Lines Matching refs:a

18 Then use the [summary of API modules](#summary-of-api-modules), the table of contents or a text sea…
24 …oftware.github.io/psa-api/crypto/) is available online. Mbed TLS implements a large subset of the …
36 …n the selected algorithm, whereas in the PSA API, all buffer arguments have a well-defined size an…
37a random generator argument where needed. This has historically been problematic with functions th…
41 * Mbed TLS 2.15.0 (Nov 2018): first release with a draft implementation of the PSA API.
55 By default, the PSA crypto API offers a similar set of cryptographic mechanisms as those offered by…
59 Applications only need to include a single header file:
70 The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiat…
74 …ed TLS functions return a status of type `int`: 0 for success (or occasionally a positive value wh…
76a status of type [`psa_status_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/…
80 …ion calls store this state in a structure allocated by the calling code. For example, multipart op…
84a corresponding macro, generally called `PSA_XXX_OUTPUT_SIZE`, that calculates a sufficient size f…
88a key take a parameter of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/de…
90 To use a key:
92a key object with a key creation function. The two most common ones are [`psa_import_key`](https:/…
98 …e35be8d2852ad3feeef74ac6f75bf). If you need the public key corresponding to a key pair object, cal…
100 Note that a key consumes a key store entry, which is distinct from heap memory, until it is destroy…
112 | `build_info.h` | `MBEDTLS_` | No change (not a crypto API) |
124 | `debug.h` | `mbedtls_debug_` | No change (not a crypto API) |
140 | `memory_buffer_alloc.h` | `mbedtls_memory_buffer_alloc_` | No change (not a crypto API) |
141 | `net_sockets.h` | `mbedtls_net_` | No change (not a crypto API) |
147 | `pkcs7.h` | `mbedtls_pkcs7_` | No change (not a crypto API) |
149 | `platform.h` | `mbedtls_platform_` | No change (not a crypto API) |
150 | `platform_time.h` | `mbedtls_*time*` | No change (not a crypto API) |
151 | `platform_util.h` | `mbedtls_platform_` | No change (not a crypto API) |
161 | `ssl.h` | `mbedtls_ssl_` | No change (not a crypto API) |
162 | `ssl_cache.h` | `mbedtls_ssl_cache_` | No change (not a crypto API) |
163 | `ssl_ciphersuites.h` | `mbedtls_ssl_ciphersuite_` | No change (not a crypto API) |
164 | `ssl_cookie.h` | `mbedtls_ssl_cookie_` | No change (not a crypto API) |
165 | `ssl_ticket.h` | `mbedtls_ssl_ticket_` | No change (not a crypto API) |
166 | `threading.h` | `mbedtls_threading_` | No change (not a crypto API) |
167 | `timing.h` | `mbedtls_timing_` | No change (not a crypto API) |
168 | `version.h` | `mbedtls_version_` | No change (not a crypto API) |
169 | `x509.h` | `mbedtls_x509` | No change (not a crypto API) |
170 | `x509_crl.h` | `mbedtls_x509` | No change (not a crypto API) |
171 | `x509_crt.h` | `mbedtls_x509` | No change (not a crypto API) |
172 | `x509_csr.h` | `mbedtls_x509` | No change (not a crypto API) |
182 The availability of cryptographic mechanisms in the PSA API is based on a systematic pattern:
185 …For parametrized algorithms, there is a `PSA_WANT_` symbol both for the main macro and for each ar…
190 …sic support for the key type, and in particular support for operations with a key of that type for…
191 …* `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_IMPORT` enables support for `psa_import_key` to import a key of …
192 …_KEY_PAIR_GENERATE` enables support for `psa_generate_key` to randomly generate a key of that type.
193 …enables support for `psa_key_derivation_output_key` to deterministically derive a key of that type.
