search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.25k stars 2.56k forks source link

Investigate making J-PAKE API more convenient for applications and drivers #7718

Open davidhorstmann-arm opened 1 year ago

davidhorstmann-arm commented 1 year ago

We would like to change the PSA J-PAKE API to remove the restrictions on the order in which psa_pake_output() and psa_pake_input() are called. This makes the API much more convenient for application developers.

However, we would also like to retain the ordering restriction for the order in which driver functions are called. This simplifies the writing of J-PAKE drivers.

We may do this by caching the required values in the driver dispatch layer and passing them to the driver at the end.

Goals of this task:

Extra considerations

If we are already caching values, we might want to simplify the J-PAKE driver API, for example to be more similar to the legacy Mbed TLS EC J-PAKE API, which takes / provides all values at once at the end of a round.

However, in doing this we will need to consider cases where PSA implementations are "stacked" on top of one another, e.g. where a secure element uses the PSA API to call its internal Mbed TLS and implements a driver on top of that. It should be easy to implement a PSA driver on top of the corresponding PSA API.

davidhorstmann-arm commented 1 year ago

See also #7709.

davidhorstmann-arm commented 8 months ago

PSA API changes being discussed upstream: ARM-software/psa-api#157