differs from the expected
 *         output.
 * \retval #PSA_ERROR_NOT_PERMITTED
 *         One of the inputs was a key whose policy didn't allow
@@ -3840,7 +3840,7 @@ psa_status_t psa_key_derivation_output_key(
 *                          \p output_length bytes. Note that in this case,
 *                          the operation's capacity is set to 0, thus
 *                          subsequent calls to this function will not
- *                          succeed, even with a smaller output buffer.
+ *                          succeed, even with a smaller expected output.
 * \retval #PSA_ERROR_BAD_STATE
 *         The operation state is not valid (it must be active and completed
 *         all required input steps).
@@ -3905,7 +3905,7 @@ psa_status_t psa_key_derivation_verify_bytes(
 *                          the length of the expected value. In this case,
 *                          the operation's capacity is set to 0, thus
 *                          subsequent calls to this function will not
- *                          succeed, even with a smaller output buffer.
+ *                          succeed, even with a smaller expected output.
 * \retval #PSA_ERROR_BAD_STATE
 *         The operation state is not valid (it must be active and completed
 *         all required input steps).