Xref interruptible operations from key usage flags

ARM-software · Nov 9, 2023 · 38009f7 · 38009f7
1 parent acd80e3
commit 38009f7
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/doc/crypto/api/keys/policy.rst b/doc/crypto/api/keys/policy.rst
@@ -180,6 +180,7 @@ The usage flags are encoded in a bitmask, which has the type `psa_key_usage_t`.
     *   `psa_mac_compute()`
     *   `psa_mac_sign_setup()`
     *   `psa_sign_message()`
+    *   `psa_sign_interruptible_setup()`, when signing a message.
 
     For a key pair, this concerns the private key.
 
@@ -194,6 +195,7 @@ The usage flags are encoded in a bitmask, which has the type `psa_key_usage_t`.
     *   `psa_mac_verify()`
     *   `psa_mac_verify_setup()`
     *   `psa_verify_message()`
+    *   `psa_verify_interruptible_setup()`, when verifying the signature of a message.
 
     For a key pair, this concerns the public key.
 
@@ -203,7 +205,10 @@ The usage flags are encoded in a bitmask, which has the type `psa_key_usage_t`.
     .. summary::
         Permission to sign a message hash with the key.
 
-    This flag is required to use the key to sign a message hash in an asymmetric signature operation. The flag must be present on keys used when calling `psa_sign_hash()`.
+    This flag is required to use the key to sign a pre-computed message hash in an asymmetric signature operation. The flag must be present on keys used with the following APIs:
+
+    *   `psa_sign_hash()`
+    *   `psa_sign_interruptible_setup()` when signing a pre-computed hash.
 
     This flag automatically sets `PSA_KEY_USAGE_SIGN_MESSAGE`: if an application sets the flag `PSA_KEY_USAGE_SIGN_HASH` when creating a key, then the key always has the permissions conveyed by `PSA_KEY_USAGE_SIGN_MESSAGE`, and the flag `PSA_KEY_USAGE_SIGN_MESSAGE` will also be present when the application queries the usage flags of the key.
 
@@ -215,7 +220,10 @@ The usage flags are encoded in a bitmask, which has the type `psa_key_usage_t`.
     .. summary::
         Permission to verify a message hash with the key.
 
-    This flag is required to use the key to verify a message hash in an asymmetric signature verification operation. The flag must be present on keys used when calling `psa_verify_hash()`.
+    This flag is required to use the key to verify a pre-computed message hash in an asymmetric signature verification operation. The flag must be present on keys used with the following APIs:
+
+    *   `psa_verify_hash()`
+    *   `psa_verify_interruptible_setup()`, when verifying the signature of a pre-computed hash.
 
     This flag automatically sets `PSA_KEY_USAGE_VERIFY_MESSAGE`: if an application sets the flag `PSA_KEY_USAGE_VERIFY_HASH` when creating a key, then the key always has the permissions conveyed by `PSA_KEY_USAGE_VERIFY_MESSAGE`, and the flag `PSA_KEY_USAGE_VERIFY_MESSAGE` will also be present when the application queries the usage flags of the key.