TF-PSA-Crypto 1.0 and Mbed TLS 4.0 will only support specific ECC-based mechanisms: ECDH, ECDSA, ECJPAKE (also planned in 4.x: EdDSA, SPAKE2+). Unlike Mbed TLS ≤3.5, there are no longer any public functions to do ECC arithmetic such as mbedtls_ecp_mul. Users who need a diffferent ECC mechanism (e.g. a new ECC-based PAKE) must contribute an implementation and wait for the next release.
Should TF-PSA-Crypto offer an ECC arithmetic API, allowing users to implement custom ECC mechanisms?
Architectural decision: we are not going to provide an API for custom ECC mechanisms in TF-PSA-Crypto 1.0. We may add such a mechanism later based on demand.
TF-PSA-Crypto 1.0 and Mbed TLS 4.0 will only support specific ECC-based mechanisms: ECDH, ECDSA, ECJPAKE (also planned in 4.x: EdDSA, SPAKE2+). Unlike Mbed TLS ≤3.5, there are no longer any public functions to do ECC arithmetic such as
mbedtls_ecp_mul
. Users who need a diffferent ECC mechanism (e.g. a new ECC-based PAKE) must contribute an implementation and wait for the next release.Should TF-PSA-Crypto offer an ECC arithmetic API, allowing users to implement custom ECC mechanisms?
Mailing list thread: https://lists.trustedfirmware.org/archives/list/mbed-tls@lists.trustedfirmware.org/thread/NGVJ23DUM557WWBAE5JIQQ2U5DHXRBZ7/