From f57007dd1edb3f323cf396c66204a69349509d6f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 19 May 2023 13:54:39 +0200 Subject: [PATCH] pk: fixing and improving comments Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 21 ++++++++++++--------- library/pk_wrap.c | 2 +- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index f2cf9fed2..3a5543a3c 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -202,16 +202,21 @@ typedef struct mbedtls_pk_rsassa_pss_options { #define MBEDTLS_PK_CAN_ECDH #endif -/* Helper to define which fields in the pk_context structure below should be - * used for EC keys: legacy ecp_keypair or the raw (PSA friendly) format. - * It should be noticed that this only affect how data is stored, not which - * functions are used for various operations. The overall picture looks like - * this: +/* Internal helper to define which fields in the pk_context structure below + * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) + * format. It should be noticed that this only affect how data is stored, not + * which functions are used for various operations. The overall picture looks + * like this: * - if ECP_C is defined then use legacy functions * - if USE_PSA is defined and * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly * format and use PSA functions * - if !ECP_C then use new raw data and PSA functions directly. + * + * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long + * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the + * ecp_keypair structure inside the pk_context so he/she can modify it using + * ECP functions which are not under PK module's control. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_ECP_C) && \ defined(MBEDTLS_ECP_LIGHT) @@ -258,9 +263,7 @@ typedef struct mbedtls_pk_context { const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key information */ void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */ /* When MBEDTLS_PSA_CRYPTO_C is enabled then the following priv_id field is - * used to store the ID of the opaque key. Differently from the raw public - * key management below, in this case there is no counterpart in the pk_ctx - * field to work in parallel with. + * used to store the ID of the opaque key. * This priv_id is guarded by MBEDTLS_PSA_CRYPTO_C and not by * MBEDTLS_USE_PSA_CRYPTO because it can be used also in mbedtls_pk_sign_ext * for RSA keys. */ @@ -283,7 +286,7 @@ typedef struct mbedtls_pk_context { * all the operations. * * Note: This new public key storing solution only works for EC keys, not - * other ones. The latters is still use pk_ctx to store their own + * other ones. The latters still use pk_ctx to store their own * context. */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 376af2509..e21ec2b30 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -792,7 +792,7 @@ static int ecdsa_verify_wrap(mbedtls_pk_context *pk, p = (unsigned char *) sig; /* extract_ecdsa_sig's last parameter is the size - * of each integer to be parse, so it's actually half + * of each integer to be parsed, so it's actually half * the size of the signature. */ if ((ret = extract_ecdsa_sig(&p, sig + sig_len, buf, signature_len/2)) != 0) {