194 …* `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_EXPORT` enables support for `psa_export_key` to export a key of …
196 …Enabling any support for a key pair type automatically enables support for the corresponding publi…
200 Note that all `PSA_WANT_xxx` symbols must be set to a non-zero value. In particular, setting `PSA_W…
202 …gnature with deterministic ECDSA using SHA-256 on the curve secp256r1 using a randomly generated k…
219a mechanism is not enabled by `PSA_WANT_xxx`, Mbed TLS will normally not include it. This allows b…
221 …Note that if a mechanism has a PSA accelerator driver, the corresponding legacy module is typicall…
233 … PSA interface for the same mechanism, only some algorithms support calling a PSA driver from the …
243 …_t`) to a programmer-friendly representation. The conversion doesn't depend on the library configu…
262 * To compare a MAC with a reference value, use `psa_mac_verify` rather than `psa_mac_compute` follo…
267a specific algorithm comes from an argument. There is no special API for a particular block cipher…
273 For modes that are based on a block cipher, the key type encodes the choice of block cipher:
300a non-zero value if the library is built with support for that key type. For each algorithm value …
314 …however that in the PSA API, the size of a _buffer_ is always expressed in bytes, even if that buf…
333 * `mbedtls_cipher_list`: the PSA API does not currently have a discovery mechanism for cryptographi…
335 * `mbedtls_cipher_info_from_string`: there is no equivalent of Mbed TLS's lookup based on a (nonsta…
339 The legacy API and the PSA API have a different organization of operations in several respects:
341a reference to a key object. To perform a cryptographic operation, you must create a key object fi…
345 Here is an overview of the lifecycle of a key object.
347 1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://m…
355 …* If the key is derived from other material (for example from a key exchange), use the [key deriva…
363 1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_ciphe…
366 4. For a one-shot operation, call `mbedtls_cipher_crypt`. To pass the input in multiple parts, call…
369 For a one-shot operation (where the whole plaintext or ciphertext is passed as a single input), the…
371a random IV of the default size (indicated by [`PSA_CIPHER_IV_LENGTH`](https://mbed-tls.readthedoc…
372a specified IV. You can use the macro [`PSA_CIPHER_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthed…
374 For a multi-part operation, the equivalent workflow with the PSA API is as follows:
378a random IV, use [`psa_cipher_generate_iv`](https://mbed-tls.readthedocs.io/projects/api/en/develo…
379 …sizes_8h/#crypto__sizes_8h_1ab1f6598efd6a7dc56e7ad7e34719eb32) to determine a sufficient size for …
380 …pi/file/crypto__sizes_8h/#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE) to determine a sufficient size for …
388 1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_ciphe…
396a single call to `mbedtls_cipher_auth_encrypt_ext` or `mbedtls_cipher_auth_decrypt_ext` for a one-…
398 For a one-shot operation, the PSA API allows you to call a single function:
400a random nonce of the default size (indicated by [`PSA_AEAD_NONCE_LENGTH`](https://mbed-tls.readth…
401a ciphertext with the authentication tag at the end. (If the tag is separate, use the multi-part A…
403 For a multi-part operation, the equivalent workflow with the PSA API is as follows:
407a random nonce, use [`psa_aead_generate_nonce`](https://mbed-tls.readthedocs.io/projects/api/en/de…
409 …/api/file/crypto__sizes_8h/#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE) to determine a sufficient size for …
411 …/api/file/crypto__sizes_8h/#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE) to determine a sufficient size for …
412 …/api/file/crypto__sizes_8h/#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE) to determine a sufficient size for …
418 …bb9d36ba0). Note that you must set the key again with a setup function: the PSA API does not have 
424 … is a MAC API (equivalent to `md.h` for HMAC, and `cmac.h` for CMAC) and a hash API (equivalent to…
426 The PSA API does not have a direct interface for the AES-CMAC-PRF-128 algorithm from RFC 4615 calcu…
430 …es all categories of cryptographic algorithms, not just hashes). PSA offers a similar selection of…
452a generic API with the same functions for all MAC mechanisms. The mechanism is determined by a com…
465a non-zero value if the library is built with support for that key type. For each algorithm value …
498 * `mbedtls_md_list`: the PSA API does not currently have a discovery mechanism for cryptographic me…
500 …, `mbedtls_md_get_name`: there is no equivalent of Mbed TLS's lookup based on a (nonstandard) name.
