Clarify the case of direct inputs
Now use the same description for INPUT_SECRET and INPUT_PASSWORD too.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 0f156a8..f7d8302 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -2267,10 +2267,11 @@
*
* The secret can also be a direct input (passed to
* key_derivation_input_bytes()). In this case, the derivation operation
- * may not be used to derive keys: the operation will only allow
+ * may not be used to derive or verify keys: the operation will only allow
* psa_key_derivation_output_bytes() or
- * psa_key_derivation_verify_xxx() but not
- * psa_key_derivation_output_key().
+ * psa_key_derivation_verify_bytes() but not
+ * psa_key_derivation_output_key() or
+ * psa_key_derivation_verify_key().
*/
#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101)
@@ -2282,9 +2283,13 @@
* also be high-entropy secret such as a key of type #PSA_KEY_TYPE_DERIVE or
* the shared secret resulting from a key agreement.
*
- * If the secret is a direct input, the derivation operation
- * may not be used to derive keys: the operation will only allow
- * psa_key_derivation_output_bytes(), not psa_key_derivation_output_key().
+ * The secret can also be a direct input (passed to
+ * key_derivation_input_bytes()). In this case, the derivation operation
+ * may not be used to derive or verify keys: the operation will only allow
+ * psa_key_derivation_output_bytes() or
+ * psa_key_derivation_verify_bytes(), not
+ * psa_key_derivation_output_key() or
+ * psa_key_derivation_verify_key().
*/
#define PSA_KEY_DERIVATION_INPUT_PASSWORD ((psa_key_derivation_step_t)0x0102)