Minor documentation improvements

include/psa/crypto.h

@@ -1204,7 +1204,7 @@ psa_status_t psa_get_key_information(psa_key_slot_t key,
  *   ```
  * - For DSA private keys (#PSA_KEY_TYPE_DSA_KEYPAIR), the format
  *   is the non-encrypted DER encoding of the representation used by
- *   OpenSSL and OpenSSH, which the following ASN.1 structure:
+ *   OpenSSL and OpenSSH, whose structure is described in ASN.1 as follows:
  *   ```
  *   DSAPrivateKey ::= SEQUENCE {
  *       version             INTEGER,  -- must be 0
@@ -1316,7 +1316,7 @@ psa_status_t psa_export_key(psa_key_slot_t key,
  *   representation defined by SEC1 §2.3.3.
  *   The OID is `id-ecPublicKey`,
  *   and the parameters must be given as a `namedCurve` OID as specified in
- *   RFC 5480 §2.1.1.1.
+ *   RFC 5480 §2.1.1.1 or other applicable standards.
  *   ```
  *   ansi-X9-62 OBJECT IDENTIFIER ::=
  *                           { iso(1) member-body(2) us(840) 10045 }

tests/suites/test_suite_psa_crypto.function

@@ -589,6 +589,7 @@ static int exported_key_sanity_check( psa_key_type_t type, size_t bits,
         TEST_ASSERT( asn1_get_implicit_tag( &p, end, &len, 0,
                                             MBEDTLS_ASN1_OID ) == 0 );
         p += len;
+        /* publicKey: ECPoint in uncompressed representation (as below) */
         TEST_ASSERT( asn1_get_implicit_tag( &p, end, &len, 1,
                                             MBEDTLS_ASN1_BIT_STRING ) == 0 );
         TEST_ASSERT( p + len == end );
@@ -649,7 +650,7 @@ static int exported_key_sanity_check( psa_key_type_t type, size_t bits,
         if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) )
         {
             /*   ECPoint ::= ...
-             *      -- first 8 bits: 0x04;
+             *      -- first 8 bits: 0x04 (uncompressed representation);
              *      -- then x_P as an n-bit string, big endian;
              *      -- then y_P as a n-bit string, big endian,
              *      -- where n is the order of the curve.