FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

MbedTLS3 and CAAM driver for Non-PSA operations

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MbedTLS3 and CAAM driver for Non-PSA operations

2 weeks ago
403 Views
jslota13245
Contributor III

Dear Everyone,

We followed the deprecation note about the mbedTLS 2 and we did an update to mbedTLS3. We found out that NXP has two repositories of mbedTLS.

(ver 2.x deprecated)
https://github.com/nxp-mcuxpresso/mbedtls

(ver 3.x)
https://github.com/NXP/nxp_mbedtls

We found it by reading through the yaml file which sdk uses - we're wondering if we'll lose performance if we choose ver 3x and won't use PSA API?

Version 2 provided a set of alternate functions through port/ksdk which could be used to delegate cryptographic operations to CAAM driver like ksdk_mbedtls:

https://github.com/nxp-mcuxpresso/mbedtls/blob/release/25.06.00/port/ksdk/ksdk_mbedtls.c

We use raw CAAM driver through fsl_caam for aes256 encryption and we would like to use mbedtls to generate a pair of ecdsa keys. Our goal is to have mbedTLS3 and delegate all possible jobs to CAAM hardware - if anyone knows an application note/port done or a guideline on how to design such it would be great.

Thank you for any support

Tags (2)
0 Kudos
Reply
2 Replies

2 weeks ago
342 Views
jslota13245
Contributor III

Also minor info, we're using imxrt1176 and have a FreeRTOS on it, do we read the port right that the mbedtls_ksdk.c:
672 - 674

https://github.com/nxp-mcuxpresso/mbedtls/blob/release/25.06.00/port/ksdk/ksdk_mbedtls.c


#endif /* MBEDTLS_THREADING_C */
if (ctx->mode == MBEDTLS_DES_ENCRYPT) {
status = CAAM_DES_EncryptEcb(CAAM_INSTANCE, &s_caamHandle, input, output, 8, key);

Does this port use blocking operations? So that the other FreeRTOS Threads are blocked - we found this port to be used in freertos examples of mbedtls so it was a surprise for us

0 Kudos
Reply

a week ago
157 Views
Sam_Gao
NXP Employee
NXP Employee

Hi,

It seems there are mbedtls and mebedtls 3.x in the SDK as following, and CAAM(Cryptographic Acceleration and Assurance Module) example as well. 

https://mcuxpresso.nxp.com/mcuxsdk/latest/html/examples/driver_examples/caam/readme.html 

https://mcuxpresso.nxp.com/mcuxsdk/latest/html/examples/mbedtls3x_examples/index.html 

https://mcuxpresso.nxp.com/mcuxsdk/latest/html/examples/mbedtls_examples/index.html 

 

Yes, it is a blocking operation.