504a one-shot hash calculation is [`psa_hash_compute`](https://mbed-tls.readthedocs.io/projects/api/e…
506 For a multi-part hash calculation, the legacy process is as follows:
508 1. Create a digest context of type `mbedtls_md_context_t` and initialize it with `mbedtls_md_init`.
527 The legacy API and the PSA API have a different organization of operations in several respects:
529a reference to a key object. To perform a cryptographic operation, you must create a key object fi…
533 Here is an overview of the lifecycle of a key object.
535 1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://m…
539a MAC or [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/developm…
543 …* If the key is derived from other material (for example from a key exchange), use the [key deriva…
549 The process for a HMAC operation in the legacy API is as follows:
551 1. Create a digest context of type `mbedtls_md_context_t` and initialize it with `mbedtls_md_init`.
554 …pected value. Note that this comparison should be in constant time to avoid a side channel vulnera…
557 The process for a CMAC operation in the legacy API is as follows:
559 1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_ciphe…
562 …pected value. Note that this comparison should be in constant time to avoid a side channel vulnera…
565 The process in the PSA API to calculate a MAC is as follows:
568 …hm and the key. See “[MAC key management](#mac-key-management)” for how to obtain a key identifier.
572 To verify a MAC against an expected value, use the following process instead:
575 …hm and the key. See “[MAC key management](#mac-key-management)” for how to obtain a key identifier.
581 The PSA API also offers functions for a one-shot MAC calculation, similar to `mbedtls_cipher_cmac` …
583 …a_c/#group___m_a_c_1gabf02ebd3595ea15436967092b5d52878) to calculate the MAC of a buffer in memory.
584 …_c/#group___m_a_c_1gaf6988545df5d5e2466c34d753443b15a) to verify the MAC of a buffer in memory aga…
586 In both cases, see “[MAC key management](#mac-key-management)” for how to obtain a key identifier.
590 …group___m_a_c_1gacd8dd54855ba1bc0a03f104f252884fd). Note that you must call a setup function to sp…
592 The equivalent of `mbedtls_md_clone` to clone a hash operation is [`psa_hash_clone`](https://mbed-t…
598 ….io/projects/api/en/development/api/group/group__key__derivation/). This is a generic interface us…
601 …tion_1gac0b6a76e45cceb1862752bf041701859) to select the algorithm, which is a value of type [`psa_…
602 …erivation_1gab2d7ce8705dd8e4a093f4b8a21a0c15a) instead for an input that is a PSA key object.) The…
606 …y__derivation_1gada7a6e17222ea9e7a6be6864a00316e1) instead if you want to use a chunk as a PSA key.
611 …kdf2_hmac_ext` can switch to the PSA key derivation API for PBKDF2. This is a generic interface us…
614 …tion_1gac0b6a76e45cceb1862752bf041701859) to select the algorithm, which is a value of type [`psa_…
616 …erivation_1gab2d7ce8705dd8e4a093f4b8a21a0c15a) instead for an input that is a PSA key object.) The…
617 …action step. You may repeat this step to pass the salt in pieces (for example a salt and a pepper).
620 …_derivation_1gada7a6e17222ea9e7a6be6864a00316e1) instead if you want to use a chunk as a PSA key.  
624 The function `mbedtls_pkcs5_pbes2` is only intended as a support function to parse encrypted privat…
634 The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiat…
638 … PSA crypto API and the mbedtls API and you need to pass an RNG argument to a legacy or X.509/TLS …
649 A future version of Mbed TLS will include a PSA interface for configuring entropy sources. This is …
653a dedicated interface for pseudorandom generation. The [key derivation interface](https://mbed-tls…
662 …he two types are identical except when the library is configured for use in a multi-client cryptog…
663 …ifferences in the way the two APIs can be used to create keys or to obtain information about a key.
665 Here is an overview of the lifecycle of a PSA key object.
667 1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://m…
675 …* If the key is derived from other material (for example from a key exchange), use the [key deriva…
689 | Sign a message directly | [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects…
691 | Verify a message directly | [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/proj…
697 …r the available algorithm values for each key type. Normally, a key can only be used with a single…
699a hash algorithm. Sometimes the same key may need to be used to sign messages with multiple differ…
700 …it a second algorithm (or wildcard). This is intended for scenarios where a key is normally used w…
713 …or private-key and public-key operations (there is no separate key type for a private key without …
714 You can always use a private key for operations on the corresponding public key (as long as the pol…
727 …#group__crypto__types_1gad54c03d3b47020e571a72cd01d978cf2) where `curve` is a curve family identif…
729 …` is a curve family identifier. A key with this type can be used both for private-key and public-k…
730 You can always use a private key for operations on the corresponding public key (as long as the pol…
732 A curve is fully determined by a curve family identifier and the private key size in bits. You can …
762 …#group__crypto__types_1gab4f857c4cd56f5fe65ded421e61bcc8c) where `group` is a group family as expl…
764 …2fadc19890cc5d5c) where `group` is a group family as explained below. Due to the design of the API…
766 The PSA API only supports Diffie-Hellman with predefined groups. A group is fully determined by a g…
780 The easiest way to create a key pair object is by randomly generating it with [`psa_generate_key`](…
782 …a0415617443afe42a712027bbb8ad89f0) to select a different public exponent. As of Mbed TLS 3.6.1, se…
784a key object from existing material, use [`psa_import_key`](https://mbed-tls.readthedocs.io/projec…
798 …owing subsection for how to use the PK module for key parsing and construct a PSA key object from …
800 ### Creating a PSA key via PK
804 * Parsing a key in a format with metadata without knowing its type ahead of time.
805 * Parsing a key in a format that the PK module supports, but `psa_import_key` doesn't.
806 * Importing a key which you have in the form of a list of numbers, rather than the binary encoding …
807 * Importing a key with less information than what the PSA API needs, for example an ECC public key …
811 1. First create a PK object with the desired key material.
813     * `PSA_KEY_USAGE_SIGN_HASH` or `PSA_KEY_USAGE_SIGN_MESSAGE` for a key pair used for signing.
814     * `PSA_KEY_USAGE_DECRYPT` for a key pair used for decryption.
815     * `PSA_KEY_USAGE_DERIVE` for a key pair used for key agreement.
816 …* `PSA_KEY_USAGE_VERIFY_HASH` or `PSA_KEY_USAGE_VERIFY_MESSAGE` for a public key pair used for sig…
817     * `PSA_KEY_USAGE_ENCRYPT` for a key pair used for encryption.
820 …_attributes/#group__attributes_1gac03ccf09ca6d36cc3d5b43f8303db6f7) to create a PSA persistent key.
841 This section explains how to use the `ecp.h` API to create an elliptic curve key in a format suitab…
843 You can use this, for example, to import an ECC key in the form of a compressed point by calling `m…
845a private key which is initially in an `mbedtls_ecp_keypair` object. (This includes `mbedtls_ecdsa…
864 The following code snippet illustrates how to import a private key which is initially in an `mbedtl…
891a structure with the attributes of a key, then functions such as [`psa_get_key_type`](https://mbed…
895 …b6c59a36f6) checks the compatibility between a key object and a mechanism. If needed, you can also…
897 ### Exporting a public key or a key pair
899a PSA key pair or public key, call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api…
901 To export a PSA public key or to export the public key of a PSA key pair object, call [`psa_export_…
905 …are implemented, see “[Exposing a PSA key via PK](#exposing-a-psa-key-via-pk)” for ways to use the…
907 #### Exposing a PSA key via PK
909 This section discusses how to use a PSA key in a context that requires a PK object, such as PK form…
911 …nt/api/file/pk_8h/#pk_8h_1ab8e88836fd9ee344ffe630c40447bd08) copies a PSA key into a PK object. Th…
