You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Mbed TLS is in the process of migrating its cryptography API from “legacy” APIs to PSA Crypto API. The timeline for the transition is:
Mbed TLS 2.28 LTS (the oldest supported version at this time) has PSA API support for every algorithm that OpenThread uses.
Mbed TLS 4.0, currently planned to be released in Q2 2025, will drop support for many of the legacy crypto APIs that OpenThread currently uses.
So OpenThread should add PSA API support within the next year. I don't know if you need to retain legacy APIs for a transition period.
Here are a few tips about the features that OpenThread uses:
You need to call psa_crypto_init() before anything else.
As of Mbed TLS 2.x/3.x, there is no way to use the PSA API without an RNG. This will be possible in Mbed TLS 4.0 by calling psa_crypto_init_subsystem instead of psa_crypto_init.
psa_{sign,verify}_hash functions handle signatures in the fixed-size (r,s) format that OpenThread wants, rather than the ASN.1 format used in the legacy Mbed TLS APIs.
Since Mbed TLS 3.5, PBKDF2-AES-CMAC-128 is available in Mbed TLS, only through the PSA API.
The text was updated successfully, but these errors were encountered:
Mbed TLS is in the process of migrating its cryptography API from “legacy” APIs to PSA Crypto API. The timeline for the transition is:
So OpenThread should add PSA API support within the next year. I don't know if you need to retain legacy APIs for a transition period.
Here are a few tips about the features that OpenThread uses:
psa_crypto_init()
before anything else.psa_crypto_init_subsystem
instead ofpsa_crypto_init
.psa_{sign,verify}_hash
functions handle signatures in the fixed-size (r,s) format that OpenThread wants, rather than the ASN.1 format used in the legacy Mbed TLS APIs.The text was updated successfully, but these errors were encountered: