Hi,
I am using mbedTLS v3.0.0 on a low performance CPU on a non-threaded environment, a custom task manager, which is not a preemptive operating system.
I have been using MBEDTLS_ECP_RESTARTABLE so even the long ECC calculations during the handshake periodically returned so the external logic and task manager could run without being blocked for too long.
Recently an IoT SAFE implementation was introduced through PSA API. It is used for RNG and verification calculation, but not for ECDSA and ECDH during key exchange. PSA API is designed for threaded environments and can not simultaneously use MBEDTLS_ECP_RESTARTABLE. Now the ECC functions block for several seconds.
Do you have a recommendation on how to use PSA on non-threaded environments, or how to inject external logic execution during these long ECC operations?
Thanks, Gergely
Hi Gergely,
Currently the only solution with the PSA crypto API is to have preemption in the runtime environment.
We do plan to add a PSA Crypto equivalent of MBEDTLS_ECP_RESTARTABLE and implement that in Mbed TLS, but it isn't scheduled yet. I've just created an epic for it https://github.com/orgs/Mbed-TLS/projects/1#column-18816849 “PSA restartable operations”. I'm afraid we're unlikely to start work until we've completed many of the already existing epics.
Best regards,
mbed-tls@lists.trustedfirmware.org
-
gergely.nagymate@generalmechatronics.com -
Gilles Peskine