From e5fde543379920f655110d1530f31a243367774e Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 16 Mar 2021 18:40:36 +0100
Subject: [PATCH] Remove incorrect definitions of the dom2() and dom4()
 prefixes

Implementers and users would have to refer to the RFC for the detailed
specification of the algorithm anyway.

Keep a mention of the curves and hashes involved for avoidance of doubt.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/psa/crypto_values.h | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index d4be75b62..5e865c931 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -1399,9 +1399,7 @@
  *   in RFC 8032.
  *   The curve is Edwards448.
  *   The hash function used internally is the first 114 bytes of the
- *   SHAKE256 output, with
- *   `dom4(1, "") = ASCII("SigEd448") || 0x01 0x00`
- *   prepended to the input.
+ *   SHAKE256 output.
  *
  * This algorithm can be used with psa_sign_message() and
  * psa_verify_message(). Since there is no prehashing, it cannot be used
@@ -1425,9 +1423,7 @@
  * This algorithm is Ed25519 as specified in RFC 8032.
  * The curve is Edwards25519.
  * The prehash is SHA-512.
- * The hash function used internally is SHA-512, with
- * `dom2(0, "") = ASCII("SigEd25519 no Ed25519 collisions") || 0x00 0x00`
- * prepended to the input.
+ * The hash function used internally is SHA-512.
  *
  * This is a hash-and-sign algorithm: to calculate a signature,
  * you can either:
@@ -1452,9 +1448,7 @@
  * The curve is Edwards448.
  * The prehash is the first 64 bytes of the SHAKE256 output.
  * The hash function used internally is the first 114 bytes of the
- * SHAKE256 output, with
- * `dom4(0, "") = ASCII("SigEd448") || 0x00 0x00`
- * prepended to the input.
+ * SHAKE256 output.
  *
  * This is a hash-and-sign algorithm: to calculate a signature,
  * you can either: