From e705f572f927fa69297b2aaed8b9061d8988c955 Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Wed, 6 Dec 2023 16:38:15 +0800
Subject: [PATCH 1/9] Add components to test crypto_full w/wo accelerated RSA

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 tests/scripts/all.sh | 75 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 462597ba6e..f40253fa48 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -3434,6 +3434,81 @@ component_test_psa_crypto_config_accel_rsa_signature () {
     make test
 }
 
+config_psa_crypto_accel_rsa () {
+    driver_only=$1
+
+    # Start from crypto_full config (no X.509, no TLS)
+    helper_libtestdriver1_adjust_config "crypto_full"
+
+    if [ "$driver_only" -eq 1 ]; then
+        # Remove RSA support and its dependencies
+        scripts/config.py unset MBEDTLS_RSA_C
+        scripts/config.py unset MBEDTLS_PKCS1_V15
+        scripts/config.py unset MBEDTLS_PKCS1_V21
+
+        # We need PEM parsing in the test library as well to support the import
+        # of PEM encoded RSA keys.
+        scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C
+        scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_BASE64_C
+    fi
+}
+
+component_test_psa_crypto_config_accel_rsa_crypto () {
+    msg "build: crypto_full with accelerated RSA"
+
+    loc_accel_list="ALG_RSA_OAEP ALG_RSA_PSS \
+                    ALG_RSA_PKCS1V15_CRYPT ALG_RSA_PKCS1V15_SIGN \
+                    KEY_TYPE_RSA_PUBLIC_KEY \
+                    KEY_TYPE_RSA_KEY_PAIR_BASIC \
+                    KEY_TYPE_RSA_KEY_PAIR_GENERATE \
+                    KEY_TYPE_RSA_KEY_PAIR_IMPORT \
+                    KEY_TYPE_RSA_KEY_PAIR_EXPORT"
+
+    # Configure
+    # ---------
+
+    config_psa_crypto_accel_rsa 1
+
+    # Build
+    # -----
+
+    # These hashes are needed for unit tests.
+    loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
+                    ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512 ALG_MD5"
+    helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
+
+    helper_libtestdriver1_make_main "$loc_accel_list"
+
+    # Make sure this was not re-enabled by accident (additive config)
+    not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o
+    not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o
+    not grep mbedtls_rsa_rsaes_pkcs1_v15_encrypt library/rsa.o
+    not grep mbedtls_rsa_rsaes_oaep_encrypt library/rsa.o
+
+    # Run the tests
+    # -------------
+
+    msg "test: crypto_full with accelerated RSA"
+    make test
+}
+
+component_test_psa_crypto_config_reference_rsa_crypto () {
+    msg "build: crypto_full with non-accelerated RSA"
+
+    # Configure
+    # ---------
+    config_psa_crypto_accel_rsa 0
+
+    # Build
+    # -----
+    make
+
+    # Run the tests
+    # -------------
+    msg "test: crypto_full with non-accelerated RSA"
+    make test
+}
+
 # This is a temporary test to verify that full RSA support is present even when
 # only one single new symbols (PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) is defined.
 component_test_new_psa_want_key_pair_symbol() {

From f1cacad87090a7166cf5fb4fcc96f2ffc0b59ea2 Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Wed, 6 Dec 2023 16:52:48 +0800
Subject: [PATCH 2/9] Correctly use asymmetric encrypt/decrypt driver

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 tests/src/drivers/test_driver_asymmetric_encryption.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c
index c906a664a3..ff46387d58 100644
--- a/tests/src/drivers/test_driver_asymmetric_encryption.c
+++ b/tests/src/drivers/test_driver_asymmetric_encryption.c
@@ -46,8 +46,7 @@ psa_status_t mbedtls_test_transparent_asymmetric_encrypt(
         return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status;
     }
 
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
-    defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
     return libtestdriver1_mbedtls_psa_asymmetric_encrypt(
         (const libtestdriver1_psa_key_attributes_t *) attributes,
         key_buffer, key_buffer_size,
@@ -88,8 +87,7 @@ psa_status_t mbedtls_test_transparent_asymmetric_decrypt(
         return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status;
     }
 
