March 2024 - mbed-tls - lists.trustedfirmware.org

by Satya Prakash Prasad

Hi, Please also let me know the features of PSA in MbedTLS. I found this related document - https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/. Is PSA related to Platform Security Architecture or is related to TLS security? How will the inclusion and non-inclusion of PSA will differ in terms of security? Thanks in advance. Regards, Prakash

8 months, 1 week

2
3
0 0

Build bignum module only

by Liu Blade

Hello, Bignum is a very useful feature in Mbedtls, which is a part to libmbedcrypto.a. I want to build this module only as a standalone static library. However, I find it's difficult to modify CMakelists.txt to do this. I appreciate your suggestions. Blade

8 months, 1 week

2
1
0 0

Unable to build 3.5.2 without PSA

by Satya Prakash Prasad

Hi, I am trying to compile MbedTLS 3.5.2 release without PSA but get below error message: mbedtls/check_config.h:62:2: #error "MBEDTLS_ECP_DP_BP256R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:66:2: #error "MBEDTLS_ECP_DP_BP384R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:70:2: #error "MBEDTLS_ECP_DP_BP512R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:74:2: #error "MBEDTLS_ECP_DP_CURVE25519_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:78:2: #error "MBEDTLS_ECP_DP_CURVE448_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:82:2: #error "MBEDTLS_ECP_DP_SECP192R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:86:2: #error "MBEDTLS_ECP_DP_SECP224R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:90:2: #error "MBEDTLS_ECP_DP_SECP256R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:94:2: #error "MBEDTLS_ECP_DP_SECP384R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:98:2: #error "MBEDTLS_ECP_DP_SECP521R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:102:2: #error "MBEDTLS_ECP_DP_SECP192K1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:111:2: #error "MBEDTLS_ECP_DP_SECP256K1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:391:2: #error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:397:2: #error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:406:2: #error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:418:2: #error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:425:2: #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:481:2: #error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" mbedtls/check_config.h:725:2: #error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites" mbedtls/check_config.h:879:2: #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:885:2: #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED defined, but not all prerequisites" Regards, Prakash

8 months, 1 week

2
4
0 0

MBedTLS 3.5.2

by Satya Prakash Prasad

Hi, I am trying to build MbedtLS 3.5.2 and get the below error: mbedtls/library/psa_crypto_storage.c:23:23: psa/error.h: No such file or directory mbedtls/library/psa_crypto_storage.c:24:42: psa/internal_trusted_storage.h: No such file or directory I searched all thru the directories and found error.h in mbetls directory but could not find internal_trusted_storage.h header file? #if defined(MBEDTLS_PSA_ITS_FILE_C) #include "psa_crypto_its.h" #else /* Native ITS implementation */ #include "psa/error.h" #include "psa/internal_trusted_storage.h" #endif Regards, Prakash

8 months, 1 week

6
13
0 0

MBed TLS - Generic Question

by Satya Prakash Prasad

Hi Team, Referring to MBed release page - https://github.com/Mbed-TLS/mbedtls/releases?page=1 I see that there has been constant release periodically from Jul 27, 2018 mbedtls-2.1.14 till Nov 8, 2023 v3.5.1. In the same context I understand that with each release there have been fixes and new features / enhancement implementation. There was a project that I was working in year 2020 were we tried to integrate MBed TLS in EAP https://github.com/prplfoundation/hostap. It was a practice exercise that our team did that time. I have not much idea as to which MBed TLS version was opted and integrated then. Now that so many new releases are made after 2020 - are older versions can be taken as stable? Is it that we should take the latest version and try again from scratch? Thanks in advance. Regards, Prakash

8 months, 2 weeks

2
5
0 0

ssl session cache does not work in firefox

by Jan Pohanka

Hello, I have a simple http(s) server running on embedded platform using mbedtls. Using ssl session cache significantly improves the throughput. However while it works flawlessly in chromium based browser I noticed that in Firefox it does not work at all. Following there is a short snippet of my accept routine. Am I doing something wrong? ... mbedtls_ssl_conf_session_cache(&ssl_ctx->conf, &server_cache, mbedtls_ssl_cache_get, mbedtls_ssl_cache_set); mbedtls_ssl_init(*ssl); rc = mbedtls_ssl_setup(*ssl, &ssl_ctx->conf); if (rc < 0) { mbedtls_ssl_free(*ssl); mg_free(*ssl); *ssl = NULL; return -ENOMEM; } mbedtls_ssl_set_bio(*ssl, sock, mbedtls_net_send, mbedtls_net_recv, NULL); rc = mbed_ssl_handshake(*ssl); ... best regards Jan

8 months, 2 weeks

2
1
0 0

MBedTLs 3.5.2

by Satya Prakash Prasad

Hi, We are trying to integrate MBedTLs 3.5.2 release code into our project. In the same regards we need your help for all information as requested below - please do provide your valuable information: 1. Please confirm if all source and include files for MbedTLs 3.5.2 are available in below directories, so that we make use of these file only (libraries can be built independently and have no dependency with other files in other folder) - mbedtls-3.5.2\include\mbedtls mbedtls-3.5.2\include\psa mbedtls-3.5.2\library 2. We are using our own RTOS threads instead of Posix or other variants. Is there any specific configuration we need to do / setup? 3. We want to use as much small memory as possible - please let me know the required configuration for the same? 4. Please let us know the various configuration / setup details that we should do for the MBedTLS 3.5.2 codebase? 5. Any other references and information related to configuration / setup / compilation will be an added advantage. Thanