Hello François,
The following is my understanding, I am not a maintainer but a user of
mbedtls. My response below only addresses a few of your questions.
PSA appears to be bound to what mbedtls currently supports, this does not
include Ed25519 or Ed448 at this time. A pull request is currently open for
this feature development https://github.com/ARMmbed/mbedtls/pull/3245
Further development may be necessary to include those in PSA.
The only implementation of PSA that I know of is one that wraps around
mbedtls.
Best,
Levi
On Wed, Oct 28, 2020 at 9:20 AM François Beerten via mbed-tls <
mbed-tls(a)lists.trustedfirmware.org> wrote:
> Hi everybody,
>
> After reading the PSA Crypto API specs (as on
> https://armmbed.github.io/mbed-crypto/html/overview/functionality.html)
> and looking at the mbed TLS library, a few questions came up.
>
> Is there some repository with the sources of the PSA Crypto API specs
> where one can follow the evolution and eventually send proposals and
> patches ?
>
> A note says "Hash suspend and resume is not defined for the SHA3 family of
> hash algorithms". Why are they not defined for SHA3 ?
>
> How can or should one add support in PSA Crypto AP for not yet defined
> algorithms (for example a KDF) ?
>
> In multipart operations, can the user reuse the input buffers immediately
> after doing an 'update' (for example after psa_hash_update()) ? And can
> he reuse the input buffers immediately after some "setup" functions like
> psa_cipher_set_iv() or psa_aead_set_nonce() ?
>
> Do you plan to support (pure) ED25519 and ED448 only via
> psa_sign_message() and psa_verify_message() ? What about messages in
> multiple chunks ?
>
> In psa_asymmetric_encrypt(), why is the salt provided explicitely.
> Shouldn't it be generated randomly internally when needed ?
>
> With PSA Crypto API, you define a flexible API for cryptographic
> operations. Apparently, other providers could make their own implementation
> of PSA Crypto API. Will mbed TLS then be able to use those alternate PSA
> Crypto API implementations ? How would that work practically ?
>
> Thank you for your attention,
>
> François.
>
>
> --
> mbed-tls mailing list
> mbed-tls(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
>
I make a CA certificate for JITR using BouncyCastle lib in the android app as the below example
And a device certificate is generated by this certificate in mbed_tls. At this time, JITR is not working.
Namely, a device certificate is not registered in AWS.
But In the case of making a ca certificate using OPENSSL, JITR works normally.
Below is CA certificate based BouncyCastle lib.
-----BEGIN CERTIFICATE-----
MIIB8jCCAZegAwIBAgIVAK0ct2HFXVdS/k2NblxYGoxyuabfMAoGCCqGSM49BAMC
MDIxCzAJBgNVBAYTAktSMRAwDgYDVQQKDAdUcnVzdEZpMREwDwYDVQQDDAhtZWdh
em9uZTAeFw0yMDEwMjcwMDAwMDBaFw0zNTAxMDEwMDAwMDBaMDIxCzAJBgNVBAYT
AktSMRAwDgYDVQQKDAdUcnVzdEZpMREwDwYDVQQDDAhtZWdhem9uZTBZMBMGByqG
SM49AgEGCCqGSM49AwEHA0IABEknYdqI3CdVlmMkTmqKS63HnHc5PbyBff1RokGG
6NE6z31ilA8Yt2fGFHIln1kQtx//6stBA1bIqiqsSo8wad6jgYkwgYYwHQYDVR0O
BBYEFBHaQtHvagaDPkpWxQurErTekm2cMB8GA1UdIwQYMBaAFBHaQtHvagaDPkpW
xQurErTekm2cMA8GA1UdEwEB/wQFMAMBAf8wEQYJYIZIAYb4QgEBBAQDAgAHMAsG
A1UdDwQEAwIBBjATBgNVHSUEDDAKBggrBgEFBQcDAzAKBggqhkjOPQQDAgNJADBG
AiEA9HSXn3FpGUYLagsI3qaHz3VicMSuADUz/QBYEKN9STkCIQC+8BX/TPADpPOy
ClmBIkjxdDt0Fh7HTDn9UwBUxYA3/g==
-----END CERTIFICATE-----
-----BEGIN EC PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgU9pUZUfplZyhC+mH
Pt8pthLItdpbJ+Qy47r7gJKTNvCgCgYIKoZIzj0DAQehRANCAARJJ2HaiNwnVZZj
JE5qikutx5x3OT28gX39UaJBhujROs99YpQPGLdnxhRyJZ9ZELcf/+rLQQNWyKoq
rEqPMGne
-----END EC PRIVATE KEY-----
BRs.
