Can't use ECDHE_RSA w/o MBEDTLS_LEGACY_CRYPTO_C

Question

To use ECDHE_RSA you need to enable the following Kconfig symbol: 
 Name: MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
Prompt: ECDHE RSA
Prompt: ECDHE-RSA based ciphersuite modes
Prompt: ECDHE-RSA based ciphersuite modes
Type: bool
Value: n

Direct dependencies (=n):
MBEDTLS_HAS_CIPHER_MODE_CIPHERSUITE_REQUIREMENTS(=y) && MBEDTLS_HAS_ECDH_CIPHERSUITE_REQUIREMENTS(=y) && MBEDTLS_HAS_RSA_CIPHERSUITE_REQUIREMENTS(=n) && MBEDTLS_TLS_LIBRARY(=y) && NRF_SECURITY(=y) (=n)
|| (MBEDTLS_PKCS1_V15(=n) || MBEDTLS_PKCS1_V21(=n)) && MBEDTLS_ECDH_C(=n) && !(NRF_SECURITY(=y) || NORDIC_SECURITY_BACKEND(=n)) && MBEDTLS_BUILTIN(=n) && MBEDTLS_CFG_FILE(=nrf-config.h) = "config-mbedtls.h" && MBEDTLS(=y) (=n)
|| (MBEDTLS_PKCS1_V15(=n) || MBEDTLS_PKCS1_V21(=n)) && MBEDTLS_ECDH_C(=n) && !(NRF_SECURITY(=y) || NORDIC_SECURITY_BACKEND(=n)) && MBEDTLS_BUILTIN(=n) && MBEDTLS_CFG_FILE(=nrf-config.h) = "config-mbedtls.h" && MBEDTLS(=y) && 0 (=n) 
 This symbol depends on MBEDTLS_HAS_RSA_CIPHERSUITE_REQUIREMENTS :

Name: MBEDTLS_HAS_RSA_CIPHERSUITE_REQUIREMENTS
Type: bool
Value: n

Direct dependencies (=n):
MBEDTLS_RSA_C(=n)
&& MBEDTLS_PKCS1_V15(=n)
&& MBEDTLS_TLS_LIBRARY(=y)
&& NRF_SECURITY(=y) 
 This symbol depends on MBEDTLS_RSA_C :

Name: MBEDTLS_RSA_C
Prompt: RSA - Rivest-Shamir-Adleman cryptosystem
Prompt: RSA base support
Prompt: RSA base support
Type: bool
Value: n

Help:

Enable RSA cryptosystem support.
MBEDTLS_RSA_C setting in mbed TLS config file.

Direct dependencies (=n):
OPENTHREAD(=n)
|| MBEDTLS_LEGACY_CRYPTO_C(=n) && NRF_SECURITY(=y) (=n)
|| MBEDTLS_BUILTIN(=n) && MBEDTLS_CFG_FILE(=nrf-config.h) = "config-mbedtls.h" && MBEDTLS(=y) (=n)
|| MBEDTLS_BUILTIN(=n) && MBEDTLS_CFG_FILE(=nrf-config.h) = "config-mbedtls.h" && MBEDTLS(=y) && 0 (=n) 
 Which depends on MBEDTLS_LEGACY_CRYPTO_C . 
 I saw a similar post created about this nRF9160: Offloaded sockets can't use MBEDTLS_USE_PSA_CRYPTO with RSA Certificates 
 However, this affects not only nRF91xx, but also nRF54Lx and potentially other device series. 
 Question: If I enable MBEDTLS_LEGACY_CRYPTO_C is it going to use it only for RSA (& won't use the PSA API) or for everything else too? 
 We can compare this with MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED : 
 
 Name: MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Prompt: ECDHE ECDSA
Prompt: ECDHE-ECDSA based ciphersuite modes
Prompt: ECDHE-ECDSA based ciphersuite modes
Type: bool
Value: y

Direct dependencies (=y):
MBEDTLS_HAS_CIPHER_MODE_CIPHERSUITE_REQUIREMENTS(=y) && MBEDTLS_HAS_ECDH_CIPHERSUITE_REQUIREMENTS(=y) && MBEDTLS_HAS_ECDSA_CIPHERSUITE_REQUIREMENTS(=y) && MBEDTLS_TLS_LIBRARY(=y) && NRF_SECURITY(=y) (=y)
|| ((MBEDTLS_ECDH_C(=n) && MBEDTLS_ECDSA_C(=n)) || (PSA_WANT_ALG_ECDH(=y) && PSA_WANT_ALG_ECDSA(=y))) && !(NRF_SECURITY(=y) || NORDIC_SECURITY_BACKEND(=n)) && MBEDTLS_BUILTIN(=n) && MBEDTLS_CFG_FILE(=nrf-config.h) = "config-mbedtls.h" && MBEDTLS(=y) (=n)
|| ((MBEDTLS_ECDH_C(=n) && MBEDTLS_ECDSA_C(=n)) || (PSA_WANT_ALG_ECDH(=y) && PSA_WANT_ALG_ECDSA(=y))) && !(NRF_SECURITY(=y) || NORDIC_SECURITY_BACKEND(=n)) && MBEDTLS_BUILTIN(=n) && MBEDTLS_CFG_FILE(=nrf-config.h) = "config-mbedtls.h" && MBEDTLS(=y) && 0 (=n) 
 
 Name: MBEDTLS_HAS_ECDSA_CIPHERSUITE_REQUIREMENTS
Type: bool
Value: y

Direct dependencies (=y):
(MBEDTLS_ECP_C(=n) && MBEDTLS_ECDSA_C(=n) && MBEDTLS_SHA256_C(=n)) || (PSA_WANT_ALG_ECDSA(=y) && PSA_WANT_ALG_SHA_256(=y) && MBEDTLS_USE_PSA_CRYPTO(=y)) (=y)
&& MBEDTLS_TLS_LIBRARY(=y)
&& NRF_SECURITY(=y) 
 We can see it's possible to have a combination of options that enable this Kconfig symbol: 
 (PSA_WANT_ALG_ECDSA(=y) && PSA_WANT_ALG_SHA_256(=y) && MBEDTLS_USE_PSA_CRYPTO(=y)) (=y)

Frank Audun Kvamtrø · Accepted Answer

1. TLS/DTLS and X.509 making use of RSA requires legacy configurations (Configurations with suffix _C, like MBEDTLS_RSA_C). Support for elliptic curves is better (ECDSA and ECDH). This changes with Mbed TLS 4.0.0 (and TF-PSA-Crypto 1.0.0) when that is introduced in Zephyr and nRF Connect SDK. 2. Mbed TLS will favor PSA crypto APIs when enabled for as much as possible in TLS/DTLS and X.509. You are not required to enable legacy features as long as check_config.h doesn't complain. The code in TLS/DTLS and X.509 is shaped so that PSA crypto API is called first, and legacy APIs are only used as a SW fallback 
 As an example (ECDSA and ECDHE) is dependent on MBEDTLS_CAN_ECDH and MBEDTLS_PK_CAN_ECDSA_SIGN: 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ ( !defined(MBEDTLS_CAN_ECDH) || \ !defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" #endif /* Helper symbol to state that there is support for ECDH, either through * library implementation (ECDH_C) or through PSA. */ #if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \ (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)) #define MBEDTLS_CAN_ECDH #endif /* PK module can achieve ECDSA functionalities by means of either software * implementations (ECDSA_C) or through a PSA driver. The following defines * are meant to list these capabilities in a general way which abstracts how * they are implemented under the hood. */ #if !defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_ECDSA_C) #define MBEDTLS_PK_CAN_ECDSA_SIGN #define MBEDTLS_PK_CAN_ECDSA_VERIFY #endif /* MBEDTLS_ECDSA_C */ #else /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(PSA_WANT_ALG_ECDSA) #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) #define MBEDTLS_PK_CAN_ECDSA_SIGN #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */ #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #define MBEDTLS_PK_CAN_ECDSA_VERIFY #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ #endif /* PSA_WANT_ALG_ECDSA */ #endif /* MBEDTLS_USE_PSA_CRYPTO */

Can't use ECDHE_RSA w/o MBEDTLS_LEGACY_CRYPTO_C

Top Replies