Mbed Crypto H/W Acceleration (rm_psa_crypto)

Functions
int	mbedtls_platform_setup (mbedtls_platform_context *ctx)
void	mbedtls_platform_teardown (mbedtls_platform_context *ctx)
fsp_err_t	RM_PSA_CRYPTO_TRNG_Read (uint8_t *const p_rngbuf, uint32_t num_req_bytes, uint32_t *p_num_gen_bytes)
	Reads requested length of random data from the TRNG. Generate nbytes of random bytes and store them in p_rngbuf buffer. More...

Detailed Description

Hardware acceleration for the mbedCrypto implementation of the Arm PSA Crypto API.

Overview

Note

The PSA Crypto module does not provide any interfaces to the user. This release uses the mbedTLS version 3.6.2 which conforms to the PSA Crypto API 1.0 specification. Consult the Arm documentation at https://armmbed.github.io/mbed-crypto/psa/#application-programming-interface for further information. FSP 3.0 onward adopts a change by Arm where mbedCrypto has been integrated back to MbedTLS and the term mbedCrypto has been deprecated. The mbedCrypto term in FSP now refers to the crypto portion of the MbedTLS module.

HW Overview

Crypto Peripheral version	Devices
RSIP-E51A	RA8M1, RA8D1, RA8T1
RSIP-E50D	RA8P1
RSIP-E31A	RA4C1
RSIP-E11A	RA4L1
SCE9	RA6M4, RA4M3, RA4M2, RA6M5
SCE7	RA6M3, RA6M2, RA6M1, RA6T1
SCE5	RA4W1, RA4M1
SCE5B	RA6T2
AES Engine	RA2A1, RA2E1, RA2E2, RA2L1
AES Engine 2	RA2A2
TRNG	RA0E1, RA0E2, RA2L2, RA4E1, RA4E2, RA4T1, RA6E1, RA6E2, RA6T3, RA8E1, RA8E2

Features

		AES Engine	AES Engine 2	SCE5	SCE5_B	SCE7	SCE9	RSIP-E11A	RSIP-E31A	RSIP-E51A	RSIP-E50D
TRNG		Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Hash	SHA224, SHA256	–	–	–	–	Yes	Yes	Yes	Yes	Yes	Yes
	SHA384, SHA512	–	–	–	–	–	–	–	Yes	Yes	Yes
	SHA3-(224/256/384/512)	–	–	–	–	–	–	–	–	–	Yes
MAC	HMAC-SHA224, HMAC-SHA256	–	–	–	–	Yes	Yes	Yes	Yes	Yes	Yes
	HMAC-SHA384, HMAC-SHA512	–	–	–	–	–	–	–	Yes	Yes	Yes
	AES128-CMAC	–	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
	AES192-CMAC	–	–	–	–	–	–	–	–	Yes	Yes
	AES256-CMAC	–	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
AES	AES128-ECB, CBC, CTR	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
	AES128-XTS	–	–	–	–	Yes	Yes	–	–	Yes	Yes
	AES128-GCM, GMAC, CCM	–	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
	AES192-ECB, CBC, CTR	–	–	–	–	Yes	Yes	–	–	Yes	Yes
	AES192-GCM, GMAC, CCM	–	–	–	–	Yes	Yes	–	–	Yes	Yes
	AES256-ECB, CBC, CTR	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
	AES256-XTS	–	–	–	–	Yes	Yes	–	–	Yes	Yes
	AES256-GCM, GMAC, CCM	–	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
	Key generation - plaintext	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
	Key generation - wrapped	–	–	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
ChaCha	ChaCha20	–	–	–	–	–	–	–	–	–	Yes
	ChaCha20-Poly1305	–	–	–	–	–	–	–	–	–	Yes
ECC	secp256r1	–	–	–	–	Yes	Yes	Yes	Yes	Yes	Yes
	secp384r1	–	–	–	–	Yes	Yes	–	Yes	Yes	Yes
	secp521r1	–	–	–	–	–	–	–	–	Yes	Yes
	Brainpool256r1	–	–	–	–	Yes	Yes	–	Yes	Yes	Yes
	Brainpool384r1	–	–	–	–	Yes	Yes	–	Yes	Yes	Yes
	Key generation - plaintext	–	–	–	–	Yes	Yes	–	–	–	–
	Key generation - wrapped	–	–	–	–	–	Yes	Yes	Yes	Yes	Yes
RSA	RSA-1024	–	–	–	–	–	Yes	–	–	Yes	Yes
	RSA-2048	–	–	–	–	Yes	Yes	–	–	Yes	Yes
	RSA-3072	–	–	–	–	–	(1)	–	–	Yes	Yes
	RSA-4096	–	–	–	–	–	(1)	–	–	Yes	Yes
	Key generation - plaintext	–	–	–	–	Yes	–	–	–	–	–
	Key generation - wrapped	–	–	–	–	Yes	(2)	–	–	(3)	(3)

Note

1. Signature verification only
2. RSA-1024 and RSA-2048 only
3. RSA-2048, RSA-3072, RSA-4096 only

Configuration

Build Time Configurations for mbedCrypto

The following build time configurations are defined in arm/mbedtls/config.h:

