From 1a9e05bf080e9ce770fd56ba88c25c52b4c38498 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 19 Dec 2023 12:23:22 +0100 Subject: [PATCH] Note that domain parameters are not supported with drivers Signed-off-by: Gilles Peskine --- include/psa/crypto_extra.h | 8 ++++++++ include/psa/crypto_struct.h | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index f39d1eb0be..f132f7ed99 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -446,6 +446,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, * \note This is an experimental extension to the interface. It may change * in future versions of the library. * + * \note Due to an implementation limitation, domain parameters are ignored + * for keys that are managed by a driver. + * * \param[in,out] attributes Attribute structure where the specified domain * parameters will be stored. * If this function fails, the content of @@ -476,6 +479,9 @@ psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, * \note This is an experimental extension to the interface. It may change * in future versions of the library. * + * \note Due to an implementation limitation, domain parameters are not + * supported with keys that are managed by a driver. + * * \param[in] attributes The key attribute structure to query. * \param[out] data On success, the key domain parameters. * \param data_size Size of the \p data buffer in bytes. @@ -488,6 +494,8 @@ psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, * * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription + * \retval #PSA_ERROR_NOT_SUPPORTED + * The key is managed by a driver. */ psa_status_t psa_get_key_domain_parameters( const psa_key_attributes_t *attributes, diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 1eb2463cee..5e52ffde06 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -259,7 +259,7 @@ struct psa_key_attributes_s { * - domain_parameters_size == SIZE_MAX && domain_parameters == NULL: * Access to domain parameters is not supported for this key. * This is a hack which should not exist, intended for keys managed - * by a driver that doesn't support domain parameters. + * by a driver, because drivers don't support domain parameters. * - domain_parameters_size == 0 && domain_parameters == NULL: * The domain parameters are empty. * - domain_parameters_size > 0 &&