Hello,

<mbedtls/ecdh.h>, <mbedtls/ecp.h> and other low-level interfaces have been removed in TF-PSA-Crypto 1.0. Many are still present internally, but there is no stability guarantee and they may go away or become more limited over time. As you've seen, the PSA transition guide explains how to migrate to PSA APIs. All crypto APIs are now either PSA APIs, or a layer over PSA APIs for functionality that PSA doesn't cover. (Plus crypto-adjacent APIs that are largely unchanged for things like ASN.1, base64, etc.)

Note that if you're using #include <mbedtls/private/...> or #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS, you are using unsupported interfaces and you can expect your code to break in future versions of the library.

For ecdh.h functions, you may need to change your workflow a bit, but I can't think of anything that psa_raw_key_agreement() can't do. On the other hand, the new API does not give you direct access to ECC arithmetic: there is a loss of functionality compared to ecp.h.

But do you need anything beyond ECDH (plus of course some symmetric crypto) for HKPE? I thought it didn't need any “fancy” elliptic curve arithmetic.

Best regards,

-- 
Gilles Peskine
TF-PSA-Crypto and Mbed TLS developer

On 03/03/2026 17:02, Leonie Reichert via mbed-tls wrote:
Dear MbedTLS contributors,

I'm reaching out with a question regarding the ECDH and similar interfaces on the MbedTLS development branch. I hope this mailing list is the appropriate venue for this discussion.

I am preparing a pull request for an implementation of the Hybrid Public Key Encryption (HPKE) standard for MbedTLS/TF-PSA-Crypo. It seems like the development branch at TF-PSA-Crypo does not seem to support ecdh.h anymore. While this is not seem to be explicitly stated anywhere, there are instructions on how to use the PSA interface instead to create ECDH keys. 

Now my question: So the my code meets the desired quality criteria, does all other key interfaces also have to be changed? I am using the ECP interface a lot, so mbedtls_ecp_group_init,  mbedtls_ecp_point_init, mbedtls_ecp_keypair_init and so on. The functions are still available but the instructions in psa_tranistion.md in Section "translating a legacy ephemeral key agreement TLS server workflow" make me believe that using non-psa key interfaces might be undesirable in MbedTLS in general.

I would greatly appreciate any clarification on this matter.

Best regards,
Leonie



ABB logotype

Dr. Leonie Reichert
Research Scientist "Secure Connected Systems"
ABB AG
Kallstadter Strasse 1
Mannheim
Mobile: +49 160 99002896
E-mail: leonie.reichert@de.abb.com
abb.com

ABB logotype

ABB AG
Sitz/Head Office: Mannheim
Registergericht/Registry Court: Mannheim
Handelsregisternummer/Commercial Register No.: HRB 4664
Vorstand/Managing Board: Klaus Eble (Vorsitzender/Chairman), Alexander Zumkeller
Vorsitzender des Aufsichtsrats/ Chairman of Supervisory Board: Adrian Guggisberg

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
Bitte beachten Sie auch unsere Datenschutzerklärung, die Sie auf unserer Webseite finden.

This E-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this E-mail in error) please notify the sender immediately and destroy this E-mail. Any unauthorized copying, disclosure or distribution of the material in this E-mail is strictly forbidden.
Please also take note of our privacy notice, which you can find on our webpage.