Configuration	Options	Default	Description
Hardware Acceleration
Hardware Acceleration > Key Format
AES	MCU Specific Options		Select AES key formats used
ECC	MCU Specific Options		Select ECC key formats used
RSA	MCU Specific Options		Select RSA key formats used
Hardware Acceleration > Hash
SHA256/224	MCU Specific Options		Defines MBEDTLS_SHA256_ALT and MBEDTLS_SHA256_PROCESS_ALT.
SHA512/384	MCU Specific Options		Defines MBEDTLS_SHA512_ALT and MBEDTLS_SHA512_PROCESS_ALT.
SHA3_224/256/384/512	MCU Specific Options		Defines MBEDTLS_SHA3_ALT and MBEDTLS_SHA3_PROCESS_ALT.
Hardware Acceleration > Cipher
AES	MCU Specific Options		Defines MBEDTLS_AES_ALT, MBEDTLS_AES_SETKEY_ENC_ALT, MBEDTLS_AES_SETKEY_DEC_ALT, MBEDTLS_AES_ENCRYPT_ALT and MBEDTLS_AES_DECRYPT_ALT
Hardware Acceleration > Public Key Cryptography (PKC)
Hardware Acceleration > Public Key Cryptography (PKC) > RSA 3072
Key Generation	MCU Specific Options		Enables RSA 3072 Key Generation.
Signing	MCU Specific Options		Enables RSA 3072 Key Signing.
Verification	MCU Specific Options		Enables RSA 3072 Verify.
Hardware Acceleration > Public Key Cryptography (PKC) > RSA 4096
Key Generation	MCU Specific Options		Enables RSA 4096 Key Generation.
Signing	MCU Specific Options		Enables RSA 4096 Key Signing.
Verification	MCU Specific Options		Enables RSA 4096 Verify.
ECC	MCU Specific Options		Defines MBEDTLS_ECP_ALT
ECDSA	MCU Specific Options		Defines MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_VERIFY_ALT
ECDH	MCU Specific Options		Defines MBEDTLS_ECDH_ALT
RSA 1024	MCU Specific Options		Defines MBEDTLS_RSA_1024_ALT. RSA 1024 Key Generation, Signing and Verification are also enabled.
RSA 2048	MCU Specific Options		Defines MBEDTLS_RSA_ALT. RSA 2048 Key Generation, Signing and Verification are also enabled.
TRNG	Enabled	Enabled	Defines MBEDTLS_ENTROPY_HARDWARE_ALT.
Crypto Engine Initialization	Enabled	Enabled	MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
Platform
Platform > Alternate
MBEDTLS_PLATFORM_SETBUF_ALT	Define Undefine	Undefine	MBEDTLS_PLATFORM_SETBUF_ALT
MBEDTLS_PLATFORM_EXIT_ALT	Define Undefine	Undefine	MBEDTLS_PLATFORM_EXIT_ALT
MBEDTLS_PLATFORM_TIME_ALT	Define Undefine	Undefine	MBEDTLS_PLATFORM_TIME_ALT
MBEDTLS_PLATFORM_FPRINTF_ALT	Define Undefine	Undefine	MBEDTLS_PLATFORM_FPRINTF_ALT
MBEDTLS_PLATFORM_PRINTF_ALT	Define Undefine	Undefine	MBEDTLS_PLATFORM_PRINTF_ALT
MBEDTLS_PLATFORM_SNPRINTF_ALT	Define Undefine	Undefine	MBEDTLS_PLATFORM_SNPRINTF_ALT
MBEDTLS_PLATFORM_VSNPRINTF_ALT	Define Undefine	Undefine	MBEDTLS_PLATFORM_VSNPRINTF_ALT
MBEDTLS_PLATFORM_NV_SEED_ALT	Define Undefine	Undefine	MBEDTLS_PLATFORM_NV_SEED_ALT
MBEDTLS_PLATFORM_MS_TIME_ALT	Define Undefine	Undefine	MBEDTLS_PLATFORM_MS_TIME_ALT
MBEDTLS_PLATFORM_ZEROIZE_ALT	Define Undefine	Undefine	MBEDTLS_PLATFORM_ZEROIZE_ALT
MBEDTLS_PLATFORM_GMTIME_R_ALT	Define Undefine	Undefine	MBEDTLS_PLATFORM_GMTIME_R_ALT
MBEDTLS_HAVE_ASM	Define Undefine	Undefine	MBEDTLS_HAVE_ASM
MBEDTLS_NO_UDBL_DIVISION	Define Undefine	Undefine	MBEDTLS_NO_UDBL_DIVISION
MBEDTLS_NO_64BIT_MULTIPLICATION	Define Undefine	Undefine	MBEDTLS_NO_64BIT_MULTIPLICATION
MBEDTLS_HAVE_SSE2	Define Undefine	Undefine	MBEDTLS_HAVE_SSE2
MBEDTLS_HAVE_TIME	Define Undefine	Undefine	MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME_DATE	Define Undefine	Undefine	MBEDTLS_HAVE_TIME_DATE
MBEDTLS_PLATFORM_MEMORY	Define Undefine	Define	MBEDTLS_PLATFORM_MEMORY
MBEDTLS_PLATFORM_NO_STD_FUNCTIONS	Define Undefine	Undefine	MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
MBEDTLS_TIMING_ALT	Define Undefine	Undefine	MBEDTLS_TIMING_ALT
MBEDTLS_NO_PLATFORM_ENTROPY	Define Undefine	Define	MBEDTLS_NO_PLATFORM_ENTROPY
MBEDTLS_ENTROPY_C	Define Undefine	Define	MBEDTLS_ENTROPY_C
MBEDTLS_PLATFORM_C	Define Undefine	Define	MBEDTLS_PLATFORM_C
MBEDTLS_PLATFORM_STD_CALLOC	Define Undefine	Undefine	MBEDTLS_PLATFORM_STD_CALLOC
MBEDTLS_PLATFORM_STD_CALLOC value	Manual Entry	calloc	MBEDTLS_PLATFORM_STD_CALLOC value
MBEDTLS_PLATFORM_STD_FREE	Define Undefine	Undefine	MBEDTLS_PLATFORM_STD_FREE
MBEDTLS_PLATFORM_STD_FREE value	Manual Entry	free	MBEDTLS_PLATFORM_STD_FREE value
MBEDTLS_PLATFORM_STD_SETBUF	Define Undefine	Undefine	MBEDTLS_PLATFORM_STD_SETBUF
MBEDTLS_PLATFORM_STD_SETBUF value	Manual Entry	setbuf	MBEDTLS_PLATFORM_STD_SETBUF value
MBEDTLS_PLATFORM_STD_EXIT	Define Undefine	Undefine	MBEDTLS_PLATFORM_STD_EXIT
MBEDTLS_PLATFORM_STD_EXIT value	Manual Entry	exit	MBEDTLS_PLATFORM_STD_EXIT value
MBEDTLS_PLATFORM_STD_TIME	Define Undefine	Undefine	MBEDTLS_PLATFORM_STD_TIME
MBEDTLS_PLATFORM_STD_TIME value	Manual Entry	time	MBEDTLS_PLATFORM_STD_TIME value
MBEDTLS_PLATFORM_STD_FPRINTF	Define Undefine	Undefine	MBEDTLS_PLATFORM_STD_FPRINTF
MBEDTLS_PLATFORM_STD_FPRINTF value	Manual Entry	fprintf	MBEDTLS_PLATFORM_STD_FPRINTF value
MBEDTLS_PLATFORM_STD_PRINTF	Define Undefine	Undefine	MBEDTLS_PLATFORM_STD_PRINTF
MBEDTLS_PLATFORM_STD_PRINTF value	Manual Entry	printf	MBEDTLS_PLATFORM_STD_PRINTF value
MBEDTLS_PLATFORM_STD_SNPRINTF	Define Undefine	Undefine	MBEDTLS_PLATFORM_STD_SNPRINTF
MBEDTLS_PLATFORM_STD_SNPRINTF value	Manual Entry	snprintf	MBEDTLS_PLATFORM_STD_SNPRINTF value
MBEDTLS_PLATFORM_STD_EXIT_SUCCESS	Define Undefine	Undefine	MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
MBEDTLS_PLATFORM_STD_EXIT_SUCCESS value	Manual Entry	0	MBEDTLS_PLATFORM_STD_EXIT_SUCCESS value
MBEDTLS_PLATFORM_STD_EXIT_FAILURE	Define Undefine	Undefine	MBEDTLS_PLATFORM_STD_EXIT_FAILURE
MBEDTLS_PLATFORM_STD_EXIT_FAILURE value	Manual Entry	1	MBEDTLS_PLATFORM_STD_EXIT_FAILURE value
MBEDTLS_PLATFORM_STD_NV_SEED_READ	Define Undefine	Undefine	MBEDTLS_PLATFORM_STD_NV_SEED_READ
MBEDTLS_PLATFORM_STD_NV_SEED_READ value	Manual Entry	mbedtls_platform_std_nv_seed_read	MBEDTLS_PLATFORM_STD_NV_SEED_READ value
MBEDTLS_PLATFORM_STD_NV_SEED_WRITE	Define Undefine	Undefine	MBEDTLS_PLATFORM_STD_NV_SEED_WRITE
MBEDTLS_PLATFORM_STD_NV_SEED_WRITE value	Manual Entry	mbedtls_platform_std_nv_seed_write	MBEDTLS_PLATFORM_STD_NV_SEED_WRITE value
MBEDTLS_PLATFORM_STD_NV_SEED_FILE	Define Undefine	Undefine	MBEDTLS_PLATFORM_STD_NV_SEED_FILE
MBEDTLS_PLATFORM_STD_NV_SEED_FILE value	Manual Entry		MBEDTLS_PLATFORM_STD_NV_SEED_FILE value
MBEDTLS_PLATFORM_CALLOC_MACRO	Define Undefine	Undefine	MBEDTLS_PLATFORM_CALLOC_MACRO
MBEDTLS_PLATFORM_CALLOC_MACRO value	Manual Entry	calloc	MBEDTLS_PLATFORM_CALLOC_MACRO value
MBEDTLS_PLATFORM_FREE_MACRO	Define Undefine	Undefine	MBEDTLS_PLATFORM_FREE_MACRO
MBEDTLS_PLATFORM_FREE_MACRO value	Manual Entry	free	MBEDTLS_PLATFORM_FREE_MACRO value
MBEDTLS_PLATFORM_EXIT_MACRO	Define Undefine	Undefine	MBEDTLS_PLATFORM_EXIT_MACRO
MBEDTLS_PLATFORM_EXIT_MACRO value	Manual Entry	exit	MBEDTLS_PLATFORM_EXIT_MACRO value
MBEDTLS_PLATFORM_SETBUF_MACRO	Define Undefine	Define	MBEDTLS_PLATFORM_SETBUF_MACRO
MBEDTLS_PLATFORM_SETBUF_MACRO value	Manual Entry	dummy_setbuf	MBEDTLS_PLATFORM_SETBUF_MACRO value
MBEDTLS_PLATFORM_TIME_MACRO	Define Undefine	Undefine	MBEDTLS_PLATFORM_TIME_MACRO
MBEDTLS_PLATFORM_TIME_MACRO value	Manual Entry	time	MBEDTLS_PLATFORM_TIME_MACRO value
MBEDTLS_PLATFORM_TIME_TYPE_MACRO	Define Undefine	Undefine	MBEDTLS_PLATFORM_TIME_TYPE_MACRO
MBEDTLS_PLATFORM_TIME_TYPE_MACRO value	Manual Entry	time_t	MBEDTLS_PLATFORM_TIME_TYPE_MACRO value
MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO	Define Undefine	Undefine	MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO
MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO value	Manual Entry	int64_t	MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO value
MBEDTLS_PRINTF_MS_TIME	Define Undefine	Undefine	MBEDTLS_PRINTF_MS_TIME
MBEDTLS_PRINTF_MS_TIME value	Manual Entry	PRId64	MBEDTLS_PRINTF_MS_TIME value
MBEDTLS_PLATFORM_FPRINTF_MACRO	Define Undefine	Undefine	MBEDTLS_PLATFORM_FPRINTF_MACRO
MBEDTLS_PLATFORM_FPRINTF_MACRO value	Manual Entry	fprintf	MBEDTLS_PLATFORM_FPRINTF_MACRO value
MBEDTLS_PLATFORM_PRINTF_MACRO	Define Undefine	Undefine	MBEDTLS_PLATFORM_PRINTF_MACRO
MBEDTLS_PLATFORM_PRINTF_MACRO value	Manual Entry	printf	MBEDTLS_PLATFORM_PRINTF_MACRO value
MBEDTLS_PLATFORM_SNPRINTF_MACRO	Define Undefine	Undefine	MBEDTLS_PLATFORM_SNPRINTF_MACRO
MBEDTLS_PLATFORM_SNPRINTF_MACRO value	Manual Entry	snprintf	MBEDTLS_PLATFORM_SNPRINTF_MACRO value
MBEDTLS_PLATFORM_VSNPRINTF_MACRO	Define Undefine	Undefine	MBEDTLS_PLATFORM_VSNPRINTF_MACRO
MBEDTLS_PLATFORM_VSNPRINTF_MACRO value	Manual Entry	vsnprintf	MBEDTLS_PLATFORM_VSNPRINTF_MACRO value
MBEDTLS_PLATFORM_NV_SEED_READ_MACRO	Define Undefine	Undefine	MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
MBEDTLS_PLATFORM_NV_SEED_READ_MACRO value	Manual Entry	mbedtls_platform_std_nv_seed_read	MBEDTLS_PLATFORM_NV_SEED_READ_MACRO value
MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO	Define Undefine	Undefine	MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO value	Manual Entry	mbedtls_platform_std_nv_seed_write	MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO value
General
MBEDTLS_PSA_CRYPTO_DRIVERS	Define Undefine	Undefine	MBEDTLS_PSA_CRYPTO_DRIVERS
MBEDTLS_DEPRECATED_WARNING	Define Undefine	Undefine	MBEDTLS_DEPRECATED_WARNING
MBEDTLS_DEPRECATED_REMOVED	Define Undefine	Define	MBEDTLS_DEPRECATED_REMOVED
MBEDTLS_CHECK_RETURN_WARNING	Define Undefine	Undefine	MBEDTLS_CHECK_RETURN_WARNING
MBEDTLS_ERROR_STRERROR_DUMMY	Define Undefine	Define	MBEDTLS_ERROR_STRERROR_DUMMY
MBEDTLS_MEMORY_DEBUG	Define Undefine	Undefine	MBEDTLS_MEMORY_DEBUG
MBEDTLS_MEMORY_BACKTRACE	Define Undefine	Undefine	MBEDTLS_MEMORY_BACKTRACE
MBEDTLS_PSA_CRYPTO_CLIENT	Define Undefine	Undefine	MBEDTLS_PSA_CRYPTO_CLIENT
MBEDTLS_PSA_CRYPTO_SPM	Define Undefine	Undefine	MBEDTLS_PSA_CRYPTO_SPM
MBEDTLS_PSA_KEY_STORE_DYNAMIC	Define Undefine	Undefine	MBEDTLS_PSA_KEY_STORE_DYNAMIC
MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS	Define Undefine	Undefine	MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
MBEDTLS_SELF_TEST	Define Undefine	Undefine	MBEDTLS_SELF_TEST
MBEDTLS_THREADING_ALT	Define Undefine	Define	MBEDTLS_THREADING_ALT
MBEDTLS_THREADING_PTHREAD	Define Undefine	Undefine	MBEDTLS_THREADING_PTHREAD
MBEDTLS_USE_PSA_CRYPTO	Undefine	Undefine	MBEDTLS_USE_PSA_CRYPTO
MBEDTLS_VERSION_FEATURES	Define Undefine	Define	MBEDTLS_VERSION_FEATURES
MBEDTLS_ERROR_C	Define Undefine	Define	MBEDTLS_ERROR_C
MBEDTLS_MEMORY_BUFFER_ALLOC_C	Define Undefine	Undefine	MBEDTLS_MEMORY_BUFFER_ALLOC_C
MBEDTLS_PSA_CRYPTO_C	Define Undefine	Define	MBEDTLS_PSA_CRYPTO_C
MBEDTLS_PSA_CRYPTO_SE_C	Define Undefine	Undefine	MBEDTLS_PSA_CRYPTO_SE_C
MBEDTLS_THREADING_C	Define Undefine	Define	MBEDTLS_THREADING_C
MBEDTLS_TIMING_C	Define Undefine	Undefine	MBEDTLS_TIMING_C
MBEDTLS_VERSION_C	Define Undefine	Define	MBEDTLS_VERSION_C
MBEDTLS_MEMORY_ALIGN_MULTIPLE	Define Undefine	Undefine	MBEDTLS_MEMORY_ALIGN_MULTIPLE
MBEDTLS_MEMORY_ALIGN_MULTIPLE value	Manual Entry	4	MBEDTLS_MEMORY_ALIGN_MULTIPLE value
MBEDTLS_CHECK_RETURN	Define Undefine	Define	MBEDTLS_CHECK_RETURN
MBEDTLS_IGNORE_RETURN	Define Undefine	Undefine	MBEDTLS_IGNORE_RETURN
MBEDTLS_PSA_CRYPTO_CONFIG	Define Undefine	Undefine	MBEDTLS_PSA_CRYPTO_CONFIG
Cipher
Cipher > Alternate
MBEDTLS_ARIA_ALT	Define Undefine	Undefine	MBEDTLS_ARIA_ALT
MBEDTLS_CAMELLIA_ALT	Define Undefine	Undefine	MBEDTLS_CAMELLIA_ALT
MBEDTLS_CCM_ALT	MCU Specific Options		MBEDTLS_CCM_ALT
MBEDTLS_CHACHA20_ALT	MCU Specific Options		MBEDTLS_CHACHA20_ALT
MBEDTLS_CHACHAPOLY_ALT	MCU Specific Options		MBEDTLS_CHACHAPOLY_ALT
MBEDTLS_CMAC_ALT	MCU Specific Options		MBEDTLS_CMAC_ALT
MBEDTLS_DES_ALT	Define Undefine	Undefine	MBEDTLS_DES_ALT
MBEDTLS_GCM_ALT	MCU Specific Options		MBEDTLS_GCM_ALT
MBEDTLS_NIST_KW_ALT	Define Undefine	Undefine	MBEDTLS_NIST_KW_ALT
MBEDTLS_DES_SETKEY_ALT	Define Undefine	Undefine	MBEDTLS_DES_SETKEY_ALT
MBEDTLS_DES_CRYPT_ECB_ALT	Define Undefine	Undefine	MBEDTLS_DES_CRYPT_ECB_ALT
MBEDTLS_DES3_CRYPT_ECB_ALT	Define Undefine	Undefine	MBEDTLS_DES3_CRYPT_ECB_ALT
Cipher > AES
MBEDTLS_AES_ROM_TABLES	Define Undefine	Undefine	MBEDTLS_AES_ROM_TABLES
MBEDTLS_AES_FEWER_TABLES	Define Undefine	Undefine	MBEDTLS_AES_FEWER_TABLES
MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH	Define Undefine	Undefine	MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
MBEDTLS_CAMELLIA_SMALL_MEMORY	Define Undefine	Undefine	MBEDTLS_CAMELLIA_SMALL_MEMORY
MBEDTLS_CIPHER_MODE_CBC	Define Undefine	Define	MBEDTLS_CIPHER_MODE_CBC
MBEDTLS_CIPHER_MODE_CFB	Define Undefine	Define	MBEDTLS_CIPHER_MODE_CFB
MBEDTLS_CIPHER_MODE_CTR	Define Undefine	Define	MBEDTLS_CIPHER_MODE_CTR
MBEDTLS_CIPHER_MODE_OFB	Define Undefine	Undefine	MBEDTLS_CIPHER_MODE_OFB
MBEDTLS_CIPHER_MODE_XTS	Define Undefine	Undefine	MBEDTLS_CIPHER_MODE_XTS
MBEDTLS_CIPHER_NULL_CIPHER	Define Undefine	Undefine	MBEDTLS_CIPHER_NULL_CIPHER
MBEDTLS_CIPHER_PADDING_PKCS7	Define Undefine	Define	MBEDTLS_CIPHER_PADDING_PKCS7
MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS	Define Undefine	Define	MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN	Define Undefine	Define	MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
MBEDTLS_CIPHER_PADDING_ZEROS	Define Undefine	Define	MBEDTLS_CIPHER_PADDING_ZEROS
MBEDTLS_AES_C	Define	Define	MBEDTLS_AES_C
MBEDTLS_BLOCK_CIPHER_NO_DECRYPT	Define Undefine	Undefine	MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
MBEDTLS_CAMELLIA_C	Define Undefine	Undefine	MBEDTLS_CAMELLIA_C
MBEDTLS_ARIA_C	Define Undefine	Undefine	MBEDTLS_ARIA_C
MBEDTLS_CCM_C	Define Undefine	Define	MBEDTLS_CCM_C
MBEDTLS_CHACHA20_C	Define Undefine	Undefine	MBEDTLS_CHACHA20_C
MBEDTLS_CHACHAPOLY_C	Define Undefine	Undefine	MBEDTLS_CHACHAPOLY_C
MBEDTLS_CIPHER_C	Define Undefine	Define	MBEDTLS_CIPHER_C
MBEDTLS_DES_C	Define Undefine	Undefine	MBEDTLS_DES_C
MBEDTLS_GCM_C	Define Undefine	Define	MBEDTLS_GCM_C
MBEDTLS_GCM_LARGE_TABLE	Define Undefine	Undefine	MBEDTLS_GCM_LARGE_TABLE
MBEDTLS_NIST_KW_C	Define Undefine	Undefine	MBEDTLS_NIST_KW_C
Public Key Cryptography (PKC)
Public Key Cryptography (PKC) > DHM
Public Key Cryptography (PKC) > DHM > Alternate
MBEDTLS_DHM_ALT	Define Undefine	Undefine	MBEDTLS_DHM_ALT
MBEDTLS_DHM_C	Define Undefine	Undefine	MBEDTLS_DHM_C
Public Key Cryptography (PKC) > ECC
Public Key Cryptography (PKC) > ECC > Alternate
MBEDTLS_ECJPAKE_ALT	Define Undefine	Undefine	MBEDTLS_ECJPAKE_ALT
MBEDTLS_ECDSA_GENKEY_ALT	Define Undefine	Undefine	MBEDTLS_ECDSA_GENKEY_ALT
MBEDTLS_ECP_INTERNAL_ALT	Define Undefine	Undefine	MBEDTLS_ECP_INTERNAL_ALT
MBEDTLS_ECP_RANDOMIZE_JAC_ALT	Define Undefine	Undefine	MBEDTLS_ECP_RANDOMIZE_JAC_ALT
MBEDTLS_ECP_ADD_MIXED_ALT	Define Undefine	Undefine	MBEDTLS_ECP_ADD_MIXED_ALT
MBEDTLS_ECP_DOUBLE_JAC_ALT	Define Undefine	Undefine	MBEDTLS_ECP_DOUBLE_JAC_ALT
MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT	Define Undefine	Undefine	MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
MBEDTLS_ECP_NORMALIZE_JAC_ALT	Define Undefine	Undefine	MBEDTLS_ECP_NORMALIZE_JAC_ALT
MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT	Define Undefine	Undefine	MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
MBEDTLS_ECP_RANDOMIZE_MXZ_ALT	Define Undefine	Undefine	MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
MBEDTLS_ECP_NORMALIZE_MXZ_ALT	Define Undefine	Undefine	MBEDTLS_ECP_NORMALIZE_MXZ_ALT
Public Key Cryptography (PKC) > ECC > Curves
MBEDTLS_ECP_DP_SECP192R1_ENABLED	Define Undefine	Undefine	MBEDTLS_ECP_DP_SECP192R1_ENABLED
MBEDTLS_ECP_DP_SECP224R1_ENABLED	Define Undefine	Undefine	MBEDTLS_ECP_DP_SECP224R1_ENABLED
MBEDTLS_ECP_DP_SECP256R1_ENABLED	Define Undefine	Define	MBEDTLS_ECP_DP_SECP256R1_ENABLED
MBEDTLS_ECP_DP_SECP384R1_ENABLED	Define Undefine	Undefine	MBEDTLS_ECP_DP_SECP384R1_ENABLED
MBEDTLS_ECP_DP_SECP521R1_ENABLED	Define Undefine	Undefine	MBEDTLS_ECP_DP_SECP521R1_ENABLED
MBEDTLS_ECP_DP_SECP192K1_ENABLED	Define Undefine	Undefine	MBEDTLS_ECP_DP_SECP192K1_ENABLED
MBEDTLS_ECP_DP_SECP224K1_ENABLED	Define Undefine	Undefine	MBEDTLS_ECP_DP_SECP224K1_ENABLED
MBEDTLS_ECP_DP_SECP256K1_ENABLED	Define Undefine	Undefine	MBEDTLS_ECP_DP_SECP256K1_ENABLED
MBEDTLS_ECP_DP_BP256R1_ENABLED	Define Undefine	Undefine	MBEDTLS_ECP_DP_BP256R1_ENABLED
MBEDTLS_ECP_DP_BP384R1_ENABLED	Define Undefine	Undefine	MBEDTLS_ECP_DP_BP384R1_ENABLED
MBEDTLS_ECP_DP_BP512R1_ENABLED	Define Undefine	Undefine	MBEDTLS_ECP_DP_BP512R1_ENABLED
MBEDTLS_ECP_DP_CURVE25519_ENABLED	Define Undefine	Undefine	MBEDTLS_ECP_DP_CURVE25519_ENABLED
MBEDTLS_ECP_DP_CURVE448_ENABLED	Define Undefine	Undefine	MBEDTLS_ECP_DP_CURVE448_ENABLED
MBEDTLS_ECDH_GEN_PUBLIC_ALT	Define Undefine	Undefine	MBEDTLS_ECDH_GEN_PUBLIC_ALT
MBEDTLS_ECDH_COMPUTE_SHARED_ALT	Define Undefine	Undefine	MBEDTLS_ECDH_COMPUTE_SHARED_ALT
MBEDTLS_ECP_NO_FALLBACK	Define Undefine	Undefine	MBEDTLS_ECP_NO_FALLBACK
MBEDTLS_ECP_NIST_OPTIM	Define Undefine	Undefine	MBEDTLS_ECP_NIST_OPTIM
MBEDTLS_ECP_RESTARTABLE	Define Undefine	Undefine	MBEDTLS_ECP_RESTARTABLE
MBEDTLS_ECDSA_DETERMINISTIC	Define Undefine	Undefine	MBEDTLS_ECDSA_DETERMINISTIC
MBEDTLS_PK_PARSE_EC_COMPRESSED	Define Undefine	Undefine	MBEDTLS_PK_PARSE_EC_COMPRESSED
MBEDTLS_PK_PARSE_EC_EXTENDED	Define Undefine	Undefine	MBEDTLS_PK_PARSE_EC_EXTENDED
MBEDTLS_ECDH_C	Define Undefine	Undefine	MBEDTLS_ECDH_C
MBEDTLS_ECDSA_C	Define Undefine	Define	MBEDTLS_ECDSA_C
MBEDTLS_ECP_C	Define Undefine	Define	MBEDTLS_ECP_C
MBEDTLS_ECJPAKE_C	Define Undefine	Undefine	MBEDTLS_ECJPAKE_C
MBEDTLS_ECP_WINDOW_SIZE	Define Undefine	Undefine	MBEDTLS_ECP_WINDOW_SIZE
MBEDTLS_ECP_WINDOW_SIZE value	Manual Entry	6	MBEDTLS_ECP_WINDOW_SIZE value
MBEDTLS_ECP_FIXED_POINT_OPTIM	Define Undefine	Undefine	MBEDTLS_ECP_FIXED_POINT_OPTIM
MBEDTLS_ECP_FIXED_POINT_OPTIM value	Manual Entry	1	MBEDTLS_ECP_FIXED_POINT_OPTIM value
MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED	Define Undefine	Undefine	MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
Public Key Cryptography (PKC) > RSA
MBEDTLS_PK_RSA_ALT_SUPPORT	Define Undefine	Undefine	MBEDTLS_PK_RSA_ALT_SUPPORT
MBEDTLS_RSA_NO_CRT	Define Undefine	Define	MBEDTLS_RSA_NO_CRT
MBEDTLS_RSA_C	Define Undefine	Define	MBEDTLS_RSA_C
MBEDTLS_RSA_GEN_KEY_MIN_BITS	Define Undefine	Undefine	MBEDTLS_RSA_GEN_KEY_MIN_BITS
MBEDTLS_RSA_GEN_KEY_MIN_BITS value	Manual Entry	1024	MBEDTLS_RSA_GEN_KEY_MIN_BITS value
MBEDTLS_GENPRIME	Define Undefine	Define	MBEDTLS_GENPRIME
MBEDTLS_PKCS1_V15	Define Undefine	Define	MBEDTLS_PKCS1_V15
MBEDTLS_PKCS1_V21	Define Undefine	Define	MBEDTLS_PKCS1_V21
MBEDTLS_ASN1_PARSE_C	Define Undefine	Define	MBEDTLS_ASN1_PARSE_C
MBEDTLS_ASN1_WRITE_C	Define Undefine	Define	MBEDTLS_ASN1_WRITE_C
MBEDTLS_BASE64_C	Define Undefine	Define	MBEDTLS_BASE64_C
MBEDTLS_BIGNUM_C	Define Undefine	Define	MBEDTLS_BIGNUM_C
MBEDTLS_LMS_C	Define Undefine	Define	MBEDTLS_LMS_C
MBEDTLS_LMS_PRIVATE	Define Undefine	Undefine	MBEDTLS_LMS_PRIVATE
MBEDTLS_OID_C	Define Undefine	Define	MBEDTLS_OID_C
MBEDTLS_PEM_PARSE_C	Define Undefine	Define	MBEDTLS_PEM_PARSE_C
MBEDTLS_PEM_WRITE_C	Define Undefine	Define	MBEDTLS_PEM_WRITE_C
MBEDTLS_PK_C	Define Undefine	Define	MBEDTLS_PK_C
MBEDTLS_PK_PARSE_C	Define Undefine	Define	MBEDTLS_PK_PARSE_C
MBEDTLS_PK_WRITE_C	Define Undefine	Define	MBEDTLS_PK_WRITE_C
MBEDTLS_PKCS5_C	Define Undefine	Define	MBEDTLS_PKCS5_C
MBEDTLS_PKCS7_C	Define Undefine	Undefine	MBEDTLS_PKCS7_C
MBEDTLS_PKCS12_C	Define Undefine	Define	MBEDTLS_PKCS12_C
MBEDTLS_MPI_WINDOW_SIZE	Define Undefine	Undefine	MBEDTLS_MPI_WINDOW_SIZE
MBEDTLS_MPI_WINDOW_SIZE value	Manual Entry	6	MBEDTLS_MPI_WINDOW_SIZE value
MBEDTLS_MPI_MAX_SIZE	Define Undefine	Undefine	MBEDTLS_MPI_MAX_SIZE
MBEDTLS_MPI_MAX_SIZE value	Manual Entry	1024	MBEDTLS_MPI_MAX_SIZE value
Hash
Hash > Alternate
MBEDTLS_MD5_ALT	Define Undefine	Undefine	MBEDTLS_MD5_ALT
MBEDTLS_RIPEMD160_ALT	Define Undefine	Undefine	MBEDTLS_RIPEMD160_ALT
MBEDTLS_SHA1_ALT	Define Undefine	Undefine	MBEDTLS_SHA1_ALT
MBEDTLS_MD5_PROCESS_ALT	Define Undefine	Undefine	MBEDTLS_MD5_PROCESS_ALT
MBEDTLS_RIPEMD160_PROCESS_ALT	Define Undefine	Undefine	MBEDTLS_RIPEMD160_PROCESS_ALT
MBEDTLS_SHA1_PROCESS_ALT	Define Undefine	Undefine	MBEDTLS_SHA1_PROCESS_ALT
MBEDTLS_SHA256_SMALLER	Define Undefine	Undefine	MBEDTLS_SHA256_SMALLER
MBEDTLS_SHA512_SMALLER	Define Undefine	Undefine	MBEDTLS_SHA512_SMALLER
MBEDTLS_MD_C	Define Undefine	Define	MBEDTLS_MD_C
MBEDTLS_MD5_C	Define Undefine	Define	MBEDTLS_MD5_C
MBEDTLS_RIPEMD160_C	Define Undefine	Undefine	MBEDTLS_RIPEMD160_C
MBEDTLS_SHA1_C	Define Undefine	Define	MBEDTLS_SHA1_C
MBEDTLS_SHA3_C	Define Undefine	Undefine	MBEDTLS_SHA3_C
MBEDTLS_SHA224_C	Define Undefine	Define	MBEDTLS_SHA224_C
MBEDTLS_SHA256_C	Define Undefine	Define	MBEDTLS_SHA256_C
MBEDTLS_SHA384_C	Define Undefine	Undefine	MBEDTLS_SHA384_C
MBEDTLS_SHA512_C	Define Undefine	Undefine	MBEDTLS_SHA512_C
Message Authentication Code (MAC)
Message Authentication Code (MAC) > Alternate
MBEDTLS_POLY1305_ALT	Define Undefine	Undefine	MBEDTLS_POLY1305_ALT
MBEDTLS_CMAC_C	Define Undefine	Undefine	MBEDTLS_CMAC_C
MBEDTLS_HKDF_C	Define Undefine	Define	MBEDTLS_HKDF_C
MBEDTLS_HMAC_DRBG_C	Define Undefine	Undefine	MBEDTLS_HMAC_DRBG_C
MBEDTLS_POLY1305_C	Define Undefine	Undefine	MBEDTLS_POLY1305_C
Storage
MBEDTLS_FS_IO	Define Undefine	Undefine	MBEDTLS_FS_IO
MBEDTLS_PSA_CRYPTO_STORAGE_C	Define Undefine	Undefine	MBEDTLS_PSA_CRYPTO_STORAGE_C
MBEDTLS_PSA_ITS_FILE_C	Define Undefine	Undefine	MBEDTLS_PSA_ITS_FILE_C
RNG
MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES	Define Undefine	Undefine	MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
MBEDTLS_ENTROPY_FORCE_SHA256	Define Undefine	Undefine	MBEDTLS_ENTROPY_FORCE_SHA256
MBEDTLS_ENTROPY_NV_SEED	Define Undefine	Undefine	MBEDTLS_ENTROPY_NV_SEED
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG	Define Undefine	Undefine	MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
MBEDTLS_PSA_INJECT_ENTROPY	Define Undefine	Undefine	MBEDTLS_PSA_INJECT_ENTROPY
MBEDTLS_CTR_DRBG_C	Define Undefine	Define	MBEDTLS_CTR_DRBG_C
MBEDTLS_CTR_DRBG_C_ALT	Define	Define	MBEDTLS_CTR_DRBG_C_ALT
MBEDTLS_CTR_DRBG_ENTROPY_LEN	Define Undefine	Undefine	RNG|MBEDTLS_CTR_DRBG_ENTROPY_LEN
MBEDTLS_CTR_DRBG_ENTROPY_LEN value	Manual Entry	48	RNG value|MBEDTLS_CTR_DRBG_ENTROPY_LEN
MBEDTLS_CTR_DRBG_RESEED_INTERVAL	Define Undefine	Undefine	RNG|MBEDTLS_CTR_DRBG_RESEED_INTERVAL
MBEDTLS_CTR_DRBG_RESEED_INTERVAL value	Manual Entry	10000	RNG value|MBEDTLS_CTR_DRBG_RESEED_INTERVAL
MBEDTLS_CTR_DRBG_MAX_INPUT	Define Undefine	Undefine	MBEDTLS_CTR_DRBG_MAX_INPUT
MBEDTLS_CTR_DRBG_MAX_INPUT value	Manual Entry	256	MBEDTLS_CTR_DRBG_MAX_INPUT value
MBEDTLS_CTR_DRBG_MAX_REQUEST	Define Undefine	Undefine	MBEDTLS_CTR_DRBG_MAX_REQUEST
MBEDTLS_CTR_DRBG_MAX_REQUEST value	Manual Entry	1024	MBEDTLS_CTR_DRBG_MAX_REQUEST value
MBEDTLS_CTR_DRBG_MAX_SEED_INPUT	Define Undefine	Undefine	MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
MBEDTLS_CTR_DRBG_MAX_SEED_INPUT value	Manual Entry	384	MBEDTLS_CTR_DRBG_MAX_SEED_INPUT value
MBEDTLS_CTR_DRBG_USE_128_BIT_KEY	Define Undefine	Undefine	MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
MBEDTLS_HMAC_DRBG_RESEED_INTERVAL	Define Undefine	Undefine	MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
MBEDTLS_HMAC_DRBG_RESEED_INTERVAL value	Manual Entry	10000	MBEDTLS_HMAC_DRBG_RESEED_INTERVAL value
MBEDTLS_HMAC_DRBG_MAX_INPUT	Define Undefine	Undefine	MBEDTLS_HMAC_DRBG_MAX_INPUT
MBEDTLS_HMAC_DRBG_MAX_INPUT value	Manual Entry	256	MBEDTLS_HMAC_DRBG_MAX_INPUT value
MBEDTLS_HMAC_DRBG_MAX_REQUEST	Define Undefine	Undefine	MBEDTLS_HMAC_DRBG_MAX_REQUEST
MBEDTLS_HMAC_DRBG_MAX_REQUEST value	Manual Entry	1024	MBEDTLS_HMAC_DRBG_MAX_REQUEST value
MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT	Define Undefine	Undefine	MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT
MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT value	Manual Entry	384	MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT value
MBEDTLS_ENTROPY_MAX_SOURCES	Define Undefine	Undefine	MBEDTLS_ENTROPY_MAX_SOURCES
MBEDTLS_ENTROPY_MAX_SOURCES value	Manual Entry	20	MBEDTLS_ENTROPY_MAX_SOURCES value
MBEDTLS_ENTROPY_MAX_GATHER	Define Undefine	Undefine	MBEDTLS_ENTROPY_MAX_GATHER
MBEDTLS_ENTROPY_MAX_GATHER value	Manual Entry	128	MBEDTLS_ENTROPY_MAX_GATHER value
MBEDTLS_ENTROPY_MIN_HARDWARE	Define Undefine	Undefine	MBEDTLS_ENTROPY_MIN_HARDWARE
MBEDTLS_ENTROPY_MIN_HARDWARE value	Manual Entry	32	MBEDTLS_ENTROPY_MIN_HARDWARE value
Key Configuration
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER	Define Undefine	Undefine	MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS	Define Undefine	Undefine	MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER	Define Undefine	Undefine	PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER
MBEDTLS_PSA_KEY_SLOT_COUNT	Define Undefine	Undefine	MBEDTLS_PSA_KEY_SLOT_COUNT
MBEDTLS_PSA_KEY_SLOT_COUNT value	Manual Entry	32	MBEDTLS_PSA_KEY_SLOT_COUNT value
Post Quantum Cryptography (PQC)
MBEDTLS_MLKEM_C	Define Undefine	Undefine	MBEDTLS_MLKEM_C
MBEDTLS_ML_DSA_C	Define Undefine	Undefine	MBEDTLS_ML_DSA_C
HMAC
MBEDTLS_PSA_HMAC_DRBG_MD_TYPE	Define Undefine	Define	MBEDTLS_PSA_HMAC_DRBG_MD_TYPE

