Clarify the format of the (EC)DH shared secret

This commit is contained in:
Gilles Peskine 2018-10-25 22:22:11 +02:00
parent 2607bca666
commit 79dd6229e4

View file

@ -1228,6 +1228,9 @@ typedef uint32_t psa_algorithm_t;
* public key, with a key selection or key derivation algorithm to produce
* one or more shared keys and other shared cryptographic material.
*
* The input to \p kdf_alg is the shared secret `g^{ab}` in big-endian format.
* It is `ceiling(n / 8)` bytes long where `n` is the size of the prime `p`.
*
* \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such
* that #PSA_ALG_IS_KEY_DERIVATION(\p hash_alg) is true)
* or a key selection algorithm (\c PSA_ALG_XXX value such
@ -1260,6 +1263,10 @@ typedef uint32_t psa_algorithm_t;
* public key, with a key selection or key derivation algorithm to produce
* one or more shared keys and other shared cryptographic material.
*
* The input to \p kdf_alg is the shared secret `d_A Q_B = d_B Q_A` in
* big-endian format. It is `ceiling(n / 8)` bytes long where `n` is the
* curve size in bits.
*
* \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such
* that #PSA_ALG_IS_KEY_DERIVATION(\p hash_alg) is true)
* or a selection algorithm (\c PSA_ALG_XXX value such