Add warning about not using keys directly

Keys that are the result of key agreement have biases and really should not be used directly. Warning taken in part from psa_raw_key_agreement() Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2025-03-12 10:13:39 +00:00 · 2024-08-01 18:28:07 +01:00 · 2024-08-01 18:28:07 +01:00 · e50edc0d95
commit e50edc0d95
parent 327da4774b
1 changed files with 6 additions and 0 deletions
--- a/tf-psa-crypto/include/psa/crypto.h
+++ b/tf-psa-crypto/include/psa/crypto.h
@ -4887,6 +4887,12 @@ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation);
 *                              at any point. It is not bound by the usual
 *                              interface stability promises.
 *
+ * \warning                     The raw result of a key agreement algorithm such
+ *                              elliptic curve Diffie-Hellman has biases
+ *                              and should not be used directly as key material.
+ *                              It should instead be passed as input to a key
+ *                              derivation algorithm.
+ *
 * \note                        This function combined with \c
 *                              psa_key_agreement_iop_complete() is equivalent
 *                              to \c psa_raw_key_agreement() but \c