From 7ab1861163399ff41f24b7d47dba1d8d06e8d13d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 18 Mar 2024 11:06:44 +0100 Subject: [PATCH 01/12] pk: fix documentation for mbedtls_pk_setup_opaque() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index fde302f872..97af0a1714 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -361,24 +361,28 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); /** * \brief Initialize a PK context to wrap a PSA key. * - * \note This function replaces mbedtls_pk_setup() for contexts - * that wrap a (possibly opaque) PSA key instead of - * storing and manipulating the key material directly. + * This function helps creating a PK context which wraps a + * PSA key. The PSA wrapped key must: + * * remain valid as long as the wrapping PK context is in use, + * that is at least between the point this function is + * called and the point mbedtls_pk_free() is called on this + * context; + * * be a key pair; + * * be an EC or RSA type (DH is not suported in PK module). + * + * Under the hood PSA functions are used to perform the required + * operations and, based on the key type, used algorithms will be: + * * EC: + * * verify: #PSA_ALG_ECDSA_ANY; + * * sign: try both deterministic and non-deterministic ECDSA. + * * RSA: + * * sign: #PSA_ALG_RSA_PKCS1V15_SIGN(); + * * decrypt: #PSA_ALG_RSA_PKCS1V15_CRYPT. * * \param ctx The context to initialize. It must be empty (type NONE). * \param key The PSA key to wrap, which must hold an ECC or RSA key * pair (see notes below). * - * \note The wrapped key must remain valid as long as the - * wrapping PK context is in use, that is at least between - * the point this function is called and the point - * mbedtls_pk_free() is called on this context. The wrapped - * key might then be independently used or destroyed. - * - * \note This function is currently only available for ECC or RSA - * key pairs (that is, keys containing private key material). - * Support for other key types may be added later. - * * \return \c 0 on success. * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input * (context already used, invalid key identifier). From b711a987d3e00adb2980364bbcbee5488d70d7c2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 18 Mar 2024 17:12:49 +0100 Subject: [PATCH 02/12] pk: improve documentation of mbedtls_pk_setup_opaque() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 97af0a1714..41138950ca 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -374,10 +374,19 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); * operations and, based on the key type, used algorithms will be: * * EC: * * verify: #PSA_ALG_ECDSA_ANY; - * * sign: try both deterministic and non-deterministic ECDSA. + * * sign: try #PSA_ALG_DETERMINISTIC_ECDSA() first and, in + * case it fails, try with #PSA_ALG_ECDSA(). * * RSA: * * sign: #PSA_ALG_RSA_PKCS1V15_SIGN(); - * * decrypt: #PSA_ALG_RSA_PKCS1V15_CRYPT. + * * sign_ext: use the algorithm associated with the wrapped + * PSA key; + * * verify: not supported; + * * verify_ext: not supported; + * * decrypt: #PSA_ALG_RSA_PKCS1V15_CRYPT; + * * encrypt: not supported. + * In order to have above mentioned operations to succeed it is + * mandatory that the wrapped PSA key allows the specified + * algorithm in its policy. * * \param ctx The context to initialize. It must be empty (type NONE). * \param key The PSA key to wrap, which must hold an ECC or RSA key From 3c5ea112841841cc8cde12b303a9e07d4a9b4250 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 19 Mar 2024 11:32:51 +0100 Subject: [PATCH 03/12] pk: fix documentation for mbedtls_pk_setup_opaque() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 41138950ca..60942d7efa 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -373,9 +373,9 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); * Under the hood PSA functions are used to perform the required * operations and, based on the key type, used algorithms will be: * * EC: - * * verify: #PSA_ALG_ECDSA_ANY; - * * sign: try #PSA_ALG_DETERMINISTIC_ECDSA() first and, in - * case it fails, try with #PSA_ALG_ECDSA(). + * * verify, verify_ext: #PSA_ALG_ECDSA_ANY; + * * sign, sign_ext: try #PSA_ALG_DETERMINISTIC_ECDSA() + * first and, in case it fails, try with #PSA_ALG_ECDSA(). * * RSA: * * sign: #PSA_ALG_RSA_PKCS1V15_SIGN(); * * sign_ext: use the algorithm associated with the wrapped @@ -384,9 +384,8 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); * * verify_ext: not supported; * * decrypt: #PSA_ALG_RSA_PKCS1V15_CRYPT; * * encrypt: not supported. - * In order to have above mentioned operations to succeed it is - * mandatory that the wrapped PSA key allows the specified - * algorithm in its policy. + * In order for the above operations to succeed, the policy of + * the wrapped PSA key must allow the specified algorithm. * * \param ctx The context to initialize. It must be empty (type NONE). * \param key The PSA key to wrap, which must hold an ECC or RSA key From 