Hyunung Park
Hi everybody,
After reading the PSA Crypto API specs (as on
https://armmbed.github.io/mbed-crypto/html/overview/functionality.html)
and looking at the mbed TLS library, a few questions came up.
Is there some repository with the sources of the PSA Crypto API specs
where one can follow the evolution and eventually send proposals and
patches ?
A note says "Hash suspend and resume is not defined for the SHA3 family
of hash algorithms". Why are they not defined for SHA3 ?
How can or should one add support in PSA Crypto AP for not yet defined
algorithms (for example a KDF) ?
In multipart operations, can the user reuse the input buffers
immediately after doing an 'update' (for example after
psa_hash_update()) ? And can he reuse the input buffers immediately
after some "setup" functions like psa_cipher_set_iv() or
psa_aead_set_nonce() ?
Do you plan to support (pure) ED25519 and ED448 only via
psa_sign_message() and psa_verify_message() ? What about messages in
multiple chunks ?
In psa_asymmetric_encrypt(), why is the salt provided explicitely.
Shouldn't it be generated randomly internally when needed ?
With PSA Crypto API, you define a flexible API for cryptographic
operations. Apparently, other providers could make their own
implementation of PSA Crypto API. Will mbed TLS then be able to use
those alternate PSA Crypto API implementations ? How would that work
practically ?
Thank you for your attention,
François.
Hi Frank,
The issue exists because you are downloading a tag and not the release. The 2.16.8 release is available here:
https://github.com/ARMmbed/mbedtls/archive/v2.16.8.tar.gz
Best regards,
Janos
On 28/10/2020, 12:15, "mbed-tls on behalf of Frank Bergmann via mbed-tls" <mbed-tls-bounces(a)lists.trustedfirmware.org on behalf of mbed-tls(a)lists.trustedfirmware.org> wrote:
Hi Gilles,
I noticed that the "double name" does still exist in some archive files:
$ wget -q -O - https://github.com/ARMmbed/mbedtls/archive/mbedtls-2.16.8.tar.gz|tar tzf -|head
mbedtls-mbedtls-2.16.8/
mbedtls-mbedtls-2.16.8/.github/
mbedtls-mbedtls-2.16.8/.github/issue_template.md
mbedtls-mbedtls-2.16.8/.github/pull_request_template.md
mbedtls-mbedtls-2.16.8/.gitignore
mbedtls-mbedtls-2.16.8/.globalrc
mbedtls-mbedtls-2.16.8/.pylintrc
mbedtls-mbedtls-2.16.8/.travis.yml
mbedtls-mbedtls-2.16.8/CMakeLists.txt
mbedtls-mbedtls-2.16.8/CONTRIBUTING.md
cheers,
Frank
On Tue, Aug 04, 2020 at 09:18:56PM +0000, Gilles Peskine via mbed-tls wrote:
[...]
> The naming with mbedtls-mbedtls- must be a bug in our release script.
[...]
--
Frank Bergmann, Pödinghauser Str. 5, D-32051 Herford, Tel. +49-5221-9249753
SAP Hybris & Linux LPIC-3, E-Mail tx2014(a)tuxad.de, USt-IdNr DE237314606
http://tdyn.de/freel -- Redirect to profile at freelancermap
http://www.gulp.de/freiberufler/2HNKY2YHW.html -- Profile at GULP
--
mbed-tls mailing list
mbed-tls(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
Hi Gilles,
I noticed that the "double name" does still exist in some archive files:
$ wget -q -O - https://github.com/ARMmbed/mbedtls/archive/mbedtls-2.16.8.tar.gz|tar tzf -|head
mbedtls-mbedtls-2.16.8/
mbedtls-mbedtls-2.16.8/.github/
mbedtls-mbedtls-2.16.8/.github/issue_template.md
mbedtls-mbedtls-2.16.8/.github/pull_request_template.md
mbedtls-mbedtls-2.16.8/.gitignore
mbedtls-mbedtls-2.16.8/.globalrc
mbedtls-mbedtls-2.16.8/.pylintrc
mbedtls-mbedtls-2.16.8/.travis.yml
mbedtls-mbedtls-2.16.8/CMakeLists.txt
mbedtls-mbedtls-2.16.8/CONTRIBUTING.md
cheers,
Frank
On Tue, Aug 04, 2020 at 09:18:56PM +0000, Gilles Peskine via mbed-tls wrote:
[...]
> The naming with mbedtls-mbedtls- must be a bug in our release script.
[...]
