PSA: document the export format for Montgomery public keys

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

https://www.trustedfirmware.org/projects/mbed-tls/

Other

5.5k stars 2.6k forks source link

PSA: document the export format for Montgomery public keys #4291

Open gilles-peskine-arm opened 3 years ago

gilles-peskine-arm commented 3 years ago

The documentation of psa_export_public_key in include/psa/crypto.h is missing the case of Montgomery public keys. It is present in the specification.

Goal of this task:

Add the missing case to the Mbed TLS documentation.
Figure out why it's missing (editorial mistake? was only added after the fork?) and add anything else that was missed in the same way.

athoelke commented 3 years ago

The PSA Crypto spec has the following documentation for this case:

For curve family PSA_ECC_FAMILY_MONTGOMERY, the scalar value of the 'public key' in little-endian order as defined by RFC 7748 §6. This is a ceiling(m/8)-byte string where m is the key size in bits.

This is 32 bytes for Curve25519, computed as X25519(private_key, 9).

This is 56 bytes for Curve448, computed as X448(private_key, 5).