SHA256 Configuration

To enable hardware acceleration for the SHA256/224 calculation, the macro MBEDTLS_SHA256_ALT and MBEDTLS_SHA256_PROCESS_ALT must be defined in the configuration file. By default SHA256 is enabled. SHA256 can be disabled, but SHA512 then needs to be enabled (software version) because the PSA implementation uses it for the entropy accumulator. This can be done using the RA Configuration editor.

AES Configuration

To enable hardware acceleration for the AES128/256 operation, the macro MBEDTLS_AES_SETKEY_ENC_ALT, MBEDTLS_AES_SETKEY_DEC_ALT, MBEDTLS_AES_ENCRYPT_ALT and MBEDTLS_AES_DECRYPT_ALT must be defined in the configuration file. By default AES is enabled. AES cannot be disabled because the PSA implementation requires it for the CTR_DRBG random number generator. This can be done using the RA Configuration editor.

Note

Only AES XTS 128 is currently supported. RA2 devices support acceleration for ECB part alone, while other devices support full AES XTS hardware acceleration.

ECC Configuration

To enable hardware acceleration for the ECC Key Generation operation, the macro MBEDTLS_ECP_ALT must be defined in the configuration file. For ECDSA, the macros MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_VERIFY_ALT must be defined. By default ECC, ECDSA and ECDHE are enabled. To disable ECC, undefine MBEDTLS_ECP_C, MBEDTLS_ECDSA_C and MBEDTLS_ECDH_C. This can be done using the RA Configuration editor.

RSA Configuration

To enable hardware acceleration for the RSA2048 operation, the macro MBEDTLS_RSA_ALT must be defined in the configuration file. By default RSA is enabled. To disable RSA, undefine MBEDTLS_RSA_C, MBEDTLS_PK_C, MBEDTLS_PK_PARSE_C, MBEDTLS_PK_WRITE_C. This can be done using the RA Configuration editor.

Post Quantum Cryptography (PQC) Configuration

ML-KEM Configuration

To enable software only PQC ML-KEM key generation, encapsulation, and decapsulation operations, the macro MBEDTLS_MLKEM_C must be defined in the configuration file. By default, PQC ML-KEM is disabled as the PQC stack is optional. This can be done using the RA Configuration editor.

ML-DSA Configuration

To enable software only PQC ML-DSA key generation, signing, and verification operations, the macro MBEDTLS_ML_DSA_C must be defined in the configuration file. By default, PQC ML-DSA is disabled as the PQC stack is optional. This can be done using the RA Configuration editor.

Wrapped Key Usage

To use the Secure Crypto Engine to generate and use wrapped keys, use PSA_KEY_TYPE_AES_WRAPPED or PSA_KEY_TYPE_ECC_KEY_PAIR_WRAPPED(curve) or PSA_KEY_TYPE_RSA_KEY_PAIR when setting the key type attribute. Setting the key's type attribute using this value will cause the SCE to use wrapped key mode for all operations related to that key. The user can use the export functionality to save the wrapped keys to user ROM and import it later for usage. This mode requires that Wrapped Key functionality for the algorithm is enabled in the project configuration.

Note

On the SCE9 devices, only the RSA public key can be exported. A file system must be used to store the internally generated private key.

Persistent Key Storage

Persistent key storage can be enabled by defining MBEDTLS_FS_IO, MBEDTLS_PSA_CRYPTO_STORAGE_C, and MBEDTLS_PSA_ITS_FILE_C. The key lifetime must also be specified as PSA_KEY_LIFETIME_PERSISTENT. A lower level storage module must be added in the RA Configuration editor and initialized in the code before generating persistent keys. Persistent storage supports the use of plaintext and vendor keys. Refer to the lower level storage module documentation for information on how it should be initialized. To generate a persistent key the key must be assigned a unique id prior to calling generate using the psa_set_key_id api.

    if (PSA_KEY_LIFETIME_IS_PERSISTENT(lifetime))
    {
        /* Set the id to a positive integer. */
        psa_set_key_id(&attributes, (psa_key_id_t) 5);
    }

Platform Configuration

To run the mbedCrypto implementation of the PSA Crypto API on the MCU, the macro MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT must be defined in the configuration file. This enables code that will initialize the SCE. Parameter checking (General|MBEDTLS_CHECK_PARAMS) is enabled by default. To reduce code size, disable parameter checking.

Random Number Configuration

To run the mbedCrypto implementation of the PSA Crypto API on the MCU, the macro MBEDTLS_ENTROPY_HARDWARE_ALT must be defined in the configuration file. This enables using the TRNG as an entropy source. None of the other cryptographic operations (even in software only mode) will work without this feature.

Usage Notes

Hardware Initialization

mbedtls_platform_setup() must be invoked before using the PSA Crypto API to ensure that the SCE peripheral is initialized.

Memory Usage

In general, depending on the mbedCrypto features being used a heap size of 0x1000 to 0x5000 bytes is required. The total allocated heap should be the sum of the heap requirements of the individual algorithms:

Algorithm	Required Heap (bytes)
SHA256/224	None
AES	0x200
Hardware ECC	0x400
Software ECC	0x1800
RSA	0x1500

A minimum stack of 0x1000 is required where the module is used. This is either the main stack in a bare metal application or the task stack of the task used for crypto operations.

Limitations

• Only little endian mode is supported.

Stdio Buffering

The MBEDTLS_PLATFORM_SETBUF_MACRO was introduced in mbedTLS 3.2.1 to prevent stdio read/write functions from buffering stream data to reduce the likelihood of key leakage by setting the buffer argument in setbuf() to NULL. FSP uses a dummy_setbuf() function in rm_psa_crypto.c to prevent build errors; since FSP uses LittleFS by default (where the usage of a buffer is mandatory) this function does not perform any action. Setting the cache size in LittleFS to the minimum supported by the Data Flash (4) can minimize but not remove the likelihood of key data leakage. The dummy function can be replaced with a user-defined function by defining a different value for MBEDTLS_PLATFORM_SETBUF_MACRO_value in the FSP configurator.

Post Quantum Cryptography (PQC)

• The PSA API Specificiation v1.3 supports ML-KEM and ML-DSA however MbedTLS currently does not provide an implementation. The implementation in the FSP release is thus likely to change and may cause backward compatibility issues when MbedTLS officially supports it.
• ASN.1 encoding not implemented. Keys are currently implemented in raw bytes.

ML-DSA

• The FIPS204 Standard allows the user to provide an optional context string for ML-DSA signature generation and verification. The current implementation does not allow the user to provide such a string. Internally this field is set to a value of 0 with a length of 0.
• The data format for import and export of the key pair is a byte array of the 32 byte seed value.
• Only ML-DSA-44 and ML-DSA-65 supported. ML-DSA-87 not supported.
• Only PSA_ALG_HASH_ML_DSA supported. PSA_ALG_ML_DSA requires PSA to offer a SHAKE-256 implementation.
• The current implementation of ML-DSA is too big for devices with less than 64KB of RAM.
• There is a known runtime issue when IAR toolchain is used for ML-DSA.

ML-KEM

• Only ML-KEM-512 and ML-KEM-768 supported. ML-KEM-1024 not supported.
• Key derivation not supported.
• The data format for import and export of the key pair is the concatenation of the two 32 byte seed values: d || z

SCE9 Usage

The SCE9 is used in Compatibility Mode for mbedCrypto acceleration. The crypto capabilities in this mode on the SCE9 are different which results in the below usage limitations with mbedCrypto:

• The module includes both wrapped and plaintext keys code irrespective of whether the application requires it.
• Plaintext key generation is not supported for RSA and ECC; only wrapped keys can be generated.
• If ECDH is used, only wrapped key will be generated on SCE9 and will not return an error even if the user context is somehow set for plain key. This may be relevant only if the psa_key_agreement() function with plaintext key on SCE9 is attempted.

Note

For a detailed description of the different SCE9 operating modes, refer to Application Note R11AN0498.

Using PSA Crypto with TrustZone

Unlike FSP drivers, PSA Crypto cannot be configured as Non-secure callable in the RA Configurator for a secure project. The reason for this is that in order to achieve the security objective of controlling access to protected keys, both the PSA Crypto code as well as the keys must be placed in the secure region. Since the PSA Crypto API requires access to the keys directly during initialization and later via a key handle, allowing non-secure code to use the API by making it Non-secure callable will require the keys to be stored in non-secure memory.

