Hi, I’m working with Mbed TLS 2.28.x on a microcontroller that provides a built-in crypto engine. The existing *_ALT support works fine for performance, and higher-level modules correctly route their block operations through the accelerated backend. On this platform the crypto hardware can also use internal key material stored in dedicated slots. These values are not accessible as byte arrays and cannot be passed to the usual setkey_*() API. Question Is there a recommended way to configure an ALT implementation so that it can select an internal key slot instead of receiving a buffer? Or, more generally, how should an ALT backend represent a key that is not exposed to software? Any guidance on the intended design would be appreciated. Thanks!
Massimiliano Cialdi FIRMWARE ENGINEERING PROFESSIONAL LEADER
Powersoft S.p.A. Via E. Conti, 5 - Scandicci (Fi) 50018 - Italy OFFICE: +39 055 7350230 [cid:2_3b23bc2c-3db3-4330-b6f5-3fb62b89422a.png]https://www.facebook.com/powersoft/[cid:3_7da2eb67-7c7f-41e6-9598-128bdd52ec04.png]https://www.instagram.com/powersoft.official/[cid:4_a5d469e7-3228-4fb1-948d-4c3e879ea0da.png]https://www.youtube.com/@powersoftaudio[cid:5_e4390674-51fd-4219-9389-28ae9a12796d.png]https://www.linkedin.com/company/powersoft[cid:6_083a55f9-076c-4d52-9f93-69225b28cb32.png]https://open.spotify.com/show/6lwXROYcCyrVnJi6J9fA42[cid:7_7fd8585e-63fd-441a-95f3-6c0b23d059e1.png]https://x.com/Powersoft_Japan[cid:8_6308aaa9-b97d-405b-a86c-0300a381d13f.png]https://space.bilibili.com/3546387314641333[cid:9_9af1e42f-0019-42c4-8046-d6246e65ed9e.png]https://teams.microsoft.com/l/chat/0/0?users=massimiliano.cialdi@powersoft.com [cid:pwsrgbn_12214209-f50f-45fa-be18-2a4cf1a5818a.png]https://www.powersoft.com/en
Hi Massimiliano,
First, please note that Mbed TLS 2.28 is no longer maintained and has known vulnerabilities. I strongly recommend that you use Mbed TLS 3.6 (the only long-time support branch we currently maintain) or TF-PSA-Crypto 1.0 (latest release).
Regarding ALT implementations, they don't support opaque keys. That was one of the problems that we set out to solve with the API changes from Mbed TLS legacy (mbedtls_xxx) to PSA (psa_xxx). PSA makes all keys opaque to the application except through explicit import/export, and can make keys opaque to the main processor through opaque drivers. The basic features are supported in Mbed TLS 2.28, but driver support significantly improved in later versions. Writing drivers is not very well documented and requires editing some files; we're working on improving that.
Some relevant documentation:
* PSA driver tutorial: https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/docs/psa-driver-example... * PSA driver developer's guide: https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/docs/proposed/psa-drive... * PSA transition guide, if you have code that's using legacy APIs: https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/docs/psa-transition.md
For some very specific use cases, there are other ways to bypass the low-level crypto APIs: MBEDTLS_PK_RSA_ALT_SUPPORT lets you have opaque RSA keys through PK/X.509/TLS in Mbed TLS up to 3.6.x, and MBEDTLS_SSL_ASYNC_PRIVATE lets you use an opaque RSA or ECDSA key as a TLS server's signing key.
Best regards,
mbed-tls@lists.trustedfirmware.org
-
Gilles Peskine -
Massimiliano Cialdi