Document the input size restriction for EC J-PAKE to PMS Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

commit: 18f8e8d62c33005f3d42aa3fa492560a4978a94a [log] [tgz]
author: Andrzej Kurek <andrzej.kurek@arm.com> Wed Sep 14 08:44:34 2022 -0400
committer: Andrzej Kurek <andrzej.kurek@arm.com> Wed Sep 14 08:44:34 2022 -0400
tree: dd86e28c134fa6b9a6d1e6efe8f757dfcff7fd3b
parent: d8705bc7b77288e4c18e9a011d8d0d5097d02657 [diff] [blame]
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 0343819..573ff9a 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h

@@ -2023,7 +2023,8 @@
 
 /* Macro to build a KDF that takes the shared secret K (an EC point in case
  * of EC J-PAKE) and calculates SHA256(K.X) that the rest of TLS 1.2 will
- * use to derive the session secret. Uses PSA_ALG_SHA_256.
+ * use to derive the session secret. Uses PSA_ALG_SHA_256. Only P-256 is
+ * supported, so the input has to be exactly 65 bytes.
  */
 #define PSA_ALG_TLS12_ECJPAKE_TO_PMS            ((psa_algorithm_t)0x08000600)
 #define PSA_ALG_IS_TLS12_ECJPAKE_TO_PMS(alg)                               \
commit	18f8e8d62c33005f3d42aa3fa492560a4978a94a	[log] [tgz]
author	Andrzej Kurek <andrzej.kurek@arm.com>	Wed Sep 14 08:44:34 2022 -0400
committer	Andrzej Kurek <andrzej.kurek@arm.com>	Wed Sep 14 08:44:34 2022 -0400
tree	dd86e28c134fa6b9a6d1e6efe8f757dfcff7fd3b
parent	d8705bc7b77288e4c18e9a011d8d0d5097d02657 [diff] [blame]