TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / f7933939b31459fcfdd670dc9b4283c44847409b^! / . / include / psa
commitf7933939b31459fcfdd670dc9b4283c44847409b[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Wed Oct 31 14:07:52 2018 +0100
committerGilles Peskine <Gilles.Peskine@arm.com>Wed Oct 31 14:10:07 2018 +0100
tree139dfa7385b8f6ebf627d593d385a452eabfa631
parent5eb1521957dba7118640fce1dfe9d9eb4d4361d8 [diff]
Expand the documentation of import/export formats

Clarify that the key type determines the syntax of the input.

Clarify the constraints on implementations that support extra import
formats.

diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index b54585a..732bc2f 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h

@@ -1195,13 +1195,27 @@
  * \brief Import a key in binary format.
  *
  * This function supports any output from psa_export_key(). Refer to the
- * documentation of psa_export_key() for the format for each key type.
+ * documentation of psa_export_public_key() for the format of public keys
+ * and to the documentation of psa_export_key() for the format for
+ * other key types.
+ *
+ * This specification supports a single format for each key type.
+ * Implementations may support other formats as long as the standard
+ * format is supported. Implementations that support other formats
+ * should ensure that the formats are clearly unambiguous so as to
+ * minimize the risk that an invalid input is accidentally interpreted
+ * according to a different format.
  *
  * \param key         Slot where the key will be stored. This must be a
  *                    valid slot for a key of the chosen type. It must
  *                    be unoccupied.
- * \param type        Key type (a \c PSA_KEY_TYPE_XXX value).
- * \param[in] data    Buffer containing the key data.
+ * \param type        Key type (a \c PSA_KEY_TYPE_XXX value). On a successful
+ *                    import, the key slot will contain a key of this type.
+ * \param[in] data    Buffer containing the key data. The content of this
+ *                    buffer is interpreted according to \p type. It must
+ *                    contain the format described in the documentation
+ *                    of psa_export_key() or psa_export_public_key() for
+ *                    the chosen type.
  * \param data_length Size of the \p data buffer in bytes.
  *
  * \retval #PSA_SUCCESS
@@ -1300,10 +1314,10 @@
  * The output of this function can be passed to psa_import_key() to
  * create an equivalent object.
  *
- * If a key is created with psa_import_key() and then exported with
- * this function, it is not guaranteed that the resulting data is
- * identical: the implementation may choose a different representation
- * of the same key if the format permits it.
+ * If the implementation of psa_import_key() supports other formats
+ * beyond the format specified here, the output from psa_export_key()
+ * must use the representation specified here, not the original
+ * representation.
  *
  * For standard key types, the output format is as follows:
  *