912 …pk_8h_1a2a50247a528889c12ea0ddddb8b15a4e) copies the public part of a PSA key into a PK object. Th…
913a PK object that wraps the PSA key. This functionality is only available when `MBEDTLS_USE_PSA_CRY…
915 …ple code illustrating how to use the PK module to format a PSA public key or the public key of a P…
936 The key must be a key pair allowing the usage `PSA_KEY_USAGE_SIGN_HASH` (see “[Public-key cryptogra…
937 …GNATURE_MAX_SIZE) (similar to `MBEDTLS_PK_SIGNATURE_MAX_SIZE`) to determine a sufficient size for …
941 The key must be a public key (or a key pair) allowing the usage `PSA_KEY_USAGE_VERIFY_HASH` (see “[…
946 See also “[Restartable ECDSA signature](#restartable-ecdsa-signature)” for a restartable variant of…
952 Most signature algorithms involve a hash algorithm. See “[Hash mechanism selection](#hash-mechanism…
966 …roup__crypto__types_1ga7e3ce9f514a227d5ba5d8318870452e3) is a randomized ECDSA signature of a hash…
967 …fc3b22a4) is equivalent to `PSA_ALG_ECDSA`, but does not require specifying a hash as part of the …
968 …up__crypto__types_1ga11da566bcd341661c8de921e2ca5ed03) is a deterministic ECDSA signature of a has…
971 …s not the determinstic variant), so in most cases switching between the two is a compatible change.
983 …ible__hash_1ga79849aaa7004a85d2ffbc4b658a333dd) repeatedly until it returns a status other than `P…
989 …ible__hash_1ga67fe82352bc2f8c0343e231a70a5bc7d) repeatedly until it returns a status other than `P…
1002 …types_1ga4215e2a78dcf834e9a625927faa2a817) uses the “hash” input in lieu of a DigestInfo structure…
1013 …s the salt length to `xxx_ext` legacy functions or using a legacy function that does not have a `s…
1015 …s the salt length to `xxx_ext` legacy functions or using a legacy function that does not have a `s…
1019 …1_v15_encrypt` or `mbedtls_rsa_rsaes_oaep_encrypt` to encrypt a short message (typically a symmetr…
1020 The key must be a public key (or a key pair) allowing the usage `PSA_KEY_USAGE_ENCRYPT` (see “[Publ…
1023 …1_v15_decrypt` or `mbedtls_rsa_rsaes_oaep_decrypt` to decrypt a short message (typically a symmetr…
1024 The key must be a key pair allowing the usage `PSA_KEY_USAGE_DECRYPT` (see “[Public-key cryptograph…
1042 …/#group__crypto__types_1gaa1235dc3fdd9839c6c1b1a9857344c76) where `hash` is a hash algorithm value…
1044 …r MGF1 and to hash the label. The PSA API does not offer a way to choose a different label or a di…
1048 …en it imports a key, and may perform additional checks before performing an operation if needed, s…
1050 … which can be used to check the consistency between a private key and a public key. To perform suc…
1052 * Prepare a key object containing the private key, for example with [`psa_import_key`](https://mbed…
1053 * Prepare a key object containing the public key, for example with [`psa_import_key`](https://mbed-…
1076 The PSA API has a generic interface for key agreement, covering the main use of both `ecdh.h` and `…
1084 …n via an operation context. Thus, to use Diffie-Hellman, you need to create a key object, then per…
1086 Here is an overview of the lifecycle of a key object.
1088 1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://m…
1094 …__crypto__types/#group__crypto__types_1ga0ebbb6f93a05b6511e6f108ffd2d1eb4) for a raw key agreement.
1095 …pes_1ga78bb81cffb87a635c247725eeb2a2682) if the key will be used as part of a key derivation, wher…
1097         * `kdf` is a key derivation algorithm.
1100 …ndom_1ga1985eae417dfbccedf50d5fff54ea8c5) to generate a random key. This is normally the case for 
1106 #### Performing a key agreement
1109 …t/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) to determine a sufficient size for …
1112 …ile/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) to determine a sufficient size for …
1114 …aw_key_agreement` to use the resulting shared secret as the secret input to a key derivation. See …
1116 #### Translating a legacy key agreement contextless workflow
1118 A typical workflow for ECDH using the legacy API without a context object is:
1127 …en_public` on `grp`, `our_priv` (output) and `our_pub` (output) to generate a key pair and retriev…
1129 …), `their_pub` and `our_priv`. Use the raw shared secret `z`, typically, to construct a shared key.