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-2290143%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3EMbedTLS3%20and%20CAAM%20driver%20for%20Non-PSA%20operations%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2290143%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EDear%20Everyone%2C%3C%2FP%3E%3CP%3EWe%20followed%20the%20deprecation%20note%20about%20the%20mbedTLS%202%20and%20we%20did%20an%20update%20to%20mbedTLS3.%20We%20found%20out%20that%20NXP%20has%20two%20repositories%20of%20mbedTLS.%3C%2FP%3E%3CP%3E(ver%202.x%20deprecated)%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fnxp-mcuxpresso%2Fmbedtls%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fnxp-mcuxpresso%2Fmbedtls%3C%2FA%3E%3C%2FP%3E%3CP%3E(ver%203.x)%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FNXP%2Fnxp_mbedtls%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FNXP%2Fnxp_mbedtls%3C%2FA%3E%3C%2FP%3E%3CP%3EWe%20found%20it%20by%20reading%20through%20the%20yaml%20file%20which%20sdk%20uses%20-%20we're%20wondering%20if%20we'll%20lose%20performance%20if%20we%20choose%20ver%203x%20and%20won't%20use%20PSA%20API%3F%3C%2FP%3E%3CP%3EVersion%202%20provided%20a%20set%20of%20alternate%20functions%20through%20port%2Fksdk%20which%20could%20be%20used%20to%20delegate%20cryptographic%20operations%20to%20CAAM%20driver%20like%20ksdk_mbedtls%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fnxp-mcuxpresso%2Fmbedtls%2Fblob%2Frelease%2F25.06.00%2Fport%2Fksdk%2Fksdk_mbedtls.c%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fnxp-mcuxpresso%2Fmbedtls%2Fblob%2Frelease%2F25.06.00%2Fport%2Fksdk%2Fksdk_mbedtls.c%3C%2FA%3E%3C%2FP%3E%3CP%3EWe%20use%20raw%20CAAM%20driver%20through%20fsl_caam%20for%20aes256%20encryption%20and%20we%20would%20like%20to%20use%20mbedtls%20to%20generate%20a%20pair%20of%20ecdsa%20keys.%3CSTRONG%3E%20Our%20goal%20is%20to%20have%20mbedTLS3%20and%20delegate%20all%20possible%20jobs%20to%20CAAM%20hardware%3C%2FSTRONG%3E%20-%20if%20anyone%20knows%20an%20application%20note%2Fport%20done%20or%20a%20guideline%20on%20how%20to%20design%20such%20it%20would%20be%20great.%3C%2FP%3E%3CP%3EThank%20you%20for%20any%20support%20%3CLI-EMOJI%20id%3D%22lia_slightly-smiling-face%22%20title%3D%22%3Aslightly_smiling_face%3A%22%3E%3C%2FLI-EMOJI%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2290860%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20MbedTLS3%20and%20CAAM%20driver%20for%20Non-PSA%20operations%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2290860%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EAlso%20minor%20info%2C%20we're%20using%20imxrt1176%20and%20have%20a%20FreeRTOS%20on%20it%2C%20do%20we%20read%20the%20port%20right%20that%20the%20mbedtls_ksdk.c%3A%3CBR%20%2F%3E672%20-%20674%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fnxp-mcuxpresso%2Fmbedtls%2Fblob%2Frelease%2F25.06.00%2Fport%2Fksdk%2Fksdk_mbedtls.c%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fnxp-mcuxpresso%2Fmbedtls%2Fblob%2Frelease%2F25.06.00%2Fport%2Fksdk%2Fksdk_mbedtls.c%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%23endif%20%2F*%20MBEDTLS_THREADING_C%20*%2F%3CBR%20%2F%3Eif%20(ctx-%26gt%3Bmode%20%3D%3D%20MBEDTLS_DES_ENCRYPT)%20%7B%3CBR%20%2F%3Estatus%20%3D%20CAAM_DES_EncryptEcb(CAAM_INSTANCE%2C%20%26amp%3Bs_caamHandle%2C%20input%2C%20output%2C%208%2C%20key)%3B%3CBR%20%2F%3E%3CBR%20%2F%3EDoes%20this%20port%20use%20blocking%20operations%3F%20So%20that%20the%20other%20FreeRTOS%20Threads%20are%20blocked%20-%20we%20found%20this%20port%20to%20be%20used%20in%20freertos%20examples%20of%20mbedtls%20so%20it%20was%20a%20surprise%20for%20us%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2293190%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20MbedTLS3%20and%20CAAM%20driver%20for%20Non-PSA%20operations%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2293190%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3EIt%20seems%20there%20are%20mbedtls%20and%20mebedtls%203.x%20in%20the%20SDK%20as%20following%2C%20and%20CAAM(%3CSPAN%3ECryptographic%20Acceleration%20and%20Assurance%20Module%3C%2FSPAN%3E)%20example%20as%20well.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmcuxpresso.nxp.com%2Fmcuxsdk%2Flatest%2Fhtml%2Fexamples%2Fdriver_examples%2Fcaam%2Freadme.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmcuxpresso.nxp.com%2Fmcuxsdk%2Flatest%2Fhtml%2Fexamples%2Fdriver_examples%2Fcaam%2Freadme.html%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmcuxpresso.nxp.com%2Fmcuxsdk%2Flatest%2Fhtml%2Fexamples%2Fmbedtls3x_examples%2Findex.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmcuxpresso.nxp.com%2Fmcuxsdk%2Flatest%2Fhtml%2Fexamples%2Fmbedtls3x_examples%2Findex.html%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmcuxpresso.nxp.com%2Fmcuxsdk%2Flatest%2Fhtml%2Fexamples%2Fmbedtls_examples%2Findex.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmcuxpresso.nxp.com%2Fmcuxsdk%2Flatest%2Fhtml%2Fexamples%2Fmbedtls_examples%2Findex.html%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3EYes%2C%20it%20is%20a%26nbsp%3B%3CSPAN%3Eblocking%20operation.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E