Overview

This is ARM’s Mbed TLS middleware modified by STMicroelectronics . The cryptography part of Mbed TLS is a reference implementation of the cryptography interface of the ARM Platform Security Architecture (PSA). This is a preview release of Mbed TLS, provided for evaluation purposes only.

Description

This framework is built around applications of cryptographic and storage as described below:

Main Features

  • Cryptographic algorithms and operations with transparent and/or opaque keys

  • Access to storage

  • Access to miscellaneous crypto drivers

  • Useful for TLS communications

It offers two high level interfaces to be used by examples and user applications:

  • PSA Cryptography API (the standard): by ARM, see Platform Security Architecture.

  • Mbed TLS API (deprecated): Native interface, useful for TLS mainly.

The middleware may be optionally augmented with additional elements out of this pack:

  • Dynamic connection to Secure Element (vendor keys)

  • Persistent keys storage

  • ALTernative cryptographic implementations (hardware and/or software)

High level APIs

The high level has two exclusive categories of services through the following APIs:

  • Standardized PSA API: For cryptographic and key management operations, such as:

    • Importing keys (transparent mode)

    • Storing keys persistently

    • Using opaque keys by identifier

    • Accessing crypto drivers

  • Legacy Mbed TLS API: For cryptographic operations with cleartext keys and additional features, including TLS support.

The cryptography library in Mbed TLS is a reference implementation of the cryptography interface of the PSA.

Internal structure

The pack description is proposed with the following components:

  • Core component: It is a foundation component that realizes common operations: memory allocation, data decoding, big numbers arithmetic, debug, constant time functions.

  • Crypto component: It contains software implementations from Mbed™ Crypto.

  • Persistent storage component: It deals with provisioned and/or runtime imported keys that are stored into persistent objects. Some keys can have predefined identifiers and may be dedicated to a Secure Element.

  • Secure Element component: It deals with external secure cryptoprocessors.

Low-level interface

The low-level interface is optional. It is required according to the level of the selection of implementation. It comes with elements defined in CMSIS APIs, the implementations of which are defined out of this pack. These implementations of crypto alternative or crypto drivers can be supported and worked concurrently on the PSA driver API. A unique storage implementation shall exist on ITS.

Consequently, the solution is scalable and can be augmented with other packs for:

  • Dynamic connection to Secure Element (vendor keys)

  • Persistent keys storage

Note

More comprehensive documentation is available on Mbed TLS documentation.