This section will provide a short explanation of how to add PSA Crypto to a secure project and have it usable by the non-secure project without exposing the keys. In this example the secure project will contain an RSA private key and the non-secure project is expected to be able to perform sign and verify operations using that key.

PSA Crypto Non-secure callable example

• Secure project
  • During secure project boot-up, psa_crypto_init() is called.
  • The RSA private key is programmed into secure flash either at the factory or by calling psa_generate_key() in persistent mode. Note that the data-flash area used by the LittleFS will have to be in the secure region if the key is generated as a persistent.
  • psa_import_key()/psa_open_key() are called with the resultant handle held in secure RAM.
  • The Non-secure callable section contains the following user-defined functions
  • verify_with_my_rsa_key(input_signature, input_hash, verification_result)
  • The implementation of this function in secure region will call psa_verify_hash() and return the result via verification_result.
  • sign_with_my_rsa_key(input_hash, output_signature)
  • The implementation of this function in secure region will call psa_sign_hash() and return the signature via output_signature.

• Non-secure project

  • Calls verify_with_my_rsa_key() to verify a signature. The implementation will use the public key that is present in the secure project.
  • Calls sign_with_my_rsa_key() to generate a signature. The implementation will use the private key that is present on the secure project.

  For more details on how to add user-code to the Non-secure callable region refer to the "Security Design with Arm TrustZone - IP Protection (R11AN0467EU0100)" Application Note.

Examples

Hash Example

This is an example on calculating the SHA256 hash using the PSA Crypto API.

const uint8_t NIST_SHA256ShortMsgLen200[] =
{
    0x2e, 0x7e, 0xa8, 0x4d, 0xa4, 0xbc, 0x4d, 0x7c, 0xfb, 0x46, 0x3e, 0x3f, 0x2c, 0x86, 0x47, 0x05,
    0x7a, 0xff, 0xf3, 0xfb, 0xec, 0xec, 0xa1, 0xd2, 00
};
const uint8_t NIST_SHA256ShortMsgLen200_expected[] =
{
    0x76, 0xe3, 0xac, 0xbc, 0x71, 0x88, 0x36, 0xf2, 0xdf, 0x8a, 0xd2, 0xd0, 0xd2, 0xd7, 0x6f, 0x0c,
    0xfa, 0x5f, 0xea, 0x09, 0x86, 0xbe, 0x91, 0x8f, 0x10, 0xbc, 0xee, 0x73, 0x0d, 0xf4, 0x41, 0xb9
};
void psa_crypto_sha256_example (void)
{
    psa_algorithm_t      alg               = PSA_ALG_SHA_256;
    psa_hash_operation_t operation         = {0};
    size_t               expected_hash_len = PSA_HASH_LENGTH(alg);
    uint8_t              actual_hash[PSA_HASH_MAX_SIZE];
    size_t               actual_hash_len;

    mbedtls_platform_context ctx = {0};

    /* Setup the platform; initialize the SCE and the TRNG */
    if (PSA_SUCCESS != mbedtls_platform_setup(&ctx))
    {
        /* Platform initialization failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_hash_setup(&operation, alg))
    {
        /* Hash setup failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_hash_update(&operation, NIST_SHA256ShortMsgLen200, sizeof(NIST_SHA256ShortMsgLen200)))
    {
        /* Hash calculation failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_hash_finish(&operation, &actual_hash[0], sizeof(actual_hash), &actual_hash_len))
    {
        /* Reading calculated hash failed */
        debugger_break();
    }
    else if (0 != memcmp(&actual_hash[0], &NIST_SHA256ShortMsgLen200_expected[0], actual_hash_len))
    {
        /* Hash compare of calculated value with expected value failed */
        debugger_break();
    }
    else if (0 != memcmp(&expected_hash_len, &actual_hash_len, sizeof(expected_hash_len)))
    {
        /* Hash size compare of calculated value with expected value failed */
        debugger_break();
    }
    else
    {
        /* SHA256 calculation succeeded */
        debugger_break();
    }


    /* De-initialize the platform. This is currently a placeholder function which does not do anything. */
    mbedtls_platform_teardown(&ctx);

}

AES Example

This is an example on using the PSA Crypto API to generate an AES256 key, encrypting and decrypting multi-block data and using PKCS7 padding.

static psa_status_t cipher_operation (psa_cipher_operation_t * operation,
                                      const uint8_t          * input,
                                      size_t                   input_size,
                                      size_t                   part_size,
                                      uint8_t                * output,
                                      size_t                   output_size,
                                      size_t                 * output_len)
{
    psa_status_t status;
    size_t       bytes_to_write = 0;
    size_t       bytes_written  = 0;
    size_t       len            = 0;

    *output_len = 0;
    while (bytes_written != input_size)
    {
        bytes_to_write = (input_size - bytes_written > part_size ?
                          part_size :
                          input_size - bytes_written);

        status = psa_cipher_update(operation,
                                   input + bytes_written,
                                   bytes_to_write,
                                   output + *output_len,
                                   output_size - *output_len,
                                   &len);
        if (PSA_SUCCESS != status)
        {
            return status;
        }

        bytes_written += bytes_to_write;
        *output_len   += len;
    }

    status = psa_cipher_finish(operation, output + *output_len, output_size - *output_len, &len);
    if (PSA_SUCCESS != status)
    {
        return status;
    }

    *output_len += len;

    return status;
}

void psa_crypto_aes256cbcmultipart_example (void)
{
    enum
    {
        block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES), 
        key_bits   = 256,
        input_size = 100,
        part_size  = 10,
    };

    mbedtls_platform_context ctx         = {0};
    const psa_algorithm_t    alg         = PSA_ALG_CBC_PKCS7;
    psa_cipher_operation_t   operation_1 = PSA_CIPHER_OPERATION_INIT;
    psa_cipher_operation_t   operation_2 = PSA_CIPHER_OPERATION_INIT;
    size_t iv_len = 0;

    psa_key_handle_t     key_handle        = 0;
    size_t               encrypted_length  = 0;
    size_t               decrypted_length  = 0;
    uint8_t              iv[block_size]    = {0};
    uint8_t              input[input_size] = {0};
    uint8_t              encrypted_data[input_size + block_size] = {0};
    uint8_t              decrypted_data[input_size + block_size] = {0};
    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
    psa_key_lifetime_t   lifetime;

    /* Setup the platform; initialize the SCE */
    if (PSA_SUCCESS != mbedtls_platform_setup(&ctx))
    {
        /* Platform initialization failed */
        debugger_break();
    }

    if (PSA_SUCCESS != psa_crypto_init())
    {
        /* PSA Crypto Initialization failed */
        debugger_break();
    }

    /* Set key attributes */
    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
    psa_set_key_algorithm(&attributes, alg);

    /* To use wrapped keys instead of plaintext use PSA_KEY_TYPE_AES_WRAPPED. */
    psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
    psa_set_key_bits(&attributes, key_bits);

    lifetime = PSA_KEY_LIFETIME_VOLATILE;

    /* To use persistent keys:
     *......Use a lifetime value of PSA_KEY_LIFETIME_PERSISTENT
     * -    The file system must be initialized prior to calling the generate/import key functions.
     * -    Refer to the littlefs example to see how to format and mount the filesystem. */
    psa_set_key_lifetime(&attributes, lifetime);

    if (PSA_KEY_LIFETIME_IS_PERSISTENT(lifetime))
    {
        /* Set the id to a positive integer. */
        psa_set_key_id(&attributes, (psa_key_id_t) 5);
    }


    if (PSA_SUCCESS != psa_generate_random(input, sizeof(input)))
    {
        /* Random number generation for input data failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_generate_key(&attributes, &key_handle))
    {
        /* Generating AES 256 key and allocating to key slot failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_encrypt_setup(&operation_1, key_handle, alg))
    {
        /* Initializing the encryption (with PKCS7 padding) operation handle failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_generate_iv(&operation_1, iv, sizeof(iv), &iv_len))
    {
        /* Generating the random IV failed */
        debugger_break();
    }
    else if (PSA_SUCCESS !=
             cipher_operation(&operation_1, input, input_size, part_size, encrypted_data, sizeof(encrypted_data),
                              &encrypted_length))
    {
        /* Encryption failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_abort(&operation_1))
    {
        /* Terminating the encryption operation failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_decrypt_setup(&operation_2, key_handle, alg))
    {
        /* Initializing the decryption (with PKCS7 padding) operation handle failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_set_iv(&operation_2, iv, sizeof(iv)))
    {
        /* Setting the IV failed */
        debugger_break();
    }
    else if (PSA_SUCCESS !=
             cipher_operation(&operation_2, encrypted_data, encrypted_length, part_size, decrypted_data,
                              sizeof(decrypted_data), &decrypted_length))
    {
        /* Decryption failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_abort(&operation_2))
    {
        /* Terminating the decryption operation failed */
        debugger_break();
    }
    else if (0 != memcmp(input, decrypted_data, sizeof(input)))
    {
        /* Comparing the input data with decrypted data failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_destroy_key(key_handle))
    {
        /* Destroying the key handle failed */
        debugger_break();
    }
    else
    {
        /* All the operations succeeded */
    }

    /* Close the SCE */
    mbedtls_platform_teardown(&ctx);
}

void psa_crypto_aes128xtsmultipart_example (void)
{
    enum
    {
        block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES), 
        key_bits   = 256,
        input_size = 32,
        part_size  = 16,
    };

    mbedtls_platform_context ctx         = {0};
    const psa_algorithm_t    alg         = PSA_ALG_XTS;
    psa_cipher_operation_t   operation_1 = PSA_CIPHER_OPERATION_INIT;
    psa_cipher_operation_t   operation_2 = PSA_CIPHER_OPERATION_INIT;
    size_t iv_len = 0;

    psa_key_handle_t     key_handle                 = 0;
    size_t               encrypted_length           = 0;
    size_t               decrypted_length           = 0;
    uint8_t              iv[block_size]             = {0};
    uint8_t              input[input_size]          = {0};
    uint8_t              encrypted_data[input_size] = {0};
    uint8_t              decrypted_data[input_size] = {0};
    psa_key_attributes_t attributes                 = PSA_KEY_ATTRIBUTES_INIT;
    psa_key_lifetime_t   lifetime;

    /* Setup the platform; initialize the SCE */
    if (PSA_SUCCESS != mbedtls_platform_setup(&ctx))
    {
        /* Platform initialization failed */
        debugger_break();
    }

    if (PSA_SUCCESS != psa_crypto_init())
    {
        /* PSA Crypto Initialization failed */
        debugger_break();
    }

    /* Set key attributes */
    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
    psa_set_key_algorithm(&attributes, alg);

    /* To use wrapped keys instead of plaintext use PSA_KEY_TYPE_AES_WRAPPED. */

    /* When using XTS mode, since there are two keys used, the key_bits value is twice the AES key length.
     * For AES 128 XTS mode, the key_bits value is 256. MbedTLS only supports AES 128 currently. */
    psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
    psa_set_key_bits(&attributes, key_bits);

    lifetime = PSA_KEY_LIFETIME_VOLATILE;

    /* To use persistent keys:
     *......Use a lifetime value of PSA_KEY_LIFETIME_PERSISTENT
     * -    The file system must be initialized prior to calling the generate/import key functions.
     * -    Refer to the littlefs example to see how to format and mount the filesystem. */
    psa_set_key_lifetime(&attributes, lifetime);

    if (PSA_KEY_LIFETIME_IS_PERSISTENT(lifetime))
    {
        /* Set the id to a positive integer. */
        psa_set_key_id(&attributes, (psa_key_id_t) 5);
    }


    if (PSA_SUCCESS != psa_generate_random(input, sizeof(input)))
    {
        /* Random number generation for input data failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_generate_key(&attributes, &key_handle))
    {
        /* Generating AES 256 key and allocating to key slot failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_encrypt_setup(&operation_1, key_handle, alg))
    {
        /* Initializing the encryption (with PKCS7 padding) operation handle failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_generate_iv(&operation_1, iv, sizeof(iv), &iv_len))
    {
        /* Generating the random IV failed */
        debugger_break();
    }
    else if (PSA_SUCCESS !=
             cipher_operation(&operation_1, input, sizeof(input), part_size, encrypted_data, sizeof(encrypted_data),
                              &encrypted_length))
    {
        /* Encryption failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_abort(&operation_1))
    {
        /* Terminating the encryption operation failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_decrypt_setup(&operation_2, key_handle, alg))
    {
        /* Initializing the decryption (with PKCS7 padding) operation handle failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_set_iv(&operation_2, iv, sizeof(iv)))
    {
        /* Setting the IV failed */
        debugger_break();
    }
    else if (PSA_SUCCESS !=
             cipher_operation(&operation_2, encrypted_data, encrypted_length, part_size, decrypted_data,
                              sizeof(decrypted_data), &decrypted_length))
    {
        /* Decryption failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_abort(&operation_2))
    {
        /* Terminating the decryption operation failed */
        debugger_break();
    }
    else if (0 != memcmp(input, decrypted_data, sizeof(input)))
    {
        /* Comparing the input data with decrypted data failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_destroy_key(key_handle))
    {
        /* Destroying the key handle failed */
        debugger_break();
    }
    else
    {
        /* All the operations succeeded */
    }


    /* Close the SCE */
    mbedtls_platform_teardown(&ctx);
}

AES-CCM Example

This is an example on using the PSA Crypto API to generate an AES256 key, encrypting and decrypting multi-block data and using PKCS7 padding using AES-CCM.

    if (PSA_SUCCESS != psa_generate_random(input, sizeof(input)))
    {
        /* Random plaintext input generation failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_generate_key(&attributes, &key_handle))
    {
        /* Key generation failed */
        debugger_break();
    }
    /* AES-CCM Encryption */
    else if (PSA_SUCCESS !=
             psa_aead_encrypt(key_handle, PSA_ALG_CCM, nonce, sizeof(nonce), additional_data, sizeof(additional_data),
                              input, sizeof(input), encrypt, sizeof(encrypt), &output_len))
    {
        /* AES-CCM Encryption failed */
        debugger_break();
    }
    /* AES-CCM Decryption */
    else if (PSA_SUCCESS !=
             psa_aead_decrypt(key_handle, PSA_ALG_CCM, nonce, sizeof(nonce), additional_data, sizeof(additional_data),
                              encrypt, output_len, decrypt, sizeof(decrypt), &output_len))
    {
        /* AES-CCM Decryption failed */
        debugger_break();
    }
    else if (0U != memcmp(input, decrypt, sizeof(input)))
    {
        /* The decrypted result did not match the plaintext input */
        debugger_break();
    }
    else
    {
        /* All operations were successful */
    }

AES-XTS Example

This is an example on using the PSA Crypto API to generate an AES128 XTS key, encrypting and decrypting multi-block data.

    if (PSA_SUCCESS != psa_generate_random(input, sizeof(input)))
    {
        /* Random number generation for input data failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_generate_key(&attributes, &key_handle))
    {
        /* Generating AES 256 key and allocating to key slot failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_encrypt_setup(&operation_1, key_handle, alg))
    {
        /* Initializing the encryption (with PKCS7 padding) operation handle failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_generate_iv(&operation_1, iv, sizeof(iv), &iv_len))
    {
        /* Generating the random IV failed */
        debugger_break();
    }
    else if (PSA_SUCCESS !=
             cipher_operation(&operation_1, input, sizeof(input), part_size, encrypted_data, sizeof(encrypted_data),
                              &encrypted_length))
    {
        /* Encryption failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_abort(&operation_1))
    {
        /* Terminating the encryption operation failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_decrypt_setup(&operation_2, key_handle, alg))
    {
        /* Initializing the decryption (with PKCS7 padding) operation handle failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_set_iv(&operation_2, iv, sizeof(iv)))
    {
        /* Setting the IV failed */
        debugger_break();
    }
    else if (PSA_SUCCESS !=
             cipher_operation(&operation_2, encrypted_data, encrypted_length, part_size, decrypted_data,
                              sizeof(decrypted_data), &decrypted_length))
    {
        /* Decryption failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_cipher_abort(&operation_2))
    {
        /* Terminating the decryption operation failed */
        debugger_break();
    }
    else if (0 != memcmp(input, decrypted_data, sizeof(input)))
    {
        /* Comparing the input data with decrypted data failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_destroy_key(key_handle))
    {
        /* Destroying the key handle failed */
        debugger_break();
    }
    else
    {
        /* All the operations succeeded */
    }

CMAC Example

This is an example on using the PSA Crypto API to generate an AES256 key, followed by generation and verification of MAC for random data of known length.

    if (PSA_SUCCESS != psa_generate_random(input, sizeof(input)))
    {
        /* Random number generation failure */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_generate_key(&attributes, &key_handle))
    {
        /* Key generation failure */
        debugger_break();
    }
    /* Steps to generate the MAC */
    else if (PSA_SUCCESS != psa_mac_sign_setup(&operation, key_handle, alg))
    {
        /* MAC Sign setup failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_mac_update(&operation, input, input_size))
    {
        /* MAC update failed */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_mac_sign_finish(&operation, AES_CMAC_mac, sizeof(AES_CMAC_mac), &mac_ret))
    {
        /* MAC Sign operation failed */
        debugger_break();
    }
    else
    {
        /* All the operations succeeded for MAC generation */
    }

    /* Steps to verify the generated MAC */

    if (PSA_SUCCESS != psa_mac_verify_setup(&verify_operation, key_handle, alg))
    {
        /* MAC verification setup failure */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_mac_update(&verify_operation, input, input_size))
    {
        /* MAC update failure */
        debugger_break();
    }
    else if (PSA_SUCCESS != psa_mac_verify_finish(&verify_operation, AES_CMAC_mac, mac_ret))
    {
        /* MAC verification failed */
        debugger_break();
    }
    else
    {
        /* All the operations succeeded for MAC verification */
    }

ECC Example

This is an example on using the PSA Crypto API to generate an ECC-P256R1 key, signing and verifying data after hashing it first using SHA256.

