Add warning about not using keys directly
Keys that are the result of key agreement have biases and really should
not be used directly. Warning taken in part from psa_raw_key_agreement()
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h
index e5c148d..e840a40 100644
--- a/tf-psa-crypto/include/psa/crypto.h
+++ b/tf-psa-crypto/include/psa/crypto.h
@@ -4887,6 +4887,12 @@
* at any point. It is not bound by the usual
* interface stability promises.
*
+ * \warning The raw result of a key agreement algorithm such
+ * elliptic curve Diffie-Hellman has biases
+ * and should not be used directly as key material.
+ * It should instead be passed as input to a key
+ * derivation algorithm.
+ *
* \note This function combined with \c
* psa_key_agreement_iop_complete() is equivalent
* to \c psa_raw_key_agreement() but \c