Incorporate PR feedback

* Changing terminology to align with British English. * Adding references to the attacks mentioned, and removing unnecessary details from warning. Signed-off-by: Ionut Mihalcea <[email protected]>
parallaxsecond · Jul 17, 2023 · 806cf26 · 806cf26
1 parent 545b15d
commit 806cf26
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 10 deletions.
diff --git a/src/overview.md b/src/overview.md
@@ -54,7 +54,7 @@ The following observations can be made about such applications:
 - They may be written with no explicit knowledge of the hardware capabilities of the target
    platform, such as whether an HSM or TPM is available.
 - They are often sharing the target platform hardware with other applications due to the use of
-   virtualization or containerization technology.
+   virtualisation or containerization technology.
 - The secure assets owned by one application must be isolated from those owned by another. For
    example, private keys provisioned on a hardware device must be isolated such that only the
    provisioning application would be able to perform subsequent operations with those keys.

diff --git a/src/parsec_client/operations/psa_asymmetric_decrypt.md b/src/parsec_client/operations/psa_asymmetric_decrypt.md
@@ -33,10 +33,11 @@ Decrypt a short message with a private key. Opcode: 11 (`0x000B`)
 
 This function will decrypt a short message with the private key of the provided key pair.
 
-**WARNING:** In some protocols, when decrypting data, it is essential that the behavior of the
-application does not depend on whether the padding is correct, down to precise timing. If the
-application must perform a decryption of unauthenticated data, the application writer must take care
-not to reveal whether the padding is invalid.
+**WARNING:** In some protocols, when decrypting data, it is essential that the behaviour of the
+application does not depend on whether the padding is correct (see
+[Bleichenbacher](https://link.springer.com/content/pdf/10.1007/bfb0055716.pdf)). If the application
+must perform a decryption of unauthenticated data, the application writer must take care not to
+reveal whether the padding is invalid.
 
 ## Contract
 

diff --git a/src/parsec_client/operations/psa_cipher_decrypt.md b/src/parsec_client/operations/psa_cipher_decrypt.md
@@ -29,11 +29,12 @@ Decrypt a short message with a symmetric cipher. Opcode: 21 (`0x0015`)
 
 This function will decrypt a short message using the provided initialisation vector (IV).
 
-**Warning:** In some protocols, when decrypting data, it is essential that the behavior of the
-application does not depend on whether the padding is correct, down to precise timing. Protocols
-that use authenticated encryption are recommended for use by applications, rather than plain
-encryption. If the application must perform a decryption of unauthenticated data, the application
-writer must take care not to reveal whether the padding is invalid.
+**Warning:** In some protocols, when decrypting data, it is essential that the behaviour of the
+application does not depend on whether the padding is correct (see [Klíma et
+al](https://eprint.iacr.org/2003/098.pdf)). Protocols that use authenticated encryption are
+recommended for use by applications, rather than plain encryption. If the application must perform a
+decryption of unauthenticated data, the application writer must take care not to reveal whether the
+padding is invalid.
 
 ## Contract