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
-    defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
     return libtestdriver1_mbedtls_psa_asymmetric_decrypt(
         (const libtestdriver1_psa_key_attributes_t *) attributes,
         key_buffer, key_buffer_size,

From 9e976f36493881a270683cdc02fec33105cfc207 Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Wed, 6 Dec 2023 16:58:05 +0800
Subject: [PATCH 3/9] Conditionally check the attribute of generated RSA key

`psa_get_key_attributes` depends on some built-in
implementation of RSA. Guard the check with coresponding
macros.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 tests/suites/test_suite_psa_crypto.data     | 2 +-
 tests/suites/test_suite_psa_crypto.function | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index e239a44528..1bd8b65002 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -7342,7 +7342,7 @@ PSA generate key: RSA, e=1
 generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT
 
 PSA generate key: RSA, e=2
-generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT
+generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"02":PSA_ERROR_INVALID_ARGUMENT
 
 PSA generate key: FFDH, 2048 bits, good
 depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index a510f8e01a..154d4150a4 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -9685,6 +9685,9 @@ void generate_key_rsa(int bits_arg,
     }
 
     /* Test the key information */
+#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \
+    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \
+    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
     PSA_ASSERT(psa_get_key_attributes(key, &attributes));
     TEST_EQUAL(psa_get_key_type(&attributes), type);
     TEST_EQUAL(psa_get_key_bits(&attributes), bits);
@@ -9696,6 +9699,10 @@ void generate_key_rsa(int bits_arg,
     } else {
         TEST_MEMORY_COMPARE(e_read_buffer, e_read_length, e_arg->x, e_arg->len);
     }
+#else
+    (void) e_read_length;
+    (void) is_default_public_exponent;
+#endif
 
     /* Do something with the key according to its type and permitted usage. */
     if (!mbedtls_test_psa_exercise_key(key, usage, alg)) {

From 3cd16c47bd3397085dcdf9d05d98d752701a956e Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Wed, 6 Dec 2023 18:17:39 +0800
Subject: [PATCH 4/9] Add analyze_driver_vs_reference_rsa for analyze_outcomes

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 tests/scripts/analyze_outcomes.py | 32 +++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index ca349d38e9..5e3f469c59 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -501,6 +501,38 @@ KNOWN_TASKS = {
                 ],
             }
         }
+    },
+    'analyze_driver_vs_reference_rsa': {
+        'test_function': do_analyze_driver_vs_reference,
+        'args': {
+            'component_ref': 'test_psa_crypto_config_reference_rsa_crypto',
+            'component_driver': 'test_psa_crypto_config_accel_rsa_crypto',
+            'ignored_suites': [
+                # Modules replaced by drivers.
+                'rsa', 'pkcs1_v15', 'pkcs1_v21',
+                # We temporarily don't care about PK staff.
+                'pk', 'pkwrite', 'pkparse'
+            ],
+            'ignored_tests': {
+                'test_suite_platform': [
+                    # Incompatible with sanitizers (e.g. ASan). If the driver
+                    # component uses a sanitizer but the reference component
+                    # doesn't, we have a PASS vs SKIP mismatch.
+                    'Check mbedtls_calloc overallocation',
+                ],
+                # Following tests depend on RSA_C but are not about
+                # them really, just need to know some error code is there.
+                'test_suite_error': [
+                    'Low and high error',
+                    'Single high error'
+                ],
+                # Constant time operations only used for PKCS1_V15
+                'test_suite_constant_time': [
+                    re.compile(r'mbedtls_ct_zeroize_if .*'),
+                    re.compile(r'mbedtls_ct_memmove_left .*')
+                ],
+            }
+        }
     }
 }
 

From 98a90c6542e4e8c7063e2c4918f24864288c0c20 Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Thu, 7 Dec 2023 17:23:25 +0800
Subject: [PATCH 5/9] Fix various issue

