Parsec Operations Coverage

These tables define the current level of coverage in Parsec for the operations and their parameters. Only the operations specified and that have a dedicated page are put in the following table.

Not all parameters (key types, algorithms) of the operation might be supported. See the following sections for details.

Operation	Core provider	Mbed Crypto provider	PKCS 11 provider	TPM 2.0 provider
Ping	✅	❌	❌	❌
ListProviders	✅	❌	❌	❌
ListOpcodes	✅	❌	❌	❌
ListAuthenticators	✅	❌	❌	❌
ListKeys	✅	❌	❌	❌
DeleteClient*	✅	❌	❌	❌
ListClients*	✅	❌	❌	❌
PsaImportKey	❌	✅	✅	✅
PsaGenerateKey	❌	✅	✅	✅
PsaDestroyKey	❌	✅	✅	✅
PsaExportKey	❌	✅	❌	❌
PsaExportPublicKey	❌	✅	✅	✅
PsaHashCompute	❌	✅	❌	❌
PsaHashCompare	❌	✅	❌	❌
PsaMacCompute	❌	❌	❌	❌
PsaMacVerify	❌	❌	❌	❌
PsaCipherEncrypt	❌	❌	❌	❌
PsaCipherDecrypt	❌	❌	❌	❌
PsaAeadEncrypt	❌	✅	❌	❌
PsaAeadDecrypt	❌	✅	❌	❌
PsaSignMessage	❌	❌	❌	❌
PsaVerifyMessage	❌	❌	❌	❌
PsaSignHash	❌	✅	✅	✅
PsaVerifyHash	❌	✅	✅	✅
PsaAsymmetricEncrypt	❌	✅	✅	✅
PsaAsymmetricDecrypt	❌	✅	✅	✅
PsaRawKeyAgreement	❌	✅	❌	❌
PsaGenerateRandom	❌	✅	❌	❌

* Admin operation

Key types support

This table describe if the following key types are supported for key management operations.

Key type	Mbed Crypto provider	PKCS 11 provider	TPM 2.0 provider
RawData	✅	❌	❌
Hmac	❌	❌	❌
Derive	❌	❌	❌
Aes	✅	❌	❌
Des	❌	❌	❌
Camellia	✅	❌	❌
Arc4	❌	❌	❌
Chacha20	✅	❌	❌
RsaPublicKey	✅	✅	✅
RsaKeyPair	✅	✅	✅
EccKeyPair	✅	❌	✅
EccPublicKey	✅	❌	✅
DhKeyPair	✅	❌	❌
DhPublicKey	✅	❌	❌

Elliptic curve families

This table describes if the following elliptic curve families are supported.

ECC Curve Family	Mbed Crypto provider	PKCS 11 provider	TPM 2.0 provider
SECP-K1	✅	❌	❌
SECP-R1	✅	❌	✅
SECP-R2	✅	❌	❌
SECT-K1	✅	❌	❌
SECT-R1	✅	❌	❌
SECT-R2	✅	❌	❌
Brainpool P R1	✅	❌	❌
FRP	✅	❌	❌
Montgomery	✅	❌	❌

Algorithm support

These tables describe if the following algorithms are supported in all cryptographic operations they could be used in.

Hash algorithms

Algorithm	Mbed Crypto provider	PKCS 11 provider	TPM 2.0 provider
MD2	✅	❌	❌
MD4	✅	❌	❌
MD5	✅	❌	❌
RIPEMD-160	✅	❌	❌
SHA-1	✅	✅	✅
SHA-224	✅	❌	❌
SHA-256	✅	✅	✅
SHA-384	✅	✅	✅
SHA-512	✅	✅	✅
SHA-512/224	✅	❌	❌
SHA-512/256	✅	❌	❌
SHA3-224	✅	❌	❌
SHA3-256	✅	❌	✅
SHA3-384	✅	❌	✅
SHA3-512	✅	❌	✅

MAC algorithms

Algorithm	Mbed Crypto provider	PKCS 11 provider	TPM 2.0 provider
HMAC	❌	❌	❌
CBC-MAC	❌	❌	❌
CMAC	❌	❌	❌

Cipher algorithms

Algorithm	Mbed Crypto provider	PKCS 11 provider	TPM 2.0 provider
Stream Cipher	❌	❌	❌
CTR	❌	❌	❌
CFB	❌	❌	❌
OFB	❌	❌	❌
XTS	❌	❌	❌
ECB with no padding	❌	❌	❌
CBC with no padding	❌	❌	❌
CBCP with PKCS#7 padding	❌	❌	❌

AEAD algorithms

Algorithm	Mbed Crypto provider	PKCS 11 provider	TPM 2.0 provider
CCM	✅	❌	❌
GCM	✅	❌	❌
ChaCha20-Poly1305	✅	❌	❌

Asymmetric signature algorithms

Algorithm	Mbed Crypto provider	PKCS 11 provider	TPM 2.0 provider
RSA PKCS#1 v1.5 signature with hashing	✅	✅	✅
Raw PKCS#1 v1.5 signature	❌	❌	❌
RSA PSS signature with hashing	❌	✅	❌
ECDSA signature with hashing	❌	❌	✅
ECDSA signature without hashing	❌	❌	❌
Deterministic ECDSA signature with hashing	❌	❌	❌

Asymmetric encryption algorithms

Algorithm	Mbed Crypto provider	PKCS 11 provider	TPM 2.0 provider
RSA PKCS#1 v1.5 encryption	✅	✅	✅
RSA OAEP encryption	✅	✅	✅

Key agreement algorithms

Algorithm	Mbed Crypto provider	PKCS 11 provider	TPM 2.0 provider
FFDH	✅	❌	❌
ECDH	✅	❌	❌

Increasing PSA API coverage

You can help increase the coverage of the PSA Crypto API! See here on how you can contribute.

The Parsec Book