--
Frank Bergmann, Pödinghauser Str. 5, D-32051 Herford, Tel. +49-5221-9249753
SAP Hybris & Linux LPIC-3, E-Mail tx2014(a)tuxad.de, USt-IdNr DE237314606
http://tdyn.de/freel -- Redirect to profile at freelancermap
http://www.gulp.de/freiberufler/2HNKY2YHW.html -- Profile at GULP
Hi Sawyer,
Thank you for your interest in Mbed TLS. Currently the status of these CVE’s is:
- CVE-2020-16150 has been fixed in the latest Mbed TLS release
- CVE-2018-1000520 is not a security issue, it had been studied and rejected
- CVE-2016-3739 is a vulnerability in an application using Mbed TLS but not in Mbed TLS itself, also it too had been fixed.
Does this answer your question?
(Also, I would like to make a minor clarification: we are not Arm Support. As far as I know Arm does not offer official support for Mbed TLS. Arm only contributes engineers to the Mbed TLS project, and at the moment these engineers are the maintainers of Mbed TLS. We are on this mailing list and try to answer questions, but we are not doing that as official support provided by Arm, but as members of the community. Mbed TLS is supported by the community and this mailing list is indeed the right place to get that support. I apologise for the nitpick, I just wanted to make sure that we are not giving the wrong impressions.)
Best regards,
Janos
(Mbed TLS developer)
From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Sawyer Liu via mbed-tls <mbed-tls(a)lists.trustedfirmware.org>
Reply to: Sawyer Liu <sawyer.liu(a)nxp.com>
Date: Wednesday, 28 October 2020 at 01:59
To: "mbed-tls(a)lists.trustedfirmware.org" <mbed-tls(a)lists.trustedfirmware.org>
Subject: [mbed-tls] About mbedtls CVE
Hello ARM Support,
About below CVEs, any update? Thanks.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16150<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre…>
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000520https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3739
Best Regards
Sawyer Liu
Microcontrollers, NXP Semiconductors
From: 박현웅 <hupark(a)ictk.com>
Sent: Wednesday, October 28, 2020 6:21 PM
To: 'mbed-tls(a)lists.trustedfirmware.org.' <mbed-tls(a)lists.trustedfirmware.org.>
Subject: JITR in mbedtls
Hi
I make a certificate using BouncyCastle lib in android app as the below.
JITR is not working.
Namely a device certificate is not registered in aws iot.
In case of making ca certificate using openssl, JITR works normally.
Could you please help me?
-----BEGIN CERTIFICATE-----
MIIB8jCCAZegAwIBAgIVAK0ct2HFXVdS/k2NblxYGoxyuabfMAoGCCqGSM49BAMC
MDIxCzAJBgNVBAYTAktSMRAwDgYDVQQKDAdUcnVzdEZpMREwDwYDVQQDDAhtZWdh
em9uZTAeFw0yMDEwMjcwMDAwMDBaFw0zNTAxMDEwMDAwMDBaMDIxCzAJBgNVBAYT
AktSMRAwDgYDVQQKDAdUcnVzdEZpMREwDwYDVQQDDAhtZWdhem9uZTBZMBMGByqG
SM49AgEGCCqGSM49AwEHA0IABEknYdqI3CdVlmMkTmqKS63HnHc5PbyBff1RokGG
6NE6z31ilA8Yt2fGFHIln1kQtx//6stBA1bIqiqsSo8wad6jgYkwgYYwHQYDVR0O
BBYEFBHaQtHvagaDPkpWxQurErTekm2cMB8GA1UdIwQYMBaAFBHaQtHvagaDPkpW
xQurErTekm2cMA8GA1UdEwEB/wQFMAMBAf8wEQYJYIZIAYb4QgEBBAQDAgAHMAsG
A1UdDwQEAwIBBjATBgNVHSUEDDAKBggrBgEFBQcDAzAKBggqhkjOPQQDAgNJADBG
AiEA9HSXn3FpGUYLagsI3qaHz3VicMSuADUz/QBYEKN9STkCIQC+8BX/TPADpPOy
ClmBIkjxdDt0Fh7HTDn9UwBUxYA3/g==
-----END CERTIFICATE-----
-----BEGIN EC PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgU9pUZUfplZyhC+mH
Pt8pthLItdpbJ+Qy47r7gJKTNvCgCgYIKoZIzj0DAQehRANCAARJJ2HaiNwnVZZj
JE5qikutx5x3OT28gX39UaJBhujROs99YpQPGLdnxhRyJZ9ZELcf/+rLQQNWyKoq
rEqPMGne
-----END EC PRIVATE KEY-----
BRs.
Hyunung Park
Hi Fabian,
Unfortunately https://tls.mbed.org/how-to-get is out of date. As
indicated on https://tls.mbed.org/download, newer releases (since 2.17)
are distributed under Apache license only. Only the long-time support
branches (2.7.x and 2.16.x) still have GPL releases.
--
Gilles Peskine
Mbed TLS developer
On 20/10/2020 14:19, Fabian Keil via mbed-tls wrote:
> Hi,
>
> tls.mbed.org currently sends mixed signals regarding
> the license of future MbedTLS releases.
