1eb85624a6
MBED_TLS_USE_PSA_CRYPTO is now always enabled we need to remove documentation discussing cases when it is disabled. Signed-off-by: Janos Follath <janos.follath@arm.com>
4.0 KiB
This document describes how PSA Crypto is used in the X.509 and TLS libraries from a user's perspective.
In particular:
- X.509 and TLS libraries use PSA for cryptographic operations as much as possible, see "Internal changes" below;
- APIs for using keys handled by PSA Crypto, such as
mbedtls_pk_setup_opaque()andmbedtls_ssl_conf_psk_opaque(), see "PSA key APIs" below.
General considerations
Application code: you need to call psa_crypto_init() before calling any
function from the SSL/TLS, X.509 or PK modules, except for the various
mbedtls_xxx_init() functions which can be called at any time.
PSA Key APIs
PSA-held (opaque) keys in the PK layer
API function: mbedtls_pk_setup_opaque() - can be used to wrap a PSA key
pair into a PK context. The key can be used for private-key operations and its
public part can be exported.
Benefits: isolation of long-term secrets, use of PSA Crypto drivers.
Limitations: please refer to the documentation of mbedtls_pk_setup_opaque()
for a full list of supported operations and limitations.
Use in X.509 and TLS: opt-in. The application needs to construct the PK context using the new API in order to get the benefits; it can then pass the resulting context to the following existing APIs:
mbedtls_ssl_conf_own_cert()ormbedtls_ssl_set_hs_own_cert()to use the key together with a certificate for certificate-based key exchanges;mbedtls_x509write_csr_set_key()to generate a CSR (certificate signature request);mbedtls_x509write_crt_set_issuer_key()to generate a certificate.
PSA-held (opaque) keys for TLS pre-shared keys (PSK)
API functions: mbedtls_ssl_conf_psk_opaque() and
mbedtls_ssl_set_hs_psk_opaque(). Call one of these from an application to
register a PSA key for use with a PSK key exchange.
Benefits: isolation of long-term secrets.
Limitations: none.
Use in TLS: opt-in. The application needs to register the key using one of the above APIs to get the benefits.
PSA-held (opaque) keys for TLS 1.2 EC J-PAKE key exchange
API function: mbedtls_ssl_set_hs_ecjpake_password_opaque(). Call this
function from an application to register a PSA key for use with the TLS 1.2 EC
J-PAKE key exchange.
Benefits: isolation of long-term secrets.
Limitations: none.
Use in TLS: opt-in. The application needs to register the key using one of the above APIs to get the benefits.
PSA-based operations in the Cipher layer
There is an API function mbedtls_cipher_setup_psa() to set up a context
that will call PSA to store the key and perform the operations.
This function only worked for a small number of ciphers. It is now deprecated
and it is recommended to use psa_cipher_xxx() or psa_aead_xxx() functions
directly instead.
Warning: This function will be removed in a future version of Mbed TLS. If you are using it and would like us to keep it, please let us know about your use case.
Internal uses
All of these internal uses are relying on PSA Crypto.
TLS: most crypto operations based on PSA
Current exceptions:
- Finite-field (non-EC) Diffie-Hellman (used in key exchanges: DHE-RSA, DHE-PSK).
- Restartable operations when
MBEDTLS_ECP_RESTARTABLEis also enabled (see the documentation of that option).
Other than the above exceptions, all crypto operations are based on PSA.
X.509: most crypto operations based on PSA
Current exceptions:
- Restartable operations when
MBEDTLS_ECP_RESTARTABLEis also enabled (see the documentation of that option).
Other than the above exception, all crypto operations are based on PSA.
PK layer: most crypto operations based on PSA
Current exceptions:
- Verification of RSA-PSS signatures with an MGF hash that's different from the message hash.
- Restartable operations when
MBEDTLS_ECP_RESTARTABLEis also enabled (see the documentation of that option).
Other than the above exceptions, all crypto operations are based on PSA.