An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
We would like to change the PSA J-PAKE API to remove the restrictions on the order in which psa_pake_output() and psa_pake_input() are called. This makes the API much more convenient for application developers.
However, we would also like to retain the ordering restriction for the order in which driver functions are called. This simplifies the writing of J-PAKE drivers.
We may do this by caching the required values in the driver dispatch layer and passing them to the driver at the end.
Goals of this task:
Prototype the implementation of this caching in the driver dispatch layer
Measure the effect on code size and performance
Discover any problems with this approach
Extra considerations
If we are already caching values, we might want to simplify the J-PAKE driver API, for example to be more similar to the legacy Mbed TLS EC J-PAKE API, which takes / provides all values at once at the end of a round.
However, in doing this we will need to consider cases where PSA implementations are "stacked" on top of one another, e.g. where a secure element uses the PSA API to call its internal Mbed TLS and implements a driver on top of that. It should be easy to implement a PSA driver on top of the corresponding PSA API.
We would like to change the PSA J-PAKE API to remove the restrictions on the order in which
psa_pake_output()
andpsa_pake_input()
are called. This makes the API much more convenient for application developers.However, we would also like to retain the ordering restriction for the order in which driver functions are called. This simplifies the writing of J-PAKE drivers.
We may do this by caching the required values in the driver dispatch layer and passing them to the driver at the end.
Goals of this task:
Extra considerations
If we are already caching values, we might want to simplify the J-PAKE driver API, for example to be more similar to the legacy Mbed TLS EC J-PAKE API, which takes / provides all values at once at the end of a round.
However, in doing this we will need to consider cases where PSA implementations are "stacked" on top of one another, e.g. where a secure element uses the PSA API to call its internal Mbed TLS and implements a driver on top of that. It should be easy to implement a PSA driver on top of the corresponding PSA API.