Note

Unlike RSA, ECDSA does not have any padding schemes. Thus the hash argument for the ECC sign operation MUST have a size larger than or equal to the curve size; i.e. for PSA_ECC_CURVE_SECP256R1 the payload size must be at least 256/8 bytes. nist.fips.186-4: " A hash function that provides a lower security strength than the security strength associated with the bit length of 'n' ordinarily should not be used, since this would reduce the security strength of the digital signature process to a level no greater than that provided by the hash function."

#define ECC_256_BIT_LENGTH       256
#define ECC_256_EXPORTED_SIZE    500
uint8_t exportedECC_SECP256R1Key[ECC_256_EXPORTED_SIZE];
size_t  exportedECC_SECP256R1Keylength = 0;
void psa_ecc256R1_example (void)
{
/* This example generates an ECC-P256R1 keypair, performs signing and verification operations.
 * It then exports the generated key into ASN1 DER format to a RAM array which can then be programmed to flash.
 * It then re-imports that key, and performs signing and verification operations. */
    unsigned char            payload[] = "ASYMMETRIC_INPUT_FOR_SIGN......";
    unsigned char            signature1[PSA_SIGNATURE_MAX_SIZE] = {0};
    unsigned char            signature2[PSA_SIGNATURE_MAX_SIZE] = {0};
    size_t                   signature_length1 = 0;
    size_t                   signature_length2 = 0;
    psa_key_attributes_t     attributes        = PSA_KEY_ATTRIBUTES_INIT;
    psa_key_attributes_t     read_attributes   = PSA_KEY_ATTRIBUTES_INIT;
    mbedtls_platform_context ctx               = {0};
    psa_key_handle_t         ecc_key_handle    = {0};

    psa_hash_operation_t hash_operation = {0};
    uint8_t              payload_hash[PSA_HASH_MAX_SIZE];
    size_t               payload_hash_len;

    if (PSA_SUCCESS != mbedtls_platform_setup(&ctx))
    {
        debugger_break();
    }

    if (PSA_SUCCESS != psa_crypto_init())
    {
        debugger_break();
    }

    /* Set key attributes */
    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT);
    psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));

    /* To use wrapped keys instead of plaintext:
     * - Use PSA_KEY_TYPE_ECC_KEY_PAIR_WRAPPED(PSA_ECC_FAMILY_SECP_R1).*/
    psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
    psa_set_key_bits(&attributes, ECC_256_BIT_LENGTH);

    /* To use persistent keys instead of volatile:
     * -     Use PSA_KEY_LIFETIME_PERSISTENT.
     * -    The file system must be initialized prior to calling the generate/import key functions.
     * -    Refer to the littlefs example to see how to format and mount the filesystem. */
    psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);

    /* Generate ECC P256R1 Key pair */
    if (PSA_SUCCESS != psa_generate_key(&attributes, &ecc_key_handle))
    {
        debugger_break();
    }

    /* Test the key information */
    if (PSA_SUCCESS != psa_get_key_attributes(ecc_key_handle, &read_attributes))
    {
        debugger_break();
    }

    /* Calculate the hash of the message */
    if (PSA_SUCCESS != psa_hash_setup(&hash_operation, PSA_ALG_SHA_256))
    {
        debugger_break();
    }

    if (PSA_SUCCESS != psa_hash_update(&hash_operation, payload, sizeof(payload)))
    {
        debugger_break();
    }

    if (PSA_SUCCESS !=
        psa_hash_finish(&hash_operation, &payload_hash[0], sizeof(payload_hash), &payload_hash_len))
    {
        debugger_break();
    }

    /* Sign message using the private key
     * NOTE: The hash argument (payload_hash here) MUST have a size equal to the curve size;
     * i.e. for SECP256R1 the payload size must be 256/8 bytes.
     * Similarly for SECP384R1 the payload size must be 384/8 bytes.
     * nist.fips.186-4: " A hash function that provides a lower security strength than
     * the security strength associated with the bit length of 'n' ordinarily should not be used, since this
     * would reduce the security strength of the digital signature process to a level no greater than that
     * provided by the hash function." */
    if (PSA_SUCCESS !=
        psa_sign_hash(ecc_key_handle, PSA_ALG_ECDSA(PSA_ALG_SHA_256), payload_hash, payload_hash_len, signature1,
                      sizeof(signature1), &signature_length1))
    {
        debugger_break();
    }

    /* Verify the signature1 using the public key */
    if (PSA_SUCCESS !=
        psa_verify_hash(ecc_key_handle, PSA_ALG_ECDSA(PSA_ALG_SHA_256), payload_hash, payload_hash_len, signature1,
                        signature_length1))
    {
        debugger_break();
    }

    /* Export the key. The exported key can then be save to flash for later usage.  */
    if (PSA_SUCCESS !=
        psa_export_key(ecc_key_handle, exportedECC_SECP256R1Key, sizeof(exportedECC_SECP256R1Key),
                       &exportedECC_SECP256R1Keylength))
    {
        debugger_break();
    }

    /* Destroy the key and handle */
    if (PSA_SUCCESS != psa_destroy_key(ecc_key_handle))
    {
        debugger_break();
    }

    /* Import the previously exported key pair */
    if (PSA_SUCCESS !=
        psa_import_key(&attributes, exportedECC_SECP256R1Key, exportedECC_SECP256R1Keylength, &ecc_key_handle))
    {
        debugger_break();
    }

    /* Sign message using the private key */
    if (PSA_SUCCESS !=
        psa_sign_hash(ecc_key_handle, PSA_ALG_ECDSA(PSA_ALG_SHA_256), payload_hash, payload_hash_len, signature2,
                      sizeof(signature2), &signature_length2))
    {
        debugger_break();
    }

    /* Verify signature2 using the public key */
    if (PSA_SUCCESS !=
        psa_verify_hash(ecc_key_handle, PSA_ALG_ECDSA(PSA_ALG_SHA_256), payload_hash, payload_hash_len, signature2,
                        signature_length2))
    {
        debugger_break();
    }

    /* Signatures cannot be compared since ECC signatures vary for the same data unless Deterministic ECC is used which is not supported by the HW.
     * Only the verification operation can be used to validate signatures. */
}

RSA Example

This is an example on using the PSA Crypto API to generate an RSA2048 key, encrypting and decrypting multi-block data and using PKCS7 padding.

#define RSA_2048_BIT_LENGTH       2048
#define RSA_2048_EXPORTED_SIZE    1210

/* The RSA 2048 key pair export in der format is roughly as follows
 * RSA private keys:
 *  RSAPrivateKey ::= SEQUENCE {   ---------------------------------------  1 + 3
 *      version           Version, ---------------------------------------  1 + 1 + 1
 *      modulus           INTEGER, ---------------- n  -------------------  1 + 3 + 256 + 1
 *      publicExponent    INTEGER, ---------------- e  -------------------  1 + 4
 *      privateExponent   INTEGER, ---------------- d  -------------------  1 + 3 + 256 (276 for Wrapped)
 *      prime1            INTEGER, ---------------- p  -------------------  1 + 3 + (256 / 2)
 *      prime2            INTEGER, ---------------- q  -------------------  1 + 3 + (256 / 2)
 *      exponent1         INTEGER, ---------------- d mod (p-1)  ---------  1 + 2 + (256 / 2) (4 for Wrapped)
 *      exponent2         INTEGER, ---------------- d mod (q-1)  ---------  1 + 2 + (256 / 2) (4 for Wrapped)
 *      coefficient       INTEGER, ---------------- (inverse of q) mod p -  1 + 2 + (256 / 2) (4 for Wrapped)
 *      otherPrimeInfos   OtherPrimeInfos OPTIONAL ------------------------ 0 (not supported)
 *  }
 */

uint8_t exportedRSA2048Key[RSA_2048_EXPORTED_SIZE];
size_t  exportedRSA2048Keylength = 0;
void psa_rsa2048_example (void)
{
/* This example generates an RSA2048 keypair, performs signing and verification operations.
 * It then exports the generated key into ASN1 DER format to a RAM array which can then be programmed to flash.
 * It then re-imports that key, and performs signing and verification operations. */

    mbedtls_platform_context ctx        = {0};
    psa_key_handle_t         key_handle = {0};
    unsigned char            payload[]  = "ASYMMETRIC_INPUT_FOR_SIGN";
    unsigned char            signature1[PSA_SIGNATURE_MAX_SIZE] = {0};
    unsigned char            signature2[PSA_SIGNATURE_MAX_SIZE] = {0};
    size_t               signature_length1 = 0;
    size_t               signature_length2 = 0;
    psa_key_attributes_t attributes        = PSA_KEY_ATTRIBUTES_INIT;
    psa_key_attributes_t read_attributes   = PSA_KEY_ATTRIBUTES_INIT;

    if (PSA_SUCCESS != mbedtls_platform_setup(&ctx))
    {
        debugger_break();
    }

    if (PSA_SUCCESS != psa_crypto_init())
    {
        debugger_break();
    }

    /* Set key attributes */
    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT);
    psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_SIGN_RAW);

    /* To use wrapped keys instead of plaintext:
     * - Use PSA_KEY_TYPE_RSA_KEY_PAIR_WRAPPED. */
    psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
    psa_set_key_bits(&attributes, RSA_2048_BIT_LENGTH);

    /* To use persistent keys instead of volatile:
     * -    Use PSA_KEY_LIFETIME_PERSISTENT.
     * -    The file system must be initialized prior to calling the generate/import key functions.
     * -    Refer to the littlefs example to see how to format and mount the filesystem. */
    psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);

    /* Generate RSA 2048 Key pair */
    if (PSA_SUCCESS != psa_generate_key(&attributes, &key_handle))
    {
        debugger_break();
    }

    /* Test the key information */
    if (PSA_SUCCESS != psa_get_key_attributes(key_handle, &read_attributes))
    {
        debugger_break();
    }

    /* Sign message using the private key */
    if (PSA_SUCCESS !=
        psa_sign_hash(key_handle, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, payload, sizeof(payload), signature1,
                      sizeof(signature1), &signature_length1))
    {
        debugger_break();
    }

    /* Verify the signature1 using the public key */
    if (PSA_SUCCESS !=
        psa_verify_hash(key_handle, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, payload, sizeof(payload), signature1,
                        signature_length1))
    {
        debugger_break();
    }

    /* Export the key */
    if (PSA_SUCCESS !=
        psa_export_key(key_handle, exportedRSA2048Key, sizeof(exportedRSA2048Key), &exportedRSA2048Keylength))
    {
        debugger_break();
    }

    /* Destroy the key and handle */
    if (PSA_SUCCESS != psa_destroy_key(key_handle))
    {
        debugger_break();
    }

    /* Import the previously exported key pair */
    if (PSA_SUCCESS != psa_import_key(&attributes, exportedRSA2048Key, exportedRSA2048Keylength, &key_handle))
    {
        debugger_break();
    }

    /* Sign message using the private key */
    if (PSA_SUCCESS !=
        psa_sign_hash(key_handle, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, payload, sizeof(payload), signature2,
                      sizeof(signature2), &signature_length2))
    {
        debugger_break();
    }

    /* Verify signature2 using the public key */
    if (PSA_SUCCESS !=
        psa_verify_hash(key_handle, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, payload, sizeof(payload), signature2,
                        signature_length2))
    {
        debugger_break();
    }

    /* Compare signatures to verify that the same signature was generated */
    if (0 != memcmp(signature2, signature1, signature_length2))
    {
        debugger_break();
    }

    mbedtls_psa_crypto_free();
    mbedtls_platform_teardown(&ctx);
}


/* Generated using "openssl genrsa -out example_private_key.pem 2048" */
const uint8_t RSAKeydata[] = "-----BEGIN RSA PRIVATE KEY-----\n"
                             "MIIEowIBAAKCAQEAplaPU68h4hW/eAlH2hbQl1WjoDT1znCk0O9cnE9lAnB26IUi"
                             "78wUAxuTZSlrlKez9FGGIVbUMTy7dTw0ZBanogrKCaAMaRFz5LRv4I8RQzsDxxqe"
                             "nud9Y6mVRWb9hyutL/yBwDd6jzAwcviAhcatTv0E5wpEJ6ezMDyaiSCbn84hfb0T"
                             "ZPXQVGhmjii3f0FfFWW9ce70qkuwdkvO6HBrOGVi2++b11As+Uh/7pxyOb7wpE7K"
                             "X64nohaCtXgNnV8Hr+LOPQRHEbGTCPOfx1davKEIYFvm8hVxqv20csMD5uc8AJCd"
                             "0cdom13KcOpVXCnrFPNJt0lITOcH/fBzp4xoaQIDAQABAoIBAGc56qKVWeKzempk"
                             "4AlRBUwVYoEGvNDLiQz8rq12fAoCf1iXXvIP5Q90qokqJlBPrtbdTO8dsnuH5BHC"
                             "NgUzJf7i0TUd9PWzVgfFjnR+dMkTM6n5NB0LLf6OfEtguc+L5GOWQXNnOpDn5/lB"
                             "jIj4ng8Z6FP1RAyT/xjdU03sRYfq5OPlDZ8+ck7WwQ8VxSBKsJcZVv+K4r64Vmr1"
                             "MO1zfBYuwafi4oO9Z9x89Iil9GBcYuCvhLvDoWhnTUxlOTfz+Jt+qwlmVimEz6xs"
                             "6ew1Ox7e6SInly3IAXe9E84yP9MDmiGkCrVr8s8GUybZ5t/yeZ3g5lPYSQ/FiuHY"
                             "kvJCH4ECgYEA2IthRDkElOQGqJ9T/LjgcIVLQs0F6i7zZWg6UKv18EmG7uHd6tsZ"
                             "byFfFiBat80rq6q4AUx2OOE7+LI5MxIvgRgLk14WV8H2OKK/lfxOFb6a4feGM7bH"
                             "VdERQSMNeGq0bP9IOPxU1EvFp0Vfv7cfGsQhcAPgA8up61jWREhI+fECgYEAxKVT"
                             "9pKinIwgjsHgmxalaNbnRf+bcqtdS98SB2MuICg8ubcBSrjm4wtGe3oCX/PbM1GV"
                             "FvEDKl4TyeWFIH4MStsyDHYxwoV2C01bBHEtHTYBnjeIShMruIomsG9GeTrNmyzg"
                             "dVdSg5/lxYOxuZSXvfcbyIMsW29ddgeICu9RHfkCgYBaljQibhfUkW+Xqs9fsZdy"
                             "etB5KXuH9AwuJ+P9S3KfCqM/240SaoXBT5yPjQlmSpYyQkCnim0Kbm7AIw56pujo"
                             "gD6Xb4y5OZLfLnYnMF0aC5qPXRTvHU9WPxeQwDEqZrkDv+der3BtPyV4TDU55klE"
                             "0TeLvJNCAzkaExfPiM2+gQKBgQC5ceBYq7hGQa+CcTvLhfO/hsrbrE2AOjLllhx+"
                             "cv3QvaFm0jqZqP20J7H0R/9tVZ7mKo2a8Pa3QbkPsS92kOguv7/XGK+cbhgAWJb4"
                             "/XI6FfA4sM4KbUHR6hbKVGX1dYroR831WsAp+OTK+4LjLEpdj2fYFDwEjmVpJXka"
                             "Ns4coQKBgGESrtpJF7OQG4xcXwR2ZiJESPvMKVmtvxRzDrc9gmoiIIIKx1fimwCv"
                             "RtOz1bQcXMRw21+ZAZpen3ahWh63KC0KxMSNBJTXdczlf2uprVkSPtmAjV4qBgwv"
                             "tqjmP0lnGc9wkJsVvGmMAAfQOWgxs9h/VH/b+6biEkzaaZLOyABV"
                             "-----END RSA PRIVATE KEY-----\n";

