MbedTLS TLS handshake on FreeRTOS - PSA Crypto enabled (SE) but not used during client step 8


The Setup

I have a board that has a crypto processor and MbedTLS 2.25.0.
I have a SE (secure element) connected to it.

I am allowing hardware acceleration and PSA crypto API inside mbedtls_config.h

I registered my SE driver before calling psa_crypto_init().

The board connects to a web server and performs TLS handshake with the forced cipher MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256.

The issue

The handshake fails during the step 8 when generating EC private key for ECDHE exchange.
I have tracked the issue through debug and it unfolded as follows inside ssl_write_client_key_exchange():

  • We enter the PSA crypto code from the pre-processor directives.
  • We set the key attributes after initializing them to 0. (here usage_flags, algorithm, type and bits field are set but lifetime is still 0 from init at this point, this will count later on)
  • The next function psa_generate_key() fails.

In depth

When inside the psa_generate_key() function, we start the key creation inside psa_start_key_creation().
But here, when validating the attributes of the key in psa_validate_key_attributes(), we are not able to rely on the SE to store the key due to it being volatile (lifetime is still 0).

From there the program keeps going until trying to generate the key with the crypto processor from the board which does not support this type of key and returns unsupported error.

Main question

Since the lifetime is forced to be representing a volatile key and since the driver for the SE is not called except for persistent ones, i cannot do this cryptographic step using the SE. Is the generation of the volatile key at this step meant to be handled by the MbedTLS library (software or hardware) and not by the PSA Crypto API (SE) due to the key being volatile ?


I can pass the handshake when disabling hardware acceleration and using the software for cryptographic steps, but in this case i am not using the SE for them. Should the SE only be used to store the client certificate for mTLS case ?

I’ll be happy to send more details if needed,
Thank you in advance !