13 May
2020
13 May
'20
8:51 p.m.
Hello,
If you enable the use PSA for cryptography in TLS (MBEDTLS_USE_PSA_CRYPTO) and configure the PSK with mbedtls_ssl_conf_psk_opaque(), the key derivation is done through the PSA API. You can then keep your key in the secure world. You'll need to have a PSA crypto implementation where the PSA crypto core is in the secure world and the frontend is in the application that performs the TLS handshake. PSA crypto is designed for this, but you or your TEE vendor will need to port the Mbed TLS code to your platform.
--
Gilles Peskine
Mbed TLS developer
On 13/05/2020 11:10, mayuri janawad via mbed-tls wrote:
> Hello,
>
> I am currently trying to establish pre shared key based tls handshake
> using mbedtls. However, I want to store the pre shared key in the
> trustzone and derive the session key inside the trustzone. Is it
> possible using mbedtls? Can I provide alternate implementation for psk
> based tls in mbedtls library?
>
> It would be really helpful if this could be answered as soon as
> possible. Thank you in advance for your assistance.
>
> Regards,
> Mayuri Janawad
>