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 tests/scripts/all.sh              | 5 +----
 tests/scripts/analyze_outcomes.py | 2 +-
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index f40253fa48..a98a04d779 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -3480,10 +3480,7 @@ component_test_psa_crypto_config_accel_rsa_crypto () {
     helper_libtestdriver1_make_main "$loc_accel_list"
 
     # Make sure this was not re-enabled by accident (additive config)
-    not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o
-    not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o
-    not grep mbedtls_rsa_rsaes_pkcs1_v15_encrypt library/rsa.o
-    not grep mbedtls_rsa_rsaes_oaep_encrypt library/rsa.o
+    not grep mbedtls_rsa library/rsa.o
 
     # Run the tests
     # -------------
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 5e3f469c59..d3ea8c0e1a 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -510,7 +510,7 @@ KNOWN_TASKS = {
             'ignored_suites': [
                 # Modules replaced by drivers.
                 'rsa', 'pkcs1_v15', 'pkcs1_v21',
-                # We temporarily don't care about PK staff.
+                # We temporarily don't care about PK stuff.
                 'pk', 'pkwrite', 'pkparse'
             ],
             'ignored_tests': {

From abeca020d8a7004719b6a39bfe6a40ee0803c385 Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Thu, 7 Dec 2023 17:25:15 +0800
Subject: [PATCH 6/9] Remove test_psa_crypto_config_accel_rsa_signature

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 tests/scripts/all.sh | 74 --------------------------------------------
 1 file changed, 74 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index a98a04d779..4281557fac 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -3360,80 +3360,6 @@ component_test_psa_ecc_key_pair_no_generate() {
     build_and_test_psa_want_key_pair_partial "ECC" "GENERATE"
 }
 
-component_test_psa_crypto_config_accel_rsa_signature () {
-    msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
-
-    loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY"
-
-    # Configure
-    # ---------
-
-    # Start from default config (no TLS 1.3, no USE_PSA)
-    helper_libtestdriver1_adjust_config "default"
-
-    # It seems it is not possible to remove only the support for RSA signature
-    # in the library. Thus we have to remove all RSA support (signature and
-    # encryption/decryption). AS there is no driver support for asymmetric
-    # encryption/decryption so far remove RSA encryption/decryption from the
-    # application algorithm list.
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
-
-    # Remove RSA support and its dependencies
-    scripts/config.py unset MBEDTLS_RSA_C
-    scripts/config.py unset MBEDTLS_PKCS1_V15
-    scripts/config.py unset MBEDTLS_PKCS1_V21
-    scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
-    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-
-    # Make sure both the library and the test library support the SHA hash
-    # algorithms and only those ones (SHA256 is included by default). That way:
-    # - the test library can compute the RSA signatures even in the case of a
-    #   composite RSA signature algorithm based on a SHA hash (no other hash
-    #   used in the unit tests).
-    # - the dependency of RSA signature tests on PSA_WANT_ALG_SHA_xyz is
-    #   fulfilled as the hash SHA algorithm is supported by the library, and
-    #   thus the tests are run, not skipped.
-    # - when testing a signature key with an algorithm wildcard built from
-    #   PSA_ALG_ANY_HASH as algorithm to test with the key, the chosen hash
-    #   algorithm based on the hashes supported by the library is also
-    #   supported by the test library.
-    # Disable unwanted hashes here, we'll enable hashes we want in loc_extra_list.
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160_C
-    scripts/config.py unset MBEDTLS_MD5_C
-    scripts/config.py unset MBEDTLS_RIPEMD160_C
-
-    # We need PEM parsing in the test library as well to support the import
-    # of PEM encoded RSA keys.
-    scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C
-    scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_BASE64_C
-
-    # Build
-    # -----
-
-    # These hashes are needed for some RSA-PSS signature tests.
-    loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
-                    ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
-    helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
-
-    helper_libtestdriver1_make_main "$loc_accel_list"
-
-    # Make sure this was not re-enabled by accident (additive config)
-    not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o
-    not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o
-
-    # Run the tests
-    # -------------
-
-    msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
-    make test
-}
-
 config_psa_crypto_accel_rsa () {
     driver_only=$1
 