/* Expected signature below is calculated using the mbedCrypto software version */
const uint8_t RSAExpectedSignature[256] =
{
    0x25, 0xC0, 0x15, 0x64, 0xD3, 0xF7, 0xC1, 0xB7, 0xA8, 0x9B, 0x56, 0x1C, 0xB5, 0xA4, 0xA5, 0x0D, 0x61, 0x52, 0x32,
    0x0C, 0x4E, 0xE8, 0xCA, 0x4B, 0x9E, 0xA2, 0x4D, 0x35, 0x0E, 0xB1, 0xA1, 0x5B, // NOLINT(readability-magic-numbers)
    0x5B, 0xD8, 0xC1, 0x93, 0x28, 0x60, 0x90, 0x18, 0x37, 0x88, 0x66, 0xD4, 0xED, 0x37, 0x6B, 0xEC, 0x48, 0xFF, 0x3D,
    0xFB, 0x99, 0xB7, 0xEF, 0x3C, 0x8D, 0x25, 0xE9, 0xF3, 0xCF, 0x02, 0x7C, 0x7D, // NOLINT(readability-magic-numbers)
    0xB9, 0x4D, 0x2F, 0x2F, 0x1E, 0x30, 0x48, 0x54, 0x18, 0xE4, 0x51, 0xD5, 0xC1, 0xB7, 0x3B, 0x0D, 0xE4, 0xB4, 0x19,
    0x7B, 0x9B, 0xF4, 0x35, 0x82, 0xCC, 0x91, 0x4C, 0x10, 0xE9, 0xB6, 0xF1, 0x0A, // NOLINT(readability-magic-numbers)
    0x23, 0xEB, 0x7D, 0x51, 0x47, 0x36, 0xFE, 0x13, 0xAF, 0x3C, 0x23, 0x9F, 0x7E, 0xFC, 0xCF, 0x7A, 0x7C, 0x2D, 0xDB,
    0xD9, 0xDA, 0xEB, 0xF7, 0xB5, 0x6B, 0x8D, 0xE0, 0x18, 0x9A, 0x5B, 0xB7, 0x0A, // NOLINT(readability-magic-numbers)
    0xA3, 0x4E, 0xE1, 0xB7, 0xF7, 0xD1, 0x94, 0xD5, 0x7A, 0xD3, 0x27, 0xE2, 0x1F, 0x3A, 0xEB, 0xF0, 0x83, 0x10, 0x52,
    0x51, 0x5F, 0x58, 0xF8, 0x81, 0x42, 0x48, 0x83, 0x2D, 0xF0, 0xA9, 0x7D, 0x79, // NOLINT(readability-magic-numbers)
    0x2B, 0xF1, 0x68, 0xC2, 0x22, 0xC0, 0x0C, 0x72, 0x63, 0x37, 0xBF, 0xEC, 0x72, 0x97, 0xD4, 0xA5, 0x91, 0x2E, 0x1F,
    0xA3, 0x78, 0x9A, 0xCE, 0xFE, 0x27, 0x7F, 0x2B, 0x85, 0x7D, 0x22, 0x2C, 0x0D, // NOLINT(readability-magic-numbers)
    0x1E, 0x10, 0xB7, 0xFF, 0x9A, 0xA7, 0x99, 0xD2, 0xB9, 0x40, 0x53, 0xB3, 0xA9, 0x52, 0x5D, 0xBD, 0xC8, 0x12, 0x8D,
    0x39, 0xD7, 0x97, 0x03, 0xD2, 0x80, 0x21, 0xC3, 0xA7, 0x8B, 0xE3, 0x3D, 0xF0, // NOLINT(readability-magic-numbers)
    0x4D, 0x4C, 0x4D, 0xC4, 0xC7, 0xE5, 0xE4, 0x35, 0x75, 0xAA, 0x45, 0x3B, 0x9C, 0x64, 0xC1, 0x94, 0x6E, 0x15, 0x0A,
    0xE8, 0x84, 0xCD, 0xFC, 0x7A, 0xBC, 0x5C, 0x8C, 0xA8, 0x95, 0x07, 0x79, 0x4E, // NOLINT(readability-magic-numbers)
};

void psa_rsa2048_pem_format_import_example (void)
{
/* This example imports an RSA2048 keypair of PEM format, performs signing and verification operations. */

    mbedtls_platform_context ctx        = {0};
    psa_key_handle_t         key_handle = {0};
    unsigned char            payload[]  = "ASYMMETRIC_INPUT_FOR_SIGN";
    unsigned char            signature[PSA_SIGNATURE_MAX_SIZE] = {0};
    size_t               signature_length = 0U;
    psa_key_attributes_t attributes       = PSA_KEY_ATTRIBUTES_INIT;
    psa_key_attributes_t read_attributes  = PSA_KEY_ATTRIBUTES_INIT;

    if (PSA_SUCCESS != mbedtls_platform_setup(&ctx))
    {
        debugger_break();
    }

    if (PSA_SUCCESS != psa_crypto_init())
    {
        debugger_break();
    }

    /* Set key attributes */
    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
    psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_SIGN_RAW);
    psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
    psa_set_key_bits(&attributes, RSA_2048_BIT_LENGTH);

    /* Import the private key (This includes both the private and public key) */
    mbedtls_pk_context ctx_rsa;
    mbedtls_pk_init(&ctx_rsa);

    /* For keys other than ASN format, mbedtls_pk_parse_key and mbedtls_pk_import_into_psa APIs must be called instead of psa_import_key */

    if (PSA_SUCCESS !=
        mbedtls_pk_parse_key(&ctx_rsa, RSAKeydata, sizeof(RSAKeydata), NULL, 0, mbedtls_psa_get_random,
                             MBEDTLS_PSA_RANDOM_STATE))
    {
        debugger_break();
    }

    if (PSA_SUCCESS != mbedtls_pk_import_into_psa(&ctx_rsa, &attributes, &key_handle))
    {
        debugger_break();
    }

    mbedtls_pk_free(&ctx_rsa);

    /* Test the key information */
    if (PSA_SUCCESS != psa_get_key_attributes(key_handle, &read_attributes))
    {
        debugger_break();
    }

    /* Sign message using the key */
    if (PSA_SUCCESS !=
        psa_sign_hash(key_handle, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, payload, sizeof(payload), signature, sizeof(signature),
                      &signature_length))
    {
        debugger_break();
    }

    if (0 != memcmp(signature, &RSAExpectedSignature, sizeof(RSAExpectedSignature)))
    {
        debugger_break();
    }

    /* Verify the signature */
    if (PSA_SUCCESS !=
        psa_verify_hash(key_handle, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, payload, sizeof(payload), RSAExpectedSignature,
                        sizeof(RSAExpectedSignature)))
    {
        debugger_break();
    }

    /* Destroy the key and handle */
    if (PSA_SUCCESS != psa_destroy_key(key_handle))
    {
        debugger_break();
    }

    mbedtls_psa_crypto_free();
    mbedtls_platform_teardown(&ctx);
}

CHACHA20 Example

This is an example on using the PSA Crypto API to import an ChaCha20 key, encrypting and decrypting single block data.

/* Test vector from http://www.rfc-editor.org/rfc/rfc8439.html#section-2.8.2 */
const uint8_t chacha_key[] =
{
    0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, // NOLINT(readability-magic-numbers)
    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, // NOLINT(readability-magic-numbers)
    0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, // NOLINT(readability-magic-numbers)
    0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f  // NOLINT(readability-magic-numbers)
};

const uint8_t chacha_iv[] =
{
    0x07, 0x00, 0x00, 0x00,                        /* 32-bit common part */
    0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 /* 64-bit IV */
};

const uint8_t chacha_plaintext[] =
{
    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, // NOLINT(readability-magic-numbers)
    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, // NOLINT(readability-magic-numbers)
    0x20, 0x21, 0x22, 0x23                                                                          // NOLINT(readability-magic-numbers)
};

const uint8_t chacha_ciphertext[] =
{
    0x9F, 0x7A, 0xEB, 0x5E, 0x05, 0xF8, 0x46, 0xBD, 0x1D, 0xEB, 0x85, 0xF0, 0x3A, 0x8C, 0x04, 0xA1, // NOLINT(readability-magic-numbers)
    0xD1, 0xD1, 0x9A, 0x2C, 0x1D, 0x14, 0x78, 0xC9, 0xC5, 0x93, 0xCA, 0x9C, 0x49, 0x9F, 0x1D, 0xBA, // NOLINT(readability-magic-numbers)
    0x6E, 0xBF, 0xE9, 0x1B                                                                          // NOLINT(readability-magic-numbers)
};

const uint8_t chacha_mac[] =
{
    0xC8, 0xB3, 0xFA, 0xDC, 0xF9, 0x1F, 0x78, 0x97, // NOLINT(readability-magic-numbers)
    0xCD, 0xD7, 0x54, 0xE2, 0xFC, 0x0B, 0xE1, 0xE5  // NOLINT(readability-magic-numbers)
};

typedef struct import_key_items_symmetric_s
{
    const uint8_t * key;
    size_t          key_size;
    const uint8_t * nonce_iv;          // Nomenclature 'nonce' OR 'iv' depends on the algorithm. Eg: This is Nonce for CCM and IV for GCM.
    size_t          nonce_iv_size;
    const uint8_t * aad;
    size_t          aad_size;
    const uint8_t * mac;
    size_t          mac_size;
    const uint8_t * plaintext;
    size_t          plaintext_size;
    const uint8_t * ciphertext;
    size_t          ciphertext_size;
} import_key_items_symmetric_t;

const import_key_items_symmetric_t chacha_testdata =
{
    chacha_key,
    sizeof(chacha_key),
    chacha_iv,
    sizeof(chacha_iv),
    NULL,
    0,
    chacha_mac,
    16,
    chacha_plaintext,
    sizeof(chacha_plaintext),
    chacha_ciphertext,
    sizeof(chacha_ciphertext),
};

void psa_crypto_chacha20_example (void)
{
    mbedtls_platform_context ctx        = {0};
    psa_key_handle_t         key_handle = 0;
    size_t  encr_len = 0;
    size_t  decr_len = 0;
    uint8_t encrypt[200];              // NOLINT(readability-magic-numbers)
    uint8_t decrypt[200];              // NOLINT(readability-magic-numbers)
    import_key_items_symmetric_t * p_import_key_items = (import_key_items_symmetric_t *) &chacha_testdata;
    psa_key_attributes_t           attributes         = PSA_KEY_ATTRIBUTES_INIT;
    const psa_algorithm_t          alg                = PSA_ALG_STREAM_CIPHER;

    /* Setup the platform; initialize the SCE */
    if (PSA_SUCCESS != mbedtls_platform_setup(&ctx))
    {
        /* Platform initialization failed */
        debugger_break();
    }

    if (PSA_SUCCESS != psa_crypto_init())
    {
        /* PSA Crypto Initialization failed */
        debugger_break();
    }

    /* Set key attributes */
    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
    psa_set_key_algorithm(&attributes, alg);
    psa_set_key_type(&attributes, PSA_KEY_TYPE_CHACHA20);
    psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
    psa_set_key_bits(&attributes, 256); // NOLINT(readability-magic-numbers)

    if (PSA_KEY_LIFETIME_IS_PERSISTENT(PSA_KEY_LIFETIME_VOLATILE))
    {
        psa_set_key_id(&attributes, (psa_key_id_t) 2);
    }

    if (PSA_SUCCESS != psa_import_key(&attributes, p_import_key_items->key, p_import_key_items->key_size, &key_handle))
    {
        debugger_break();
    }

    if (PSA_SUCCESS !=
        psa_cipher_encrypt(key_handle, alg, p_import_key_items->plaintext, p_import_key_items->plaintext_size, encrypt,
                           sizeof(encrypt), &encr_len))
    {
        /* Encryption failed */
        debugger_break();
    }

    if (PSA_SUCCESS != psa_cipher_decrypt(key_handle, alg, encrypt, encr_len, decrypt, sizeof(decrypt), &decr_len))
    {
        /* Decryption failed */
        debugger_break();
    }

    if (p_import_key_items->plaintext_size == decr_len)
    {
        debugger_break();
    }

    if (0 != memcmp(p_import_key_items->plaintext, decrypt, p_import_key_items->plaintext_size))
    {
        debugger_break();
    }

    /* Destroy the key */
    if (PSA_SUCCESS != psa_destroy_key(key_handle))
    {
        /* Destroying the key handle failed */
        debugger_break();
    }
}

CHACHA20-POLY1305 Example

This is an example on using the PSA Crypto API to import an ChaCha20 key, encrypting/decrypting single block data and generates the MAC (authentication tag)

const uint8_t chachapoly_key[] =
{
    0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, // NOLINT(readability-magic-numbers)
    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, // NOLINT(readability-magic-numbers)
    0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, // NOLINT(readability-magic-numbers)
    0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f  // NOLINT(readability-magic-numbers)
};

const uint8_t chachapoly_iv[] =
{
    0x07, 0x00, 0x00, 0x00,                        /* 32-bit common part */
    0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 /* 64-bit IV */
};

const uint8_t chachapoly_plaintext[] =
{
    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, // NOLINT(readability-magic-numbers)
    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, // NOLINT(readability-magic-numbers)
    0x20, 0x21, 0x22, 0x23                                                                          // NOLINT(readability-magic-numbers)
};

const uint8_t chachapoly_ciphertext[] =
{
    0x9F, 0x7A, 0xEB, 0x5E, 0x05, 0xF8, 0x46, 0xBD, 0x1D, 0xEB, 0x85, 0xF0, 0x3A, 0x8C, 0x04, 0xA1, // NOLINT(readability-magic-numbers)
    0xD1, 0xD1, 0x9A, 0x2C, 0x1D, 0x14, 0x78, 0xC9, 0xC5, 0x93, 0xCA, 0x9C, 0x49, 0x9F, 0x1D, 0xBA, // NOLINT(readability-magic-numbers)
    0x6E, 0xBF, 0xE9, 0x1B                                                                          // NOLINT(readability-magic-numbers)
};

const uint8_t chachapoly_mac[] =
{
    0xC8, 0xB3, 0xFA, 0xDC, 0xF9, 0x1F, 0x78, 0x97, // NOLINT(readability-magic-numbers)
    0xCD, 0xD7, 0x54, 0xE2, 0xFC, 0x0B, 0xE1, 0xE5  // NOLINT(readability-magic-numbers)
};

// typedef struct import_key_items_symmetric_s
// {
// const uint8_t * key;
// size_t          key_size;
// const uint8_t * nonce_iv;          // Nomenclature 'nonce' OR 'iv' depends on the algorithm. Eg: This is Nonce for CCM and IV for GCM.
// size_t          nonce_iv_size;
// const uint8_t * aad;
// size_t          aad_size;
// const uint8_t * mac;
// size_t          mac_size;
// const uint8_t * plaintext;
// size_t          plaintext_size;
// const uint8_t * ciphertext;
// size_t          ciphertext_size;
// } import_key_items_symmetric_t;

const import_key_items_symmetric_t chachapoly_testdata =
{
    chachapoly_key,
    sizeof(chachapoly_key),
    chachapoly_iv,
    sizeof(chachapoly_iv),
    NULL,
    0,
    chachapoly_mac,
    16,
    chachapoly_plaintext,
    sizeof(chachapoly_plaintext),
    chachapoly_ciphertext,
    sizeof(chachapoly_ciphertext),
};

void psa_crypto_chachapoly_example (void)
{
    enum
    {
        block_size = 16,
        part_size  = block_size,
    };
    const psa_algorithm_t    alg        = PSA_ALG_CHACHA20_POLY1305;
    mbedtls_platform_context ctx        = {0};
    psa_key_handle_t         key_handle = 0;
    size_t  encr_len = 0;
    size_t  decr_len = 0;
    uint8_t encrypt[200];              // NOLINT(readability-magic-numbers)
    uint8_t decrypt[200];              // NOLINT(readability-magic-numbers)
    import_key_items_symmetric_t * p_import_key_items = (import_key_items_symmetric_t *) &chachapoly_testdata;
    psa_key_attributes_t           attributes         = PSA_KEY_ATTRIBUTES_INIT;

    /* Setup the platform; initialize the SCE */
    if (PSA_SUCCESS != mbedtls_platform_setup(&ctx))
    {
        /* Platform initialization failed */
        debugger_break();
    }

    if (PSA_SUCCESS != psa_crypto_init())
    {
        /* PSA Crypto Initialization failed */
        debugger_break();
    }

    /* Set key attributes */
    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
    psa_set_key_algorithm(&attributes, alg);
    psa_set_key_type(&attributes, PSA_KEY_TYPE_CHACHA20);
    psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
    psa_set_key_bits(&attributes, 256); // NOLINT(readability-magic-numbers)

    if (PSA_KEY_LIFETIME_IS_PERSISTENT(PSA_KEY_LIFETIME_VOLATILE))
    {
        psa_set_key_id(&attributes, (psa_key_id_t) 2);
    }

    if (PSA_SUCCESS != psa_import_key(&attributes, p_import_key_items->key, p_import_key_items->key_size, &key_handle))
    {
        debugger_break();
    }

    if (PSA_SUCCESS !=
        psa_aead_encrypt(key_handle, alg, p_import_key_items->nonce_iv, p_import_key_items->nonce_iv_size, NULL, 0,
                         p_import_key_items->plaintext, p_import_key_items->plaintext_size, encrypt, sizeof(encrypt),
                         &encr_len))
    {
        debugger_break();
    }

    if (p_import_key_items->plaintext_size + p_import_key_items->mac_size != encr_len)
    {
        debugger_break();
    }

    if (0 != memcmp(p_import_key_items->ciphertext, encrypt, p_import_key_items->plaintext_size))
    {
        debugger_break();
    }

    if (0 !=
        memcmp(p_import_key_items->mac, &encrypt[p_import_key_items->plaintext_size], p_import_key_items->mac_size))
    {
        debugger_break();
    }

    if (PSA_SUCCESS !=
        psa_aead_decrypt(key_handle, alg, p_import_key_items->nonce_iv, p_import_key_items->nonce_iv_size, NULL, 0,
                         encrypt, encr_len, decrypt, sizeof(decrypt), &decr_len))
    {
        debugger_break();
    }

    if (p_import_key_items->plaintext_size != decr_len)
    {
        debugger_break();
    }

    if (0 != memcmp(p_import_key_items->plaintext, decrypt, p_import_key_items->plaintext_size))
    {
        debugger_break();
    }

    /* Destroy the key */
    if (PSA_SUCCESS != psa_destroy_key(key_handle))
    {
        debugger_break();
    }
}

ML-KEM Example

This is an example on using the PSA Crypto API to generate an MLKEM-512 key, encapsulating and decapsulating ciphertext.