>
> Quoting https://tls.mbed.org/download:
> | In packaged form, mbed TLS 2.1.0 to mbed TLS 2.16 are
> | available in both an Apache 2.0 licensed version (our
> | primary open source license) and in a GPL 2.0 licensed version.
> |
> | Newer versions will be available under the Apache 2.0 license.
>
> Quoting https://tls.mbed.org/how-to-get:
> | All the current versions of the mbed TLS library are distributed
> | under the Apache 2.0 license and available from our Download area.
> | In addition there are packaged versions of the mbed TLS library
> | that are distributed with the GNU Public License Version 2.0 (GPL v2.0).
> |
> | The Apache-licensed and GPL-licensed versions of mbed TLS are
> | identical in source code (with the exception of the license
> | headers at the top of files).
> |
> | We plan to keep both licensed versions around.
>
> Can anyone estimate when "newer releases" will no longer
> be dual licensed?
>
> We recently added MbedTLS support for Privoxy and a
> MbedTLS license switch from dual license to Apache 2.0
> complicates the license terms.
>
> Thanks
> Fabian
>
Hi Máté,
On 26/10/2020 12:04, Z.Máté via mbed-tls wrote:
> Dear mbedtls mailing list members!
>
> I hope you recieve my message now, previously I had problems posting
> to this list. :(
>
> My first question is actually about the PEM format. As far as I'm
> aware the PEM format either contains the Private key (signalled by the
> ---- BEGIN PRIVATE KEY ---- header) or a public key (---- BEGIN PUBLIC
> KEY -----). In my application I have to work on an app that stores key
> pairs in a special, secure storage solution (Secure Storage of OPTEE
> if you've heard about it). I decided to export the keys in PEM format,
> so that reading and handling them is equal to moving a large string
> buffer around. Using the PEM format, is there a way to store both
> private and public keys in the same "file"? Does mbedtls allow for
> such a solution (does such a solution even exist?).
There are actually several PEM formats. Some private key formats
actually store both the private key and the public key, while others
only store the private key. However, it is always possible to calculate
the public key from the private key. So if you want to have the whole
key pair, just write the private key in any format.
If you have a private key file, you can extract the public key with the
Mbed TLS sample program key_app_writer (untested command line, typed
directly into my mail client):
programs/pkey/key_app_writer mode=private filename=my_private_key.pem
output_mode=public output_file=my_public_key.pem
or with OpenSSL:
openssl pkey -in my_private_key.pem -pubout -out my_public_key.pem
>
> If not, is there a simple way to get the public key from a private key
> object? Does the mbedtls_pk_context, (that parsed up with a private
> key) contain the information needed to export the public key into a
> PEM buffer? As far as I know mbedtls allows for exporting the private
> key and the public key with the functions mbedtls_write_key_pem and
> ...write_pubkey_pem (or something along those lines) does that mean I
> can only export one at a time and there's no way to save the
> information for both into one PEM buffer?
>
> If there's a way to save both private and public keys into one PEM
> file, do I have to parse the private key and public key into separate
> objects then? With parse_key and parse_pubkey? This isn't really a
> problem just clarifying.
Once you have an mbedtls_pk_context, if you want to export both keys to
a file, use mbedtls_write_key_pem(). If you want to have a separate file
that only contains the public key, call mbedtls_write_pubkey_pem() on
the same mbedtls_pk_context.
>
> If you can point me to an actually good description of the PEM format
> and what CAN be stored inside of it, I'd be very grateful! :)
PEM is just an encoding: base64 data between a header and footer. The
base64-encoded data can have several different formats depending on the
header. It can represent a private key (several formats depending on the
header), a public key or a certificate. A complete description is spread
across about half a dozen RFC. Fortunately, I don't think you need to
dig into those.
>
> I also have a question regarding the example SSL server program. In
> it, the server needs a private key and a certificate for obvious
> reasons. It also loads a certificate and as far as I know, the
> certificate has to be tied to a known CA for it to be valid.
>
> I would like to test the program with a self generated key pair, do I
> need to change the Certificate and CAs to a new one as well? To
> authenticate the new keypair? Does the mbedtls ssl_client1 example
> program work with self signed certs? Or do I need to take care of the
> CA validation myself (that would probably beyond the scope of the
> project I'm working on).
The sample program ssl_server does not check the client certificate. The
test program ssl_server2 can check the client certificate: pass the
command line options "auth_mode=required ca_file=my_ca.crt". If you have
a self-signed client certificate, you can pass it as the ca_file.
--
Gilles Peskine
Mbed TLS developer
>
> Thank you in advance!
>
> Yours truly,
> Máté Zombor
>
