Parsec Operations Coverage

These tables define the current level of coverage in Parsec for the operations and their parameters. Only the operations specified and that have a dedicated page are put in the following table.

Not all parameters (key types, algorithms) of the operation might be supported. See the following sections for details.

Operation \ ProviderCoreMbed CryptoPKCS 11TPM 2.0Trusted ServiceCryptoAuth library
Ping🚫🚫🚫🚫🚫
ListProviders🚫🚫🚫🚫🚫
ListOpcodes🚫🚫🚫🚫🚫
ListAuthenticators🚫🚫🚫🚫🚫
ListKeys🚫🚫🚫🚫🚫
DeleteClient🚫🚫🚫🚫🚫
ListClients🚫🚫🚫🚫🚫
PsaImportKey🚫
PsaGenerateKey🚫
PsaDestroyKey🚫
PsaExportKey🚫
PsaExportPublicKey🚫
PsaHashCompute🚫
PsaHashCompare🚫
PsaMacCompute🚫
PsaMacVerify🚫
PsaCipherEncrypt🚫
PsaCipherDecrypt🚫
PsaAeadEncrypt🚫
PsaAeadDecrypt🚫
PsaSignMessage🚫
PsaVerifyMessage🚫
PsaSignHash🚫
PsaVerifyHash🚫
PsaAsymmetricEncrypt🚫
PsaAsymmetricDecrypt🚫
PsaRawKeyAgreement🚫
PsaGenerateRandom🚫
AttestKey🚫
PrepareKeyAttestation🚫
CanDoCrypto🚫
  • ✅: The provider supports the operation (maybe not all of its parameters, check below).
  • 🚫: The operation is not meant to be implemented on this provider (core operation on a crypto provider or opposite).
  • ❌: The provider does not currently support the operation.

Key types support

This table describe if the following key types are supported for key management operations.

Key type \ ProviderMbed CryptoPKCS 11TPM 2.0Trusted ServiceCryptoAuth library
RawData
Hmac
Derive
Aes
Des
Camellia
Arc4
Chacha20
RsaPublicKey
RsaKeyPair
EccKeyPair
EccPublicKey
DhKeyPair
DhPublicKey

Elliptic curve families

This table describes if the following elliptic curve families are supported. Not all curves from those families might be supported.

ECC Curve Family \ ProviderMbed CryptoPKCS 11TPM 2.0Trusted ServiceCryptoAuth library
SECP-K1
SECP-R1
SECP-R2
SECT-K1
SECT-R1
SECT-R2
Brainpool P R1
FRP
Montgomery

Algorithm support

These tables describe if the following algorithms are supported in all cryptographic operations they could be used in.

Hash algorithms

Algorithm \ ProviderMbed CryptoPKCS 11TPM 2.0Trusted ServiceCryptoAuth library
MD2
MD4
MD5
RIPEMD-160
SHA-1
SHA-224
SHA-256
SHA-384
SHA-512
SHA-512/224
SHA-512/256
SHA3-224
SHA3-256
SHA3-384
SHA3-512

MAC algorithms

Algorithm \ ProviderMbed CryptoPKCS 11TPM 2.0Trusted ServiceCryptoAuth library
HMAC
CBC-MAC
CMAC

Cipher algorithms

Algorithm \ ProviderMbed CryptoPKCS 11TPM 2.0Trusted ServiceCryptoAuth library
Stream Cipher
CTR
CFB
OFB
XTS
ECB with no padding
CBC with no padding
CBCP with PKCS#7 padding

AEAD algorithms

Algorithm \ ProviderMbed CryptoPKCS 11TPM 2.0Trusted ServiceCryptoAuth library
CCM
GCM
ChaCha20-Poly1305

Asymmetric signature algorithms

Algorithm \ ProviderMbed CryptoPKCS 11TPM 2.0Trusted ServiceCryptoAuth library
RSA PKCS#1 v1.5 signature with hashing
Raw PKCS#1 v1.5 signature
RSA PSS signature with hashing
ECDSA signature with hashing
ECDSA signature without hashing
Deterministic ECDSA signature with hashing

Asymmetric encryption algorithms

Algorithm \ ProviderMbed CryptoPKCS 11TPM 2.0Trusted ServiceCryptoAuth library
RSA PKCS#1 v1.5 encryption
RSA OAEP encryption

Key agreement algorithms

Algorithm \ ProviderMbed CryptoPKCS 11TPM 2.0Trusted ServiceCryptoAuth library
FFDH
ECDH

Increasing PSA API coverage

You can help increase the coverage of the PSA Crypto API! See here on how you can contribute.

Copyright 2020 Contributors to the Parsec project.