1135     * `psa_key_id_t our_key`: a handle to our key pair;
1137 …* `our_pub`: a buffer of size [`PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, bits)`](https://mbed-t…
1138 …* `their_pub`: a buffer of the same size, to hold the peer's key. This can be the same as `our_pub…
1139a buffer of size [`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, bits)`](https://mbed-tls.readthedoc…
1141 …7dfbccedf50d5fff54ea8c5) on `attributes` and `our_key` (output) to generate a key pair, then [`psa…
1144 …` to use the shared secret directly in a key derivation operation (see “[Performing a key agreemen…
1147 Steps 4–6 are only performed once for a "true" ephemeral Diffie-Hellman. They may be repeated multi…
1149 #### Translating a legacy ephemeral key agreement TLS server workflow
1151 The legacy API offers the following workflow for an ephemeral Diffie-Hellman key agreement in a TLS…
1154 …1. Initialize a context of type `mbedtls_ecdh_context` or `mbedtls_dhm_context` with `mbedtls_ecdh…
1156 …ke_params` or `mbedtls_dhm_make_params` to generate our key pair and obtain a TLS ServerKeyExchang…
1167     3. Format a ServerKeyExchange message containing the curve/group selection and our public key.
1171 …` to use the shared secret directly in a key derivation operation (see “[Performing a key agreemen…
1174 #### Translating a legacy ephemeral key agreement TLS client workflow
1176 …reement in a TLS 1.2 client. The PSA version of this workflow can also be used with other protocol…
1178 1. Upon reception of a TLS ServerKeyExchange message received from the peer, which encodes the sele…
1179 …1. Initialize a context of type `mbedtls_ecdh_context` or `mbedtls_dhm_context` with `mbedtls_ecdh…
1188 1. Upon reception of a TLS ServerKeyExchange message received from the peer, which encodes the sele…
1189 …roup and use this to determine a PSA key type (`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)` or `PSA_KEY_TYPE…
1194 …` to use the shared secret directly in a key derivation operation (see “[Performing a key agreemen…
1212 …for example to derive multiple values independently), call `psa_raw_key_agreement` and make a copy.
1219 …e PSA API. It will be added under the name “interruptible key agreement” in a future version of th…
1223 #### Information about a curve
1225 …legacy API identifies a curve by an `MBEDTLS_ECP_DP_xxx` value of type `mbedtls_ecp_group_id`. The…
1243 * Retrieving the parameters of a curve from the fields of an `mbedtls_ecp_group` structure.
1247 The PSA API does not currently have a discovery mechanism for cryptographic mechanisms (although on…
1267 …bedtls_ecdsa_can_do` and `mbedtls_ecdh_can_do` to query the capabilities of a curve at runtime. Ch…
1273 The PSA API is a cryptography API, not an arithmetic API. As a consequence, there is no PSA equival…
1276 * Manipulation of key pairs as such, with a bridge to bignum arithmetic (`mbedtls_ecp_keypair` type…
1286a high-security environment: use the opaque driver interface. This is mostly transparent to user c…
1292 …enerator both for randomized algorithms and to generate blinding values. As a consequence, none of…
1298 …t_raw` followed by `mbedtls_rsa_complete`. See “[Importing a PK key by wrapping](#importing-a-pk-k…
1300a key. You can export the whole key with `psa_export_key`, or with `psa_export_public_key` to expo…
1302 …ent of `mbedtls_rsa_copy`. (There is a function `psa_copy_key`, but it is only useful to make a co…
1318 Please note a few differences between the two APIs: the legacy API is geared towards the use of EC-…
1320 …and offers more flexibility in message ordering. Where the legacy API makes a single function call…
1322 …derivation specified by TLS 1.2 to the shared secret. With the PSA API, use a key derivation with …