void psa_mlkem512_keygen_example (void)
{
    mbedtls_platform_context ctx                  = {0};
    size_t               bits                     = PSA_KEY_BITS_ML_KEM_512;
    psa_key_handle_t     key_handle               = 0;
    psa_key_id_t         output_key_handle        = 0;
    psa_key_id_t         decap_output_key_handle  = 0;
    psa_key_attributes_t attributes               = PSA_KEY_ATTRIBUTES_INIT;
    psa_key_attributes_t shared_secret_attributes = PSA_KEY_ATTRIBUTES_INIT;
    uint8_t              ciphertext[PSA_ML_KEM_CIPHERTEXT_SIZE(PSA_KEY_BITS_ML_KEM_512)];
    size_t               ciphertext_len = PSA_ML_KEM_CIPHERTEXT_SIZE(PSA_KEY_BITS_ML_KEM_512);

    /* Setup the platform; initialize the SCE */
    if (PSA_SUCCESS != mbedtls_platform_setup(&ctx))
    {
        /* Platform initialization failed */
        debugger_break();
    }

    if (PSA_SUCCESS != psa_crypto_init())
    {
        /* PSA Crypto Initialization failed */
        debugger_break();
    }

    /* Set key attributes */
    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCAPSULATE | PSA_KEY_USAGE_DECAPSULATE);
    psa_set_key_algorithm(&attributes, PSA_ALG_ML_KEM);
    psa_set_key_type(&attributes, PSA_KEY_TYPE_ML_KEM_KEY_PAIR);
    psa_set_key_bits(&attributes, bits);
    psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);

    if (PSA_SUCCESS != psa_generate_key(&attributes, &key_handle))
    {
        /* Key generation failed */
        debugger_break();
    }

    /* Set key attributes */
    psa_set_key_usage_flags(&shared_secret_attributes, PSA_KEY_USAGE_ENCAPSULATE | PSA_KEY_USAGE_DECAPSULATE);
    psa_set_key_algorithm(&shared_secret_attributes, PSA_ALG_ML_KEM);
    psa_set_key_type(&shared_secret_attributes, PSA_KEY_TYPE_RAW_DATA);
    psa_set_key_bits(&shared_secret_attributes, PSA_BYTES_TO_BITS(PSA_ML_KEM_SHARED_SECRET_SIZE));
    psa_set_key_lifetime(&shared_secret_attributes, PSA_KEY_LIFETIME_VOLATILE);

    if (PSA_SUCCESS !=
        psa_encapsulate(key_handle, PSA_ALG_ML_KEM, &shared_secret_attributes, &output_key_handle, &ciphertext[0],
                        ciphertext_len, &ciphertext_len))
    {
        /* Key encapsulation failed */
        debugger_break();
    }

    if (PSA_SUCCESS !=
        psa_decapsulate(key_handle, PSA_ALG_ML_KEM, &ciphertext[0], ciphertext_len, &shared_secret_attributes,
                        &decap_output_key_handle))
    {
        /* Key decapsulation failed */
        debugger_break();
    }
}

/* Two 32-byte seed values, d and z, concatenated */
uint8_t mlkem_import_keypair[PSA_KEY_EXPORT_ML_KEM_KEY_PAIR_MAX_SIZE] =
{
    0x1E, 0xB4, 0x40, 0x0A, 0x01, 0x62, 0x9D, 0x51, 0x79, 0x74, 0xE2, 0xCD, 0x85, 0xB9, 0xDE, 0xF5, // NOLINT(readability-magic-numbers)
    0x90, 0x82, 0xDE, 0x50, 0x8E, 0x6F, 0x9C, 0x2B, 0x0E, 0x34, 0x1E, 0x12, 0x96, 0x59, 0x55, 0xCA, // NOLINT(readability-magic-numbers)
    0x1A, 0x39, 0x41, 0x11, 0x16, 0x38, 0x03, 0xFE, 0x2E, 0x85, 0x19, 0xC3, 0x35, 0xA6, 0x86, 0x75, // NOLINT(readability-magic-numbers)
    0x56, 0x33, 0x8E, 0xAD, 0xAF, 0xA2, 0x2B, 0x5F, 0xC5, 0x57, 0x43, 0x05, 0x60, 0xCC, 0xD6, 0x93  // NOLINT(readability-magic-numbers)
};

void psa_mlkem512_keypair_import_export_example (void)
{
    mbedtls_platform_context ctx                  = {0};
    size_t               bits                     = PSA_KEY_BITS_ML_KEM_512;
    psa_key_handle_t     key_handle               = 0;
    psa_key_id_t         output_key_handle        = 0;
    psa_key_id_t         decap_output_key_handle  = 0;
    psa_key_attributes_t attributes               = PSA_KEY_ATTRIBUTES_INIT;
    psa_key_attributes_t shared_secret_attributes = PSA_KEY_ATTRIBUTES_INIT;
    uint8_t              ciphertext[PSA_ML_KEM_CIPHERTEXT_SIZE(PSA_KEY_BITS_ML_KEM_512)];
    size_t               ciphertext_len = PSA_ML_KEM_CIPHERTEXT_SIZE(PSA_KEY_BITS_ML_KEM_512);
    uint8_t              export_keypair[PSA_KEY_GEN_ML_KEM_KEY_PAIR_MAX_SIZE(PSA_KEY_BITS_ML_KEM_512)];
    size_t               export_keypair_len = 0;

    /* Setup the platform; initialize the SCE */
    if (PSA_SUCCESS != mbedtls_platform_setup(&ctx))
    {
        /* Platform initialization failed */
        debugger_break();
    }

    if (PSA_SUCCESS != psa_crypto_init())
    {
        /* PSA Crypto Initialization failed */
        debugger_break();
    }

    /* Set key attributes */
    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCAPSULATE | PSA_KEY_USAGE_DECAPSULATE | PSA_KEY_USAGE_EXPORT);
    psa_set_key_algorithm(&attributes, PSA_ALG_ML_KEM);
    psa_set_key_type(&attributes, PSA_KEY_TYPE_ML_KEM_KEY_PAIR);
    psa_set_key_bits(&attributes, bits);
    psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);

    /* Import key pair */
    if (PSA_SUCCESS !=
        psa_import_key(&attributes, &mlkem_import_keypair[0], PSA_KEY_GEN_ML_KEM_KEY_PAIR_MAX_SIZE(bits), &key_handle))
    {
        /* Key generation failed */
        debugger_break();
    }

    /* Set key attributes */
    psa_set_key_usage_flags(&shared_secret_attributes, PSA_KEY_USAGE_ENCAPSULATE | PSA_KEY_USAGE_DECAPSULATE);
    psa_set_key_algorithm(&shared_secret_attributes, PSA_ALG_ML_KEM);
    psa_set_key_type(&shared_secret_attributes, PSA_KEY_TYPE_RAW_DATA);
    psa_set_key_bits(&shared_secret_attributes, PSA_BYTES_TO_BITS(PSA_ML_KEM_SHARED_SECRET_SIZE));
    psa_set_key_lifetime(&shared_secret_attributes, PSA_KEY_LIFETIME_VOLATILE);

    if (PSA_SUCCESS !=
        psa_encapsulate(key_handle, PSA_ALG_ML_KEM, &shared_secret_attributes, &output_key_handle, &ciphertext[0],
                        ciphertext_len, &ciphertext_len))
    {
        /* Key encapsulation failed */
        debugger_break();
    }

    if (PSA_SUCCESS !=
        psa_decapsulate(key_handle, PSA_ALG_ML_KEM, &ciphertext[0], ciphertext_len, &shared_secret_attributes,
                        &decap_output_key_handle))
    {
        /* Key decapsulation failed */
        debugger_break();
    }

    /* Export the key pair */
    if (PSA_SUCCESS !=
        psa_export_key(key_handle, &export_keypair[0], PSA_KEY_GEN_ML_KEM_KEY_PAIR_MAX_SIZE(bits), &export_keypair_len))
    {
        /* Key pair export failed */
        debugger_break();
    }

    /* Make sure the exported key pair matches the imported buffer */
    if (0 != memcmp(mlkem_import_keypair, export_keypair, export_keypair_len))
    {
        /* Exported key does not match imported key */
        debugger_break();
    }
}

ML-DSA Example

This is an example on using the PSA Crypto API to generate an MLDSA-44 key, sign and verify a message.

#define MLDSA_MESSAGE_LEN    512U
static uint8_t mldsa_test_message[MLDSA_MESSAGE_LEN] =
{
    0xF0, 0xA4, 0xA1, 0x8C, 0xCF, 0x98, 0x2E, 0x89, 0x1F, 0x3E, 0x91, 0x73, 0x27, 0x90, 0x1F, 0x73, // NOLINT(readability-magic-numbers)
    0x83, 0x90, 0xE1, 0x7A, 0xB9, 0x5F, 0xF1, 0xFB, 0x7C, 0x76, 0x83, 0x50, 0x38, 0x88, 0x9F, 0x73, // NOLINT(readability-magic-numbers)
    0xAF, 0x0D, 0x24, 0x49, 0x76, 0xDB, 0x62, 0x21, 0x94, 0xFA, 0xDA, 0x41, 0x14, 0x9E, 0x53, 0x4A, // NOLINT(readability-magic-numbers)
    0xCD, 0x96, 0xB9, 0x23, 0x38, 0x52, 0x98, 0x14, 0xEE, 0x18, 0x68, 0x32, 0xB9, 0xC3, 0x83, 0xF9, // NOLINT(readability-magic-numbers)
    0x80, 0xA5, 0x11, 0x7B, 0xDB, 0xED, 0x09, 0x3D, 0xB3, 0x1A, 0xCD, 0x52, 0x73, 0xDF, 0x13, 0xE5, // NOLINT(readability-magic-numbers)
    0xA8, 0x3D, 0x14, 0xBB, 0x82, 0x1F, 0x18, 0xC1, 0x88, 0xFF, 0x36, 0x80, 0x19, 0x16, 0x3C, 0x61, // NOLINT(readability-magic-numbers)
    0x4C, 0x4D, 0x20, 0x27, 0x83, 0xFC, 0x88, 0xE2, 0x52, 0x3C, 0x42, 0x51, 0x14, 0x21, 0x14, 0x25, // NOLINT(readability-magic-numbers)
    0x98, 0x81, 0x48, 0xF5, 0x25, 0xD0, 0x47, 0xA0, 0xCD, 0x95, 0x77, 0x63, 0xCF, 0x5B, 0x79, 0xF6, // NOLINT(readability-magic-numbers)
    0x6B, 0xE1, 0x73, 0x87, 0x04, 0xAC, 0x66, 0xF1, 0x33, 0x39, 0x8B, 0xC9, 0xC0, 0xE5, 0x57, 0x00, // NOLINT(readability-magic-numbers)
    0x63, 0x06, 0xDB, 0x92, 0x0C, 0xA8, 0x43, 0xC0, 0xD5, 0x24, 0xD4, 0xEA, 0xED, 0xBC, 0x1B, 0xDE, // NOLINT(readability-magic-numbers)
    0x05, 0x03, 0x37, 0x6B, 0x22, 0x77, 0x2B, 0x74, 0x14, 0x55, 0x9D, 0x68, 0x90, 0x1C, 0xC5, 0xA1, // NOLINT(readability-magic-numbers)
    0x80, 0x65, 0x20, 0xEB, 0x39, 0x7F, 0xFA, 0xA2, 0x4D, 0x96, 0xFF, 0x2F, 0x20, 0x7B, 0x47, 0xD1, // NOLINT(readability-magic-numbers)
    0xA2, 0x1C, 0xE6, 0x86, 0x87, 0xD7, 0x65, 0x83, 0xF2, 0x15, 0x11, 0x07, 0x4B, 0x90, 0x56, 0xD4, // NOLINT(readability-magic-numbers)
    0x54, 0xF5, 0x65, 0x35, 0x8D, 0xBE, 0xFA, 0xEC, 0x8A, 0xBE, 0x43, 0x88, 0xFB, 0x1D, 0x8A, 0x25, // NOLINT(readability-magic-numbers)
    0x5D, 0xE8, 0xF9, 0xE7, 0xF1, 0x1A, 0x96, 0xE6, 0x9A, 0xAD, 0xA9, 0x34, 0x6C, 0x84, 0x61, 0x90, // NOLINT(readability-magic-numbers)
    0x1E, 0xFA, 0x4D, 0xAA, 0xA1, 0xA4, 0xBA, 0x9B, 0x04, 0xD8, 0xA1, 0x1E, 0xBD, 0x00, 0x31, 0x9B, // NOLINT(readability-magic-numbers)
    0x4A, 0x7D, 0x8B, 0xAC, 0x21, 0x74, 0xCF, 0xA2, 0xA0, 0x06, 0xD9, 0x48, 0x59, 0xFE, 0xC5, 0x2B, // NOLINT(readability-magic-numbers)
    0xDC, 0x01, 0x88, 0x2C, 0xB9, 0xD4, 0xA3, 0xE8, 0x95, 0x1A, 0x5C, 0xC1, 0xBD, 0x36, 0xEC, 0x74, // NOLINT(readability-magic-numbers)
    0xF6, 0x03, 0x33, 0x31, 0xB0, 0x3E, 0x92, 0xA7, 0x27, 0x07, 0x7F, 0x44, 0x8D, 0x4F, 0xB5, 0x60, // NOLINT(readability-magic-numbers)
    0x9A, 0x5E, 0x55, 0xAA, 0x75, 0x28, 0x9F, 0x7D, 0xAF, 0x3B, 0xEA, 0xB3, 0x1C, 0xF7, 0xAA, 0x1F, // NOLINT(readability-magic-numbers)
    0x4B, 0x66, 0x98, 0x0F, 0x5F, 0x5F, 0x8A, 0x31, 0xAC, 0xFE, 0x55, 0x58, 0x52, 0x52, 0x24, 0x7F, // NOLINT(readability-magic-numbers)
    0xCD, 0x78, 0xB9, 0x67, 0x56, 0x38, 0xDB, 0x8E, 0x12, 0x92, 0x91, 0x3A, 0x6F, 0x3E, 0xA5, 0x7C, // NOLINT(readability-magic-numbers)
    0x60, 0xD1, 0x97, 0xB1, 0xCF, 0x83, 0xD8, 0x53, 0xC6, 0xAB, 0xE3, 0x50, 0xB7, 0xB1, 0x10, 0x40, // NOLINT(readability-magic-numbers)
    0x76, 0x5A, 0xF1, 0xC1, 0x74, 0x0A, 0xF1, 0xE3, 0x18, 0x68, 0x92, 0x37, 0xB3, 0x50, 0xDD, 0x8F, // NOLINT(readability-magic-numbers)
    0x4F, 0x0C, 0x0A, 0x63, 0x93, 0x9A, 0xDA, 0xBF, 0x39, 0x2D, 0x71, 0x47, 0x1B, 0xF3, 0xF7, 0xA5, // NOLINT(readability-magic-numbers)
    0xCA, 0x44, 0x8A, 0x4D, 0xCD, 0xF4, 0x89, 0x6A, 0x34, 0x2B, 0x4B, 0xA9, 0x42, 0x12, 0x81, 0x37, // NOLINT(readability-magic-numbers)
    0xF3, 0xFF, 0x44, 0xAE, 0x57, 0xDB, 0x85, 0x00, 0xA7, 0xBF, 0xB6, 0xFD, 0x74, 0x25, 0x0E, 0x63, // NOLINT(readability-magic-numbers)
    0x12, 0xD5, 0x4A, 0x35, 0x88, 0xD0, 0x8E, 0x93, 0xBA, 0x62, 0x3E, 0x18, 0x9B, 0x81, 0x7E, 0xEF, // NOLINT(readability-magic-numbers)
    0x2B, 0xE6, 0x6D, 0x2A, 0x57, 0x09, 0x7B, 0x14, 0x7A, 0x13, 0x1D, 0x5C, 0x88, 0x43, 0xCC, 0x73, // NOLINT(readability-magic-numbers)
    0x43, 0xE6, 0x2B, 0xC0, 0x02, 0xAD, 0x1E, 0x60, 0x29, 0x9B, 0xB7, 0xD2, 0xF0, 0xFF, 0x14, 0xC5, // NOLINT(readability-magic-numbers)
    0x1B, 0x3E, 0x41, 0x41, 0x98, 0x52, 0x4A, 0x3D, 0x96, 0x4C, 0xE2, 0xA6, 0x31, 0xB7, 0x2F, 0x71, // NOLINT(readability-magic-numbers)
    0x34, 0x2E, 0x17, 0xAF, 0x47, 0x99, 0x2E, 0x6C, 0x27, 0x06, 0x7C, 0xA1, 0x47, 0x11, 0x61, 0x5C  // NOLINT(readability-magic-numbers)
};

void psa_mkdsa44_example (void)
{
    mbedtls_platform_context ctx        = {0};
    psa_algorithm_t          alg        = PSA_ALG_HASH_ML_DSA(PSA_ALG_SHAKE256);
    psa_key_handle_t         key_handle = 0;
    psa_key_attributes_t     attributes = PSA_KEY_ATTRIBUTES_INIT;
    size_t  sign_len;
    uint8_t sign[PSA_ML_DSA_SIGNATURE_SIZE(PSA_KEY_BITS_ML_DSA_44)];

    /* Setup the platform; initialize the SCE */
    if (PSA_SUCCESS != mbedtls_platform_setup(&ctx))
    {
        /* Platform initialization failed */
        debugger_break();
    }

    if (PSA_SUCCESS != psa_crypto_init())
    {
        /* PSA Crypto Initialization failed */
        debugger_break();
    }

    /* Set key attributes */
    psa_set_key_usage_flags(&attributes,
                            PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT);
    psa_set_key_algorithm(&attributes, PSA_ALG_HASH_ML_DSA(PSA_ALG_SHAKE256));
    psa_set_key_type(&attributes, PSA_KEY_TYPE_ML_DSA_KEY_PAIR);
    psa_set_key_bits(&attributes, PSA_KEY_BITS_ML_DSA_44);
    psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);

    if (PSA_SUCCESS != psa_generate_key(&attributes, &key_handle))
    {
        /* Key generation failed */
        debugger_break();
    }

    if (PSA_SUCCESS !=
        psa_sign_message(key_handle, alg, mldsa_test_message, sizeof(mldsa_test_message), sign, sizeof(sign),
                         &sign_len))
    {
        /* Key encapsulation failed */
        debugger_break();
    }

    if (PSA_SUCCESS !=
        psa_verify_message(key_handle, alg, mldsa_test_message, sizeof(mldsa_test_message), sign, sign_len))
    {
        /* Key decapsulation failed */
        debugger_break();
    }
}

/* The 32-byte seed value */
uint8_t mldsa_import_keypair[PSA_KEY_EXPORT_ML_DSA_KEY_PAIR_MAX_SIZE] =
{
    0x4B, 0xE7, 0xA0, 0x1A, 0x99, 0xA5, 0xE5, 0xBC, 0xFE, 0x3C, 0x06, 0x78, 0x5D, 0x8E, 0x4E, 0xC6, // NOLINT(readability-magic-numbers)
    0x64, 0x08, 0x22, 0x27, 0xD8, 0x67, 0x04, 0xE9, 0xE4, 0x48, 0x62, 0x62, 0x3A, 0x05, 0xC8, 0xB3, // NOLINT(readability-magic-numbers)
};

void psa_mldsa44_keypair_import_export_example (void)
{
    psa_key_id_t         key_handle = 0;
    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
    uint8_t              sign[PSA_ML_DSA_SIGNATURE_SIZE(PSA_KEY_BITS_ML_DSA_44)] __ALIGNED(4);
    size_t               sign_len;
    uint8_t              public_key[PSA_KEY_GEN_ML_DSA_PUB_KEY_SIZE(PSA_KEY_BITS_ML_DSA_44)];
    size_t               public_key_len = 0;
    psa_algorithm_t      alg            = PSA_ALG_HASH_ML_DSA(PSA_ALG_SHAKE256);

    /* Set key attributes */
    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE);
    psa_set_key_algorithm(&attributes, alg);
    psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
    psa_set_key_type(&attributes, PSA_KEY_TYPE_ML_DSA_KEY_PAIR);
    psa_set_key_bits(&attributes, PSA_KEY_BITS_ML_DSA_44);

    /* Import key pair */
    if (PSA_SUCCESS !=
        psa_import_key(&attributes, &mldsa_import_keypair[0],
                       PSA_KEY_GEN_ML_DSA_KEY_PAIR_MAX_SIZE(PSA_KEY_BITS_ML_DSA_44), &key_handle))
    {
        /* Key import failed */
        debugger_break();
    }

    /* Sign the message */
    if (PSA_SUCCESS !=
        psa_sign_message(key_handle, alg, mldsa_test_message, sizeof(mldsa_test_message), sign, sizeof(sign),
                         &sign_len))
    {
        /* Sign message failed */
        debugger_break();
    }

    /* Verify the signature */
    if (PSA_SUCCESS !=
        psa_verify_message(key_handle, alg, mldsa_test_message, sizeof(mldsa_test_message), sign, sign_len))
    {
        /* Verify message failed */
        debugger_break();
    }

    /* Export public key */
    if (PSA_SUCCESS !=
        psa_export_public_key(key_handle, &public_key[0], PSA_KEY_GEN_ML_DSA_PUB_KEY_SIZE(PSA_KEY_BITS_ML_DSA_44),
                              &public_key_len))
    {
        /* Public key export failed */
        debugger_break();
    }

    /* Destroy key pair */
    if (PSA_SUCCESS != psa_destroy_key(key_handle))
    {
        /* Key destroy failed */
        debugger_break();
    }

    /* Import public key */
    psa_set_key_type(&attributes, PSA_KEY_TYPE_ML_DSA_PUBLIC_KEY);
    if (PSA_SUCCESS != psa_import_key(&attributes, &public_key[0], public_key_len, &key_handle))
    {
        /* Key import failed */
        debugger_break();
    }

    /* Verify signature */
    if (PSA_SUCCESS !=
        psa_verify_message(key_handle, alg, mldsa_test_message, sizeof(mldsa_test_message), sign, sign_len))
    {
        /* Verify message failed */
        debugger_break();
    }
}

Migrating to MbedTLS 3.6.0

MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS macro is disabled by default to handle shared memory in a secure manner. Note that this increases heap memory usage and code size. The macro can be enabled if all buffers passed to any PSA function reside in memory that is accessible only to the PSA function during its execution or if it possible otherwise for the user to conclude that the user buffers passed into PSA are secure from modification. Refer to https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md for more details.

psa_import_key() now only accepts RSA keys in the PSA standard formats. Applications that need other formats like: PKCS#8, SubjectPublicKey, PEM can call mbedtls_pk_parse_{public,}key() followed by mbedtls_pk_import_into_psa().

/* Generated using "openssl genrsa -out example_private_key.pem 2048" */
const uint8_t RSAKeydata[] = "-----BEGIN RSA PRIVATE KEY-----\n"
                             "MIIEowIBAAKCAQEAplaPU68h4hW/eAlH2hbQl1WjoDT1znCk0O9cnE9lAnB26IUi"
                             "78wUAxuTZSlrlKez9FGGIVbUMTy7dTw0ZBanogrKCaAMaRFz5LRv4I8RQzsDxxqe"
                             "nud9Y6mVRWb9hyutL/yBwDd6jzAwcviAhcatTv0E5wpEJ6ezMDyaiSCbn84hfb0T"
                             "ZPXQVGhmjii3f0FfFWW9ce70qkuwdkvO6HBrOGVi2++b11As+Uh/7pxyOb7wpE7K"
                             "X64nohaCtXgNnV8Hr+LOPQRHEbGTCPOfx1davKEIYFvm8hVxqv20csMD5uc8AJCd"
                             "0cdom13KcOpVXCnrFPNJt0lITOcH/fBzp4xoaQIDAQABAoIBAGc56qKVWeKzempk"
                             "4AlRBUwVYoEGvNDLiQz8rq12fAoCf1iXXvIP5Q90qokqJlBPrtbdTO8dsnuH5BHC"
                             "NgUzJf7i0TUd9PWzVgfFjnR+dMkTM6n5NB0LLf6OfEtguc+L5GOWQXNnOpDn5/lB"
                             "jIj4ng8Z6FP1RAyT/xjdU03sRYfq5OPlDZ8+ck7WwQ8VxSBKsJcZVv+K4r64Vmr1"
                             "MO1zfBYuwafi4oO9Z9x89Iil9GBcYuCvhLvDoWhnTUxlOTfz+Jt+qwlmVimEz6xs"
                             "6ew1Ox7e6SInly3IAXe9E84yP9MDmiGkCrVr8s8GUybZ5t/yeZ3g5lPYSQ/FiuHY"
                             "kvJCH4ECgYEA2IthRDkElOQGqJ9T/LjgcIVLQs0F6i7zZWg6UKv18EmG7uHd6tsZ"
                             "byFfFiBat80rq6q4AUx2OOE7+LI5MxIvgRgLk14WV8H2OKK/lfxOFb6a4feGM7bH"
                             "VdERQSMNeGq0bP9IOPxU1EvFp0Vfv7cfGsQhcAPgA8up61jWREhI+fECgYEAxKVT"
                             "9pKinIwgjsHgmxalaNbnRf+bcqtdS98SB2MuICg8ubcBSrjm4wtGe3oCX/PbM1GV"
                             "FvEDKl4TyeWFIH4MStsyDHYxwoV2C01bBHEtHTYBnjeIShMruIomsG9GeTrNmyzg"
                             "dVdSg5/lxYOxuZSXvfcbyIMsW29ddgeICu9RHfkCgYBaljQibhfUkW+Xqs9fsZdy"
                             "etB5KXuH9AwuJ+P9S3KfCqM/240SaoXBT5yPjQlmSpYyQkCnim0Kbm7AIw56pujo"
                             "gD6Xb4y5OZLfLnYnMF0aC5qPXRTvHU9WPxeQwDEqZrkDv+der3BtPyV4TDU55klE"
                             "0TeLvJNCAzkaExfPiM2+gQKBgQC5ceBYq7hGQa+CcTvLhfO/hsrbrE2AOjLllhx+"
                             "cv3QvaFm0jqZqP20J7H0R/9tVZ7mKo2a8Pa3QbkPsS92kOguv7/XGK+cbhgAWJb4"
                             "/XI6FfA4sM4KbUHR6hbKVGX1dYroR831WsAp+OTK+4LjLEpdj2fYFDwEjmVpJXka"
                             "Ns4coQKBgGESrtpJF7OQG4xcXwR2ZiJESPvMKVmtvxRzDrc9gmoiIIIKx1fimwCv"
                             "RtOz1bQcXMRw21+ZAZpen3ahWh63KC0KxMSNBJTXdczlf2uprVkSPtmAjV4qBgwv"
                             "tqjmP0lnGc9wkJsVvGmMAAfQOWgxs9h/VH/b+6biEkzaaZLOyABV"
                             "-----END RSA PRIVATE KEY-----\n";

/* Expected signature below is calculated using the mbedCrypto software version */
const uint8_t RSAExpectedSignature[256] =
{
    0x25, 0xC0, 0x15, 0x64, 0xD3, 0xF7, 0xC1, 0xB7, 0xA8, 0x9B, 0x56, 0x1C, 0xB5, 0xA4, 0xA5, 0x0D, 0x61, 0x52, 0x32,
    0x0C, 0x4E, 0xE8, 0xCA, 0x4B, 0x9E, 0xA2, 0x4D, 0x35, 0x0E, 0xB1, 0xA1, 0x5B, // NOLINT(readability-magic-numbers)
    0x5B, 0xD8, 0xC1, 0x93, 0x28, 0x60, 0x90, 0x18, 0x37, 0x88, 0x66, 0xD4, 0xED, 0x37, 0x6B, 0xEC, 0x48, 0xFF, 0x3D,
    0xFB, 0x99, 0xB7, 0xEF, 0x3C, 0x8D, 0x25, 0xE9, 0xF3, 0xCF, 0x02, 0x7C, 0x7D, // NOLINT(readability-magic-numbers)
    0xB9, 0x4D, 0x2F, 0x2F, 0x1E, 0x30, 0x48, 0x54, 0x18, 0xE4, 0x51, 0xD5, 0xC1, 0xB7, 0x3B, 0x0D, 0xE4, 0xB4, 0x19,
    0x7B, 0x9B, 0xF4, 0x35, 0x82, 0xCC, 0x91, 0x4C, 0x10, 0xE9, 0xB6, 0xF1, 0x0A, // NOLINT(readability-magic-numbers)
    0x23, 0xEB, 0x7D, 0x51, 0x47, 0x36, 0xFE, 0x13, 0xAF, 0x3C, 0x23, 0x9F, 0x7E, 0xFC, 0xCF, 0x7A, 0x7C, 0x2D, 0xDB,
    0xD9, 0xDA, 0xEB, 0xF7, 0xB5, 0x6B, 0x8D, 0xE0, 0x18, 0x9A, 0x5B, 0xB7, 0x0A, // NOLINT(readability-magic-numbers)
    0xA3, 0x4E, 0xE1, 0xB7, 0xF7, 0xD1, 0x94, 0xD5, 0x7A, 0xD3, 0x27, 0xE2, 0x1F, 0x3A, 0xEB, 0xF0, 0x83, 0x10, 0x52,
    0x51, 0x5F, 0x58, 0xF8, 0x81, 0x42, 0x48, 0x83, 0x2D, 0xF0, 0xA9, 0x7D, 0x79, // NOLINT(readability-magic-numbers)
    0x2B, 0xF1, 0x68, 0xC2, 0x22, 0xC0, 0x0C, 0x72, 0x63, 0x37, 0xBF, 0xEC, 0x72, 0x97, 0xD4, 0xA5, 0x91, 0x2E, 0x1F,
    0xA3, 0x78, 0x9A, 0xCE, 0xFE, 0x27, 0x7F, 0x2B, 0x85, 0x7D, 0x22, 0x2C, 0x0D, // NOLINT(readability-magic-numbers)
    0x1E, 0x10, 0xB7, 0xFF, 0x9A, 0xA7, 0x99, 0xD2, 0xB9, 0x40, 0x53, 0xB3, 0xA9, 0x52, 0x5D, 0xBD, 0xC8, 0x12, 0x8D,
    0x39, 0xD7, 0x97, 0x03, 0xD2, 0x80, 0x21, 0xC3, 0xA7, 0x8B, 0xE3, 0x3D, 0xF0, // NOLINT(readability-magic-numbers)
    0x4D, 0x4C, 0x4D, 0xC4, 0xC7, 0xE5, 0xE4, 0x35, 0x75, 0xAA, 0x45, 0x3B, 0x9C, 0x64, 0xC1, 0x94, 0x6E, 0x15, 0x0A,
    0xE8, 0x84, 0xCD, 0xFC, 0x7A, 0xBC, 0x5C, 0x8C, 0xA8, 0x95, 0x07, 0x79, 0x4E, // NOLINT(readability-magic-numbers)
};

void psa_rsa2048_pem_format_import_example (void)
{
/* This example imports an RSA2048 keypair of PEM format, performs signing and verification operations. */

    mbedtls_platform_context ctx        = {0};
    psa_key_handle_t         key_handle = {0};
    unsigned char            payload[]  = "ASYMMETRIC_INPUT_FOR_SIGN";
    unsigned char            signature[PSA_SIGNATURE_MAX_SIZE] = {0};
    size_t               signature_length = 0U;
    psa_key_attributes_t attributes       = PSA_KEY_ATTRIBUTES_INIT;
    psa_key_attributes_t read_attributes  = PSA_KEY_ATTRIBUTES_INIT;

    if (PSA_SUCCESS != mbedtls_platform_setup(&ctx))
    {
        debugger_break();
    }

    if (PSA_SUCCESS != psa_crypto_init())
    {
        debugger_break();
    }

    /* Set key attributes */
    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
    psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_SIGN_RAW);
    psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
    psa_set_key_bits(&attributes, RSA_2048_BIT_LENGTH);

    /* Import the private key (This includes both the private and public key) */
    mbedtls_pk_context ctx_rsa;
    mbedtls_pk_init(&ctx_rsa);

    /* For keys other than ASN format, mbedtls_pk_parse_key and mbedtls_pk_import_into_psa APIs must be called instead of psa_import_key */

    if (PSA_SUCCESS !=
        mbedtls_pk_parse_key(&ctx_rsa, RSAKeydata, sizeof(RSAKeydata), NULL, 0, mbedtls_psa_get_random,
                             MBEDTLS_PSA_RANDOM_STATE))
    {
        debugger_break();
    }

    if (PSA_SUCCESS != mbedtls_pk_import_into_psa(&ctx_rsa, &attributes, &key_handle))
    {
        debugger_break();
    }

    mbedtls_pk_free(&ctx_rsa);

    /* Test the key information */
    if (PSA_SUCCESS != psa_get_key_attributes(key_handle, &read_attributes))
    {
        debugger_break();
    }

    /* Sign message using the key */
    if (PSA_SUCCESS !=
        psa_sign_hash(key_handle, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, payload, sizeof(payload), signature, sizeof(signature),
                      &signature_length))
    {
        debugger_break();
    }

    if (0 != memcmp(signature, &RSAExpectedSignature, sizeof(RSAExpectedSignature)))
    {
        debugger_break();
    }

    /* Verify the signature */
    if (PSA_SUCCESS !=
        psa_verify_hash(key_handle, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, payload, sizeof(payload), RSAExpectedSignature,
                        sizeof(RSAExpectedSignature)))
    {
        debugger_break();
    }

    /* Destroy the key and handle */
    if (PSA_SUCCESS != psa_destroy_key(key_handle))
    {
        debugger_break();
    }

    mbedtls_psa_crypto_free();
    mbedtls_platform_teardown(&ctx);
}

Function Documentation

mbedtls_platform_setup()

int mbedtls_platform_setup

(

mbedtls_platform_context *

ctx

)

This function initializes the SCE and the TRNG. It must be invoked before the crypto library can be used. This implementation is used if MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT is defined.

Example:

    mbedtls_platform_context ctx = {0};

    /* Setup the platform; initialize the SCE and the TRNG */
    if (PSA_SUCCESS != mbedtls_platform_setup(&ctx))

Return values

0	Initialization was successful.
MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED	SCE Initialization error.

mbedtls_platform_teardown()

void mbedtls_platform_teardown

(

mbedtls_platform_context *

ctx

)

This implementation is used if MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT is defined. It is intended to de-initialize any items that were initialized in the mbedtls_platform_setup() function, but currently is only a placeholder function.

Example:

    /* De-initialize the platform. This is currently a placeholder function which does not do anything. */
    mbedtls_platform_teardown(&ctx);

Return values

N/A

RM_PSA_CRYPTO_TRNG_Read()

fsp_err_t RM_PSA_CRYPTO_TRNG_Read	(	uint8_t *const	p_rngbuf,
		uint32_t	num_req_bytes,
		uint32_t *	p_num_gen_bytes
	)

Reads requested length of random data from the TRNG. Generate nbytes of random bytes and store them in p_rngbuf buffer.

Return values

FSP_SUCCESS	Random number generation successful
FSP_ERR_ASSERTION	NULL input parameter(s).
FSP_ERR_CRYPTO_UNKNOWN	An unknown error occurred.

Returns

See Common Error Codes or functions called by this function for other possible return codes. This function calls:

• s_generate_16byte_random_data