Note that domain parameters are not supported with drivers

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-02-05 18:40:01 +00:00 · 2023-12-19 12:23:22 +01:00 · 2023-12-19 12:23:22 +01:00 · 1a9e05bf08
commit 1a9e05bf08
parent 5ad9539363
2 changed files with 9 additions and 1 deletions
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@ -446,6 +446,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
 * \note This is an experimental extension to the interface. It may change
 *       in future versions of the library.
 *
+ * \note Due to an implementation limitation, domain parameters are ignored
+ *       for keys that are managed by a driver.
+ *
 * \param[in,out] attributes    Attribute structure where the specified domain
 *                              parameters will be stored.
 *                              If this function fails, the content of
@ -476,6 +479,9 @@ psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
 * \note This is an experimental extension to the interface. It may change
 *       in future versions of the library.
 *
+ * \note Due to an implementation limitation, domain parameters are not
+ *       supported with keys that are managed by a driver.
+ *
 * \param[in] attributes        The key attribute structure to query.
 * \param[out] data             On success, the key domain parameters.
 * \param data_size             Size of the \p data buffer in bytes.
@ -488,6 +494,8 @@ psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
 *
 * \retval #PSA_SUCCESS \emptydescription
 * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ *         The key is managed by a driver.
 */
 psa_status_t psa_get_key_domain_parameters(
    const psa_key_attributes_t *attributes,
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@ -259,7 +259,7 @@ struct psa_key_attributes_s {
     * - domain_parameters_size == SIZE_MAX && domain_parameters == NULL:
     *   Access to domain parameters is not supported for this key.
     *   This is a hack which should not exist, intended for keys managed
-     *   by a driver that doesn't support domain parameters.
+     *   by a driver, because drivers don't support domain parameters.
     * - domain_parameters_size == 0 && domain_parameters == NULL:
     *   The domain parameters are empty.
     * - domain_parameters_size > 0 &&