Fix typos, comments, style, optimize macros

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2025-07-30 22:43:08 +03:00 · 2022-12-15 13:28:02 +01:00
parent 87d9a4a30c
commit 654bef0be0
7 changed files with 31 additions and 32 deletions
--- a/library/Makefile
+++ b/library/Makefile
@ -134,7 +134,7 @@ OBJS_CRYPTO= \
 	     psa_crypto_client.o \
 	     psa_crypto_driver_wrappers.o \
 	     psa_crypto_ecp.o \
-		 psa_crypto_ffdh.o \
+	     psa_crypto_ffdh.o \
 	     psa_crypto_hash.o \
 	     psa_crypto_mac.o \
 	     psa_crypto_pake.o \
--- a/library/psa_crypto_ffdh.c
+++ b/library/psa_crypto_ffdh.c
@ -149,7 +149,7 @@ psa_status_t mbedtls_psa_key_agreement_ffdh(
        MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&GY, peer_key,
                                                peer_key_length));

-        /* Calculate shared secret public key: K = G^(XY) mod P */
+        /* Calculate shared secret public key: K = G^(XY) mod P = GY^X mod P */
        MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &GY, &X, &P, NULL));

        MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K, shared_secret,
@ -221,6 +221,9 @@ psa_status_t mbedtls_psa_ffdh_generate_key(
        PSA_BITS_TO_BYTES(attributes->core.bits), &P, NULL);

    if (status == PSA_SUCCESS) {
+        /* RFC7919: Traditional finite field Diffie-Hellman has each peer choose their
+           secret exponent from the range [2, P-2].
+           Select random value in range [4, P] and decrease it by 2. */
        MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 4, &P, mbedtls_psa_get_random,
                                           MBEDTLS_PSA_RANDOM_STATE));
        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 2));