From e50edc0d954465449be0cde8a0b5a6d37bf6c618 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 1 Aug 2024 18:28:07 +0100 Subject: [PATCH] Add warning about not using keys directly Keys that are the result of key agreement have biases and really should not be used directly. Warning taken in part from psa_raw_key_agreement() Signed-off-by: Paul Elliott --- tf-psa-crypto/include/psa/crypto.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index e5c148dd87..e840a40cde 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -4887,6 +4887,12 @@ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); * at any point. It is not bound by the usual * interface stability promises. * + * \warning The raw result of a key agreement algorithm such + * elliptic curve Diffie-Hellman has biases + * and should not be used directly as key material. + * It should instead be passed as input to a key + * derivation algorithm. + * * \note This function combined with \c * psa_key_agreement_iop_complete() is equivalent * to \c psa_raw_key_agreement() but \c