PSA Crypto API of TLS1.3?

Changhawn · ‎01-13-2025

Hi~

In order to implement the vehicle charging communication(iso15118-20) standard,
it seems that TLS1.3 should be implemented as NXP HSE Base.

But I know that NXP HSE is not support TLS1.3.
NXP HSE does not currently support PSA Crypto API, is it correct to disable MBEDTLS_PSA_CRYPTO_C Feature?

Shouldn't NXP provide HSE's PSA Crypto related API?

Are there any schedules to support TLS1.3 as NXP HSE Base?

Thank u.

Changhawn · ‎01-14-2025

Since there are no questions, I would like to ask a more specific question.

The functions below are PSA Crypto functions that need to be filled in when porting to TLS1.3. If you have implemented source code or examples, please share them.

psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key)
{
/* TLS1.3 DEV, FIXME LATOR */
return -1;
}
psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
uint8_t *data_external,
size_t data_size,
size_t *data_length)
{
/* TLS1.3 DEV, FIXME LATOR */
return -1;
}
psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
const uint8_t *data_external,
size_t data_length,
mbedtls_svc_key_id_t *key)
{
/* TLS1.3 DEV, FIXME LATOR by Chang */
return -1;
}
psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
uint8_t *data_external,
size_t data_size,
size_t *data_length)
{
/* TLS1.3 DEV, FIXME LATOR */
return -1;
}

psa_status_t psa_generate_random(uint8_t *output_external,
size_t output_size)
{
/* TLS1.3 DEV, FIXME LATOR */
return -1;
}
psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
psa_key_attributes_t *attributes)
{
/* TLS1.3 DEV, FIXME LATOR */
return -1;
}
psa_status_t psa_hash_compute(psa_algorithm_t alg,
const uint8_t *input_external, size_t input_length,
uint8_t *hash_external, size_t hash_size,
size_t *hash_length)
{
/* TLS1.3 DEV, FIXME LATOR */
return -1;
}
psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
{
/* TLS1.3 DEV, FIXME LATOR */
return -1;
}
psa_status_t psa_key_derivation_output_bytes(
psa_key_derivation_operation_t *operation,
uint8_t *output_external,
size_t output_length)
{
/* TLS1.3 DEV, FIXME LATOR */
return -1;
}
psa_status_t psa_key_derivation_input_bytes(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
const uint8_t *data_external,
size_t data_length)
{
/* TLS1.3 DEV, FIXME LATOR */
return -1;
}
psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
psa_algorithm_t alg)
{
/* TLS1.3 DEV, FIXME LATOR */
return -1;
}
psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input_external,
size_t input_length,
uint8_t *mac_external,
size_t mac_size,
size_t *mac_length)
{
/* TLS1.3 DEV, FIXME LATOR */
return -1;
}

VaneB · ‎01-15-2025

Hi @Changhawn

Our current MbedTLS middleware stack supports Transport Layer Security (TLS) Protocol Version 1.2, along with security features provided by the Hardware Security Engine (HSE). Unfortunately, there is no available information regarding support for TLS Protocol Version 1.3 at this time.

BR, VaneB