TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e50edc0d954465449be0cde8a0b5a6d37bf6c618^! / .
commite50edc0d954465449be0cde8a0b5a6d37bf6c618[log] [tgz]
authorPaul Elliott <paul.elliott@arm.com>Thu Aug 01 18:28:07 2024 +0100
committerPaul Elliott <paul.elliott@arm.com>Thu Aug 01 18:28:07 2024 +0100
treeb2e1f66b57e0be65d935d5d4671fbffe5637c872
parent327da4774b040695e26be990c60a48000afb70f3 [diff]
Add warning about not using keys directly

Keys that are the result of key agreement have biases and really should
not be used directly. Warning taken in part from psa_raw_key_agreement()

Signed-off-by: Paul Elliott <paul.elliott@arm.com>

diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h
index e5c148d..e840a40 100644
--- a/tf-psa-crypto/include/psa/crypto.h
+++ b/tf-psa-crypto/include/psa/crypto.h

@@ -4887,6 +4887,12 @@
  *                              at any point. It is not bound by the usual
  *                              interface stability promises.
  *
+ * \warning                     The raw result of a key agreement algorithm such
+ *                              elliptic curve Diffie-Hellman has biases
+ *                              and should not be used directly as key material.
+ *                              It should instead be passed as input to a key
+ *                              derivation algorithm.
+ *
  * \note                        This function combined with \c
  *                              psa_key_agreement_iop_complete() is equivalent
  *                              to \c psa_raw_key_agreement() but \c