mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2024-12-29 09:21:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Our TLS 1.3 API doesn't actually require PSA key identifiers

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-01-02 13:15:14 +01:00
parent 93cdb77835
commit a7226a1f60
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/architecture/psa-migration/psa-legacy-bridges.md
View File

@ -150,7 +150,7 @@ Reasons for first creating a legacy key object, where it's impossible or impract
Reasons for needing a PSA key object:
* Using the key in TLS 1.3 or some third-party interface that takes a PSA key identifier as input.
* Using the key with third-party interface that takes a PSA key identifier as input. (Mbed TLS itself has a few TLS functions that take PSA key identifiers, but as of Mbed TLS 3.5, it is always possible to use a legacy key instead.)
* Benefiting from a PSA accelerator, or from PSA's world separation, even without `MBEDTLS_USE_PSA_CRYPTO`. (Not a priority scenario: we generally expect people to activate `MBEDTLS_USE_PSA_CRYPTO` at an early stage of their migration to PSA.)
Gap: a way to create a PSA key object from an `mbedtls_pk_context`. This partially exists in the form of `mbedtls_pk_wrap_as_opaque`, but it is not fully satisfactory, for reasons that are detailed in “[API to create a PSA key from a PK context](#api-to-create-a-psa-key-from-a-pk-context)” below.