From e9efbc2aa543e00fabe4904550fec8e69cf6e166 Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Fri, 8 Dec 2023 16:59:08 +0800
Subject: [PATCH 7/9] Error out when get domain_parameters is not supported

From time being, domain_parameters could not be extracted
from driver. We need to return error to indicate this
situation. This is temporary and would be fixed after #6494.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 library/psa_crypto.c        | 6 ++++++
 library/psa_crypto_client.c | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 114994019e..894167abdb 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1400,6 +1400,12 @@ psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
                 mbedtls_free(rsa);
             }
             break;
+#else
+        case PSA_KEY_TYPE_RSA_KEY_PAIR:
+        case PSA_KEY_TYPE_RSA_PUBLIC_KEY:
+            attributes->domain_parameters = NULL;
+            attributes->domain_parameters_size = SIZE_MAX;
+            break;
 #endif /* (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \
         * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) ||
         * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
diff --git a/library/psa_crypto_client.c b/library/psa_crypto_client.c
index 564463fedc..472d3d31a3 100644
--- a/library/psa_crypto_client.c
+++ b/library/psa_crypto_client.c
@@ -53,6 +53,11 @@ psa_status_t psa_get_key_domain_parameters(
     const psa_key_attributes_t *attributes,
     uint8_t *data, size_t data_size, size_t *data_length)
 {
+    if (attributes->domain_parameters == NULL &&
+        attributes->domain_parameters_size == SIZE_MAX) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
+
     if (attributes->domain_parameters_size > data_size) {
         return PSA_ERROR_BUFFER_TOO_SMALL;
     }

From d90fbf776941d66aeca66d0819eb3ec32044bd5e Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Fri, 8 Dec 2023 17:13:22 +0800
Subject: [PATCH 8/9] Adjuest checks in generate_key_rsa suite

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 154d4150a4..4c08a9017c 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -9685,23 +9685,26 @@ void generate_key_rsa(int bits_arg,
     }
 
     /* Test the key information */
-#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
     PSA_ASSERT(psa_get_key_attributes(key, &attributes));
     TEST_EQUAL(psa_get_key_type(&attributes), type);
     TEST_EQUAL(psa_get_key_bits(&attributes), bits);
-    PSA_ASSERT(psa_get_key_domain_parameters(&attributes,
-                                             e_read_buffer, e_read_size,
-                                             &e_read_length));
+    psa_status_t status = psa_get_key_domain_parameters(&attributes,
+                                                        e_read_buffer, e_read_size,
+                                                        &e_read_length);
+
+
+#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \
+    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \
+    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
     if (is_default_public_exponent) {
         TEST_EQUAL(e_read_length, 0);
     } else {
+        TEST_EQUAL(status, PSA_SUCCESS);
         TEST_MEMORY_COMPARE(e_read_buffer, e_read_length, e_arg->x, e_arg->len);
     }
 #else
-    (void) e_read_length;
     (void) is_default_public_exponent;
+    TEST_EQUAL(status, PSA_ERROR_NOT_SUPPORTED);
 #endif
 
     /* Do something with the key according to its type and permitted usage. */

From f75893bb36162c424ae26151ac27c1cc20d3a230 Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Fri, 8 Dec 2023 17:21:39 +0800
Subject: [PATCH 9/9] Update comments

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 library/psa_crypto.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 894167abdb..5455fa2872 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1378,9 +1378,9 @@ psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
     defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
         case PSA_KEY_TYPE_RSA_KEY_PAIR:
         case PSA_KEY_TYPE_RSA_PUBLIC_KEY:
-            /* TODO: reporting the public exponent for opaque keys
-             * is not yet implemented.
-             * https://github.com/ARMmbed/mbed-crypto/issues/216
+            /* TODO: This is a temporary situation where domain parameters are deprecated,
+             * but we need it for namely generating an RSA key with a non-default exponent.
+             * This would be improved after https://github.com/Mbed-TLS/mbedtls/issues/6494.
              */
             if (!psa_key_lifetime_is_external(slot->attr.lifetime)) {
                 mbedtls_rsa_context *rsa = NULL;