ARM-software · athoelke · Oct 17, 2025 · Oct 16, 2025 · Oct 16, 2025
@@ -1016,7 +1016,7 @@ See :secref:`wpa3-sae-passwords`.
         *   :math:`x` encoded as a big-endian :math:`m`-byte string;
         *   :math:`y` encoded as a big-endian :math:`m`-byte string.
 
-        For an elliptic curve over :math:`\mathbb{F}_p`, :math:`m` is the integer for which :math:`2^{8m-1} \leq p < 2^{8m}`.
+        For an elliptic curve over :math:`\mathbb{F}_p`, :math:`m` is the integer for which :math:`2^{8(m-1)} \leq p < 2^{8m}`.
 
         .. note::
 
@@ -1063,7 +1063,7 @@ See :secref:`wpa3-sae-passwords`.
 
         The password token is a finite-field group element :math:`y \in [1, p - 1]`, where :math:`p` is the group's prime modulus.
 
-        The data format for import and export of the password token is :math:`y` encoded as a big-endian :math:`m`-byte string, where :math:`m` is the integer for which :math:`2^{8m-1} \leq p < 2^{8m}`.
+        The data format for import and export of the password token is :math:`y` encoded as a big-endian :math:`m`-byte string, where :math:`m` is the integer for which :math:`2^{8(m-1)} \leq p < 2^{8m}`.
 
         .. note::
 
@@ -1313,7 +1313,7 @@ The curve type affects the key format, the key-derivation procedure, and the alg
     .. param:: curve
         A value of type `psa_ecc_family_t` that identifies the ECC curve family to be used.
 
-    The size of an elliptic curve key is the bit size associated with the curve, that is, the bit size of :math:`q`` for a curve over a field :math:`\mathbb{F}_q`.
+    The size of an elliptic curve key is the bit size associated with the curve, that is, the bit size of :math:`q` for a curve over a field :math:`\mathbb{F}_q`.
     See the documentation of each elliptic curve family for details.
 
     .. subsection:: Compatible algorithms
@@ -1408,7 +1408,7 @@ The curve type affects the key format, the key-derivation procedure, and the alg
                     Let :math:`m` be the bit size of :math:`N`, such that :math:`2^{m-1} \leq N < 2^m`. This function generates the private key using the following process:
 
                     1.  Draw a byte string of length :math:`\lceil{m/8}\rceil` bytes.
-                    #.  If :math:`m` is not a multiple of 8, set the most significant :math:`8 * \lceil{m/8}\rceil - m`` bits of the first byte in the string to zero.
+                    #.  If :math:`m` is not a multiple of 8, set the most significant :math:`8 * \lceil{m/8}\rceil - m` bits of the first byte in the string to zero.
                     #.  Convert the string to integer :math:`k` by decoding it as a big-endian byte-string.
                     #.  If :math:`k > N-2`, discard the result and return to step 1.
                     #.  Output :math:`d = k + 1` as the private key.
@@ -1592,7 +1592,7 @@ Diffie Hellman keys
         This function generates the private key using the following process:
 
         1.  Draw a byte string of length :math:`\lceil{m/8}\rceil` bytes.
-        #.  If :math:`m` is not a multiple of 8, set the most significant :math:`8 * \lceil{m/8}\rceil - m`` bits of the first byte in the string to zero.
+        #.  If :math:`m` is not a multiple of 8, set the most significant :math:`8 * \lceil{m/8}\rceil - m` bits of the first byte in the string to zero.
         #.  Convert the string to integer :math:`k` by decoding it as a big-endian byte-string.
         #.  If :math:`k > p-2`, discard the result and return to step 1.
         #.  Output :math:`x = k + 1` as the private key.

@@ -345,7 +345,7 @@ Key-derivation algorithms
 
     This KDF is defined in :cite-title:`TLS-ECJPAKE` §8.7. This specifies the use of a KDF to derive the TLS 1.2 session secrets from the output of EC J-PAKE over the secp256r1 Elliptic curve (the 256-bit curve in `PSA_ECC_FAMILY_SECP_R1`). EC J-PAKE operations can be performed using a PAKE operation, see :secref:`pake`.
 
-    This KDF takes the shared secret :math:`K`` (an uncompressed EC point in case of EC J-PAKE) and calculates :math:`\text{SHA256}(K.x)`.
+    This KDF takes the shared secret :math:`K` (an uncompressed EC point in case of EC J-PAKE) and calculates :math:`\text{SHA256}(K.x)`.
 
     This function takes a single input:
 

@@ -1414,7 +1414,7 @@ The following steps demonstrate the application code for 'User' in :numref:`fig-
     See :secref:`jpake-cipher-suites` and :secref:`jpake-passwords` for details on the requirements for the cipher suite and key.
 
     The key material is used as an array of bytes, which is converted to an integer as described in :cite-title:`SEC1` §2.3.8, before reducing it modulo :math:`q`.
-    Here, :math:`q`` is the order of the group defined by the cipher-suite primitive.
+    Here, :math:`q` is the order of the group defined by the cipher-suite primitive.
     `psa_pake_setup()` will return an error if the result of the conversion and reduction is ``0``.
 
 Key exchange