Lift a restriction on usage of verify_key()

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2021-05-07 12:22:21 +02:00
parent e88511d7fe
commit 4feb611a49

View file

@ -3371,10 +3371,8 @@ psa_status_t psa_key_derivation_input_integer(
* either a direct input or a key with #PSA_KEY_USAGE_DERIVE set; * either a direct input or a key with #PSA_KEY_USAGE_DERIVE set;
* - psa_key_derivation_verify_bytes() if each input was either a direct input * - psa_key_derivation_verify_bytes() if each input was either a direct input
* or a key with #PSA_KEY_USAGE_VERIFY_DERIVATION set; * or a key with #PSA_KEY_USAGE_VERIFY_DERIVATION set;
* - psa_key_derivation_verify_key() if each input was either a direct input * - psa_key_derivation_verify_key() under the same conditions as
* or a key with #PSA_KEY_USAGE_VERIFY_DERIVATION set and input for step * psa_key_derivation_verify_bytes().
* #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD
* was from a key slot.
* *
* \retval #PSA_SUCCESS * \retval #PSA_SUCCESS
* Success. * Success.
@ -3768,10 +3766,8 @@ psa_status_t psa_key_derivation_verify_bytes(
* The key passed as the expected value has an invalid type. * The key passed as the expected value has an invalid type.
* \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_NOT_PERMITTED
* The key passed as the expected value does not allow this usage or * The key passed as the expected value does not allow this usage or
* this algorithm; or the #PSA_KEY_DERIVATION_INPUT_SECRET or * this algorithm; or one of the inputs was a key whose policy didn't
* #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a * allow #PSA_KEY_USAGE_VERIFY_DERIVATION.
* key; or one of the inputs was a key whose policy didn't allow
* #PSA_KEY_USAGE_DERIVE.
* \retval #PSA_ERROR_INSUFFICIENT_DATA * \retval #PSA_ERROR_INSUFFICIENT_DATA
* The operation's capacity was less than * The operation's capacity was less than
* the length of the expected value. In this case, * the length of the expected value. In this case,