Hello,
<mbedtls/ecdh.h>, <mbedtls/ecp.h> and other low-level interfaces have
been removed in TF-PSA-Crypto 1.0. Many are still present internally,
but there is no stability guarantee and they may go away or become more
limited over time. As you've seen, the PSA transition guide explains how
to migrate to PSA APIs. All crypto APIs are now either PSA APIs, or a
layer over PSA APIs for functionality that PSA doesn't cover. (Plus
crypto-adjacent APIs that are largely unchanged for things like ASN.1,
base64, etc.)
Note that if you're using #include <mbedtls/private/...> or #define
MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS, you are using unsupported
interfaces and you can expect your code to break in future versions of
the library.
For ecdh.h functions, you may need to change your workflow a bit, but I
can't think of anything that psa_raw_key_agreement() can't do. On the
other hand, the new API does not give you direct access to ECC
arithmetic: there is a loss of functionality compared to ecp.h.
But do you need anything beyond ECDH (plus of course some symmetric
crypto) for HKPE? I thought it didn't need any “fancy” elliptic curve
arithmetic.
Best regards,
--
Gilles Peskine
TF-PSA-Crypto and Mbed TLS developer
On 03/03/2026 17:02, Leonie Reichert via mbed-tls wrote:
> Dear MbedTLS contributors,
>
> I'm reaching out with a question regarding the ECDH and similar
> interfaces on the MbedTLS development branch. I hope this mailing list
> is the appropriate venue for this discussion.
>
> I am preparing a pull request for an implementation of the Hybrid
> Public Key Encryption (HPKE) standard for MbedTLS/TF-PSA-Crypo. It
> seems like the development branch at TF-PSA-Crypo does not seem to
> support ecdh.h anymore. While this is not seem to be explicitly stated
> anywhere, there are instructions on how to use the PSA interface
> instead to create ECDH keys.
>
> Now my question: So the my code meets the desired quality criteria,
> does all other key interfaces also have to be changed? I am using the
> ECP interface a lot, so mbedtls_ecp_group_init,
> mbedtls_ecp_point_init, mbedtls_ecp_keypair_init and so on. The
> functions are still available but the instructions in
> psa_tranistion.md in Section "translating a legacy ephemeral key
> agreement TLS server workflow" make me believe that using non-psa key
> interfaces might be undesirable in MbedTLS in general.
>
> I would greatly appreciate any clarification on this matter.
>
> Best regards,
> Leonie
>
>
>
> ABB logotype
>
> *—*
>
> *Dr. Leonie Reichert*
> Research Scientist "Secure Connected Systems"
> *ABB AG*
> Kallstadter Strasse 1
> Mannheim
> Mobile: +49 160 99002896
> E-mail: leonie.reichert@de.abb.com
mailto:leonie.reichert@de.abb.com
> abb.com
https://www.abb.com/
>
> ABB logotype
>
> ABB AG
> Sitz/Head Office: Mannheim
> Registergericht/Registry Court: Mannheim
> Handelsregisternummer/Commercial Register No.: HRB 4664
> Vorstand/Managing Board: Klaus Eble (Vorsitzender/Chairman), Alexander
> Zumkeller
> Vorsitzender des Aufsichtsrats/ Chairman of Supervisory Board: Adrian
> Guggisberg
>
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese
> E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
> Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie
> die unbefugte Weitergabe dieser Mail ist nicht gestattet.
> Bitte beachten Sie auch unsere Datenschutzerklärung, die Sie auf
> unserer Webseite
>
https://new.abb.com/privacy-policy/de/datenschutz finden.
>
> This E-mail may contain confidential and/or privileged information. If
> you are not the intended recipient (or have received this E-mail in
> error) please notify the sender immediately and destroy this E-mail.
> Any unauthorized copying, disclosure or distribution of the material
> in this E-mail is strictly forbidden.
> Please also take note of our privacy notice, which you can find on our
> webpage
https://new.abb.com/privacy-notice.
>
>