872b8c46783b6a17feb72d3ac7b877ad51a9a1f0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 19 Mar 2024 16:38:57 +0100 Subject: [PATCH 04/12] pk: update documentation of mbedtls_pk_setup_opaque() based on #8951 Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 60942d7efa..3b9d18dbba 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -377,9 +377,8 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); * * sign, sign_ext: try #PSA_ALG_DETERMINISTIC_ECDSA() * first and, in case it fails, try with #PSA_ALG_ECDSA(). * * RSA: - * * sign: #PSA_ALG_RSA_PKCS1V15_SIGN(); - * * sign_ext: use the algorithm associated with the wrapped - * PSA key; + * * sign, sign_ext: use the algorithm associated with the + * wrapped PSA key; * * verify: not supported; * * verify_ext: not supported; * * decrypt: #PSA_ALG_RSA_PKCS1V15_CRYPT; From 013fa95222f02aecc86cd147d97ed11744666c84 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Mar 2024 15:58:54 +0100 Subject: [PATCH 05/12] pk: fix description of mbedtls_pk_setup_opaque() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 3b9d18dbba..ebd898ea82 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -362,33 +362,28 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); * \brief Initialize a PK context to wrap a PSA key. * * This function helps creating a PK context which wraps a - * PSA key. The PSA wrapped key must: - * * remain valid as long as the wrapping PK context is in use, - * that is at least between the point this function is - * called and the point mbedtls_pk_free() is called on this - * context; - * * be a key pair; - * * be an EC or RSA type (DH is not suported in PK module). + * PSA key. The PSA wrapped key must be an EC or RSA key pair + * (DH is not suported in PK module). * * Under the hood PSA functions are used to perform the required * operations and, based on the key type, used algorithms will be: * * EC: - * * verify, verify_ext: #PSA_ALG_ECDSA_ANY; - * * sign, sign_ext: try #PSA_ALG_DETERMINISTIC_ECDSA() - * first and, in case it fails, try with #PSA_ALG_ECDSA(). + * * verify, verify_ext, sign, sign_ext: ECDSA. * * RSA: - * * sign, sign_ext: use the algorithm associated with the - * wrapped PSA key; - * * verify: not supported; - * * verify_ext: not supported; - * * decrypt: #PSA_ALG_RSA_PKCS1V15_CRYPT; - * * encrypt: not supported. + * * sign, sign_ext, decrypt: use the primary algorithm in + * the wrapped PSA key; + * * verify, verify_ext, encrypt: not supported. + * * In order for the above operations to succeed, the policy of * the wrapped PSA key must allow the specified algorithm. * + * \warning The PSA wrapped key must remain valid as long as the wrapping + * PK context is in use, that is at least between the point this + * function is called and the point mbedtls_pk_free() is called + * on this context. + * * \param ctx The context to initialize. It must be empty (type NONE). - * \param key The PSA key to wrap, which must hold an ECC or RSA key - * pair (see notes below). + * \param key The PSA key to wrap, which must hold an ECC or RSA key pair. * * \return \c 0 on success. * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input From c51b08ca1d016287eb7cd6845001ad93d6b9b380 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Mar 2024 16:08:08 +0100 Subject: [PATCH 06/12] pk: fix indentation in description of mbedtls_pk_setup_opaque() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 48 ++++++++++++++++++++------------------------ 1 file changed, 22 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index ebd898ea82..86ab7d6ac2 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -359,38 +359,34 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); #if defined(MBEDTLS_USE_PSA_CRYPTO) /** - * \brief Initialize a PK context to wrap a PSA key. + * \brief Initialize a PK context to wrap a PSA key. * - * This function helps creating a PK context which wraps a - * PSA key. The PSA wrapped key must be an EC or RSA key pair - * (DH is not suported in PK module). + * This function helps creating a PK context which wraps a PSA key. The PSA wrapped + * key must be an EC or RSA key pair (DH is not suported in PK module). * - * Under the hood PSA functions are used to perform the required - * operations and, based on the key type, used algorithms will be: - * * EC: - * * verify, verify_ext, sign, sign_ext: ECDSA. - * * RSA: - * * sign, sign_ext, decrypt: use the primary algorithm in - * the wrapped PSA key; - * * verify, verify_ext, encrypt: not supported. + * Under the hood PSA functions are used to perform the required + * operations and, based on the key type, used algorithms will be: + * * EC: + * * verify, verify_ext, sign, sign_ext: ECDSA. + * * RSA: + * * sign, sign_ext, decrypt: use the primary algorithm in the wrapped PSA key; + * * verify, verify_ext, encrypt: not supported. * - * In order for the above operations to succeed, the policy of - * the wrapped PSA key must allow the specified algorithm. + * In order for the above operations to succeed, the policy of the wrapped PSA + * key must allow the specified algorithm. * - * \warning The PSA wrapped key must remain valid as long as the wrapping - * PK context is in use, that is at least between the point this - * function is called and the point mbedtls_pk_free() is called - * on this context. + * \warning The PSA wrapped key must remain valid as long as the wrapping PK + * context is in use, that is at least between the point this function + * is called and the point mbedtls_pk_free() is called on this context. * - * \param ctx The context to initialize. It must be empty (type NONE). - * \param key The PSA key to wrap, which must hold an ECC or RSA key pair. + * \param ctx The context to initialize. It must be empty (type NONE). + * \param key The PSA key to wrap, which must hold an ECC or RSA key pair. * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input - * (context already used, invalid key identifier). - * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an - * ECC key pair. - * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input (context already + * used, invalid key identifier). + * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an ECC key pair. + * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure. */ int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, const mbedtls_svc_key_id_t key); From c26646c211427ce6c1685412e0657fee17df2f78 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Mar 2024 16:22:24 +0100 Subject: [PATCH 07/12] pk: fix description of mbedtls_pk_setup_opaque for sign_ext() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 86ab7d6ac2..e33702fe86 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -369,7 +369,9 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); * * EC: * * verify, verify_ext, sign, sign_ext: ECDSA. * * RSA: - * * sign, sign_ext, decrypt: use the primary algorithm in the wrapped PSA key; + * * sign, decrypt: use the primary algorithm in the wrapped PSA key; + * * sign_ext: RSA PSS if the pk_type is #MBEDTLS_PK_RSASSA_PSS, otherwise + * it falls back to the sign() case; * * verify, verify_ext, encrypt: not supported. * * In order for the above operations to succeed, the policy of the wrapped PSA From a53f54350e1cd52d42739230fc469983d7174bc3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Mar 2024 16:23:34 +0100 Subject: [PATCH 08/12] pk: simplify mbedtls_pk_sign_ext() In case of opaque keys skip the check of the supported primary/enrollment algorithms. Just try to perfom the signature and if the wrapped key does not support RSA PSS the operation will fail automatically. Signed-off-by: Valerio Setti --- library/pk.c | 42 +++++++++--------------------------------- 1 file changed, 9 insertions(+), 33 deletions(-) diff --git a/library/pk.c b/library/pk.c index 097777f2c0..c29318dd97 100644 --- a/library/pk.c +++ b/library/pk.c @@ -1327,43 +1327,19 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type, } if (mbedtls_pk_get_type(ctx) == MBEDTLS_PK_OPAQUE) { - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t psa_alg, sign_alg; -#if defined(MBEDTLS_PSA_CRYPTO_C) - psa_algorithm_t psa_enrollment_alg; -#endif /* MBEDTLS_PSA_CRYPTO_C */ psa_status_t status; - status = psa_get_key_attributes(ctx->priv_id, &key_attr); - if (status != PSA_SUCCESS) { - return PSA_PK_RSA_TO_MBEDTLS_ERR(status); - } - psa_alg = psa_get_key_algorithm(&key_attr); -#if defined(MBEDTLS_PSA_CRYPTO_C) - psa_enrollment_alg = psa_get_key_enrollment_algorithm(&key_attr); -#endif /* MBEDTLS_PSA_CRYPTO_C */ - psa_reset_key_attributes(&key_attr); - - /* Since we're PK type is MBEDTLS_PK_RSASSA_PSS at least one between - * alg and enrollment alg should be of type RSA_PSS. */ - if (PSA_ALG_IS_RSA_PSS(psa_alg)) { - sign_alg = psa_alg; - } -#if defined(MBEDTLS_PSA_CRYPTO_C) - else if (PSA_ALG_IS_RSA_PSS(psa_enrollment_alg)) { - sign_alg = psa_enrollment_alg; - } -#endif /* MBEDTLS_PSA_CRYPTO_C */ - else { - /* The opaque key has no RSA PSS algorithm associated. */ - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - /* Adjust the hashing algorithm. */ - sign_alg = (sign_alg & ~PSA_ALG_HASH_MASK) | PSA_ALG_GET_HASH(psa_md_alg); - - status = psa_sign_hash(ctx->priv_id, sign_alg, + /* PSA_ALG_RSA_PSS() behaves the same as PSA_ALG_RSA_PSS_ANY_SALT() when + * performing a signature, but they are encoded differently. Instead of + * extracting the proper one from the wrapped key policy, just try both. */ + status = psa_sign_hash(ctx->priv_id, PSA_ALG_RSA_PSS(psa_md_alg), hash, hash_len, sig, sig_size, sig_len); + if (status == PSA_ERROR_NOT_PERMITTED) { + status = psa_sign_hash(ctx->priv_id, PSA_ALG_RSA_PSS_ANY_SALT(psa_md_alg), + hash, hash_len, + sig, sig_size, sig_len); + } return PSA_PK_RSA_TO_MBEDTLS_ERR(status); } From b2840b0aac0bcc65ebe5075d0f30a831a8905397 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Mar 2024 16:26:11 +0100 Subject: [PATCH 09/12] test_suite_pk: add failing check for sign_ext() in pk_psa_wrap_sign_ext() If the wrapped key has a PKCS1 v1.5 signature algorithm, then try to call sign_ext() to perform PSA RSS. Of course this will fail because it's not supported by the wrapped key. Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index ddcbd83820..564bda8ab5 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -2082,6 +2082,19 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg memset(hash, 0x2a, sizeof(hash)); memset(sig, 0, sizeof(sig)); +#if defined(MBEDTLS_PKCS1_V21) + /* Check that trying to use the wrong pk_type in sign_ext() results in a failure. + * The PSA key was setup to use PKCS1 v1.5 signature algorithm, but here we try + * to use it for PSS (PKCS1 v2.1) and it should fail. */ + if (key_pk_type == MBEDTLS_PK_RSA) { + TEST_EQUAL(mbedtls_pk_sign_ext(MBEDTLS_PK_RSASSA_PSS, &pk, md_alg, hash, hash_len, + sig, sizeof(sig), &sig_len, + mbedtls_test_rnd_std_rand, NULL), + MBEDTLS_ERR_RSA_BAD_INPUT_DATA); + } +#endif /* MBEDTLS_PKCS1_V21 */ + + /* Perform sign_ext() with the correct pk_type. */ TEST_EQUAL(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len, sig, sizeof(sig), &sig_len, mbedtls_test_rnd_std_rand, NULL), 0); From 320180f0439f3cf33d5102554fdf85cfe9082152 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Mar 2024 16:49:02 +0100 Subject: [PATCH 10/12] pk: add check_pair info to mbedtls_pk_setup_opaque() documentation This also updates use-psa-crypto.md accordingly. Signed-off-by: Valerio Setti --- docs/use-psa-crypto.md | 9 ++------- include/mbedtls/pk.h | 3 +++ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md index 92d0985249..f2983bd37a 100644 --- a/docs/use-psa-crypto.md +++ b/docs/use-psa-crypto.md @@ -75,13 +75,8 @@ operations and its public part can be exported. **Benefits:** isolation of long-term secrets, use of PSA Crypto drivers. -**Limitations:** can only wrap a key pair, can only use it for private key -operations. (That is, signature generation, and for RSA decryption too.) -Note: for ECDSA, currently this uses randomized ECDSA while Mbed TLS uses -deterministic ECDSA by default. The following operations are not supported -with a context set this way, while they would be available with a normal -context: `mbedtls_pk_check_pair()`, `mbedtls_pk_debug()`, all public key -operations. +**Limitations:** please refer to the documentation of `mbedtls_pk_setup_opaque()` +for a full list of supported operations and limitations. **Use in X.509 and TLS:** opt-in. The application needs to construct the PK context using the new API in order to get the benefits; it can then pass the diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index e33702fe86..a3b13633d4 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -377,6 +377,9 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); * In order for the above operations to succeed, the policy of the wrapped PSA * key must allow the specified algorithm. * + * Opaque PK contexts wrapping an EC keys also support \c mbedtls_pk_check_pair(), + * whereas RSA ones do not. + * * \warning The PSA wrapped key must remain valid as long as the wrapping PK * context is in use, that is at least between the point this function * is called and the point mbedtls_pk_free() is called on this context. From b2470d9bbfb86d0bdd2f7b6c8939736aedf2d4bd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 25 Mar 2024 09:37:47 +0100 Subject: [PATCH 11/12] pk: fix typos in description of mbedtls_pk_setup_opaque() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index a3b13633d4..a23927088c 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -361,10 +361,10 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); /** * \brief Initialize a PK context to wrap a PSA key. * - * This function helps creating a PK context which wraps a PSA key. The PSA wrapped - * key must be an EC or RSA key pair (DH is not suported in PK module). + * This function creates a PK context which wraps a PSA key. The PSA wrapped + * key must be an EC or RSA key pair (DH is not suported in the PK module). * - * Under the hood PSA functions are used to perform the required + * Under the hood PSA functions will be used to perform the required * operations and, based on the key type, used algorithms will be: * * EC: * * verify, verify_ext, sign, sign_ext: ECDSA. From fd0e2f3beb8f5981a19fdc4bc9736b0270013f1f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Apr 2024 09:39:12 +0200 Subject: [PATCH 12/12] pk: fix documentation of mbedtls_pk_setup_opaque() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index a23927088c..52f4cc6c9e 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -390,7 +390,8 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); * \return \c 0 on success. * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input (context already * used, invalid key identifier). - * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an ECC key pair. + * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an ECC or + * RSA key pair. * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure. */ int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx,