From 19d418a4710ea86e9bed8bbdc330cfac3b227a8d Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Fri, 29 Nov 2024 17:29:39 +0000
Subject: [PATCH] Clarify why we set num_ops to 1 in iop key generation

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c        | 4 ++++
 tf-psa-crypto/tests/suites/test_suite_psa_crypto.function | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c
index c6036e7fe8..7fccc72fdc 100644
--- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c
+++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c
@@ -645,6 +645,10 @@ psa_status_t mbedtls_psa_ecp_generate_key_iop_complete(
         return mbedtls_to_psa_error(status);
     }
 
+    /* Our implementation of key generation only generates the private key
+       which doesn't invlolve any ECC arithmetic operations so number of ops
+       is less than 1 but we round up to 1 to differentiate between num ops of
+       0 which means no work has been done this facilitates testing. */
     operation->num_ops = 1;
 
     status = mbedtls_mpi_write_binary(&operation->ecp.d, key_output, key_output_size);
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
index 81526f7972..4d00142e1f 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
@@ -10174,6 +10174,12 @@ void generate_key(int type_arg,
         if (status == PSA_SUCCESS || status == PSA_OPERATION_INCOMPLETE) {
             num_ops = psa_generate_key_iop_get_num_ops(&operation);
 
+            /* Our implementation of key generation only generates the private key
+               which doesn't invlolve any ECC arithmetic operations so number of ops
+               is less than 1 but we round up to 1 to differentiate between num ops of
+               0 which means no work has been done this facilitates testing.
+               It is acceptable however for other implementations to set the number of
+               ops to zero. */
             TEST_LE_U(num_ops_prior + 1, num_ops);
 
             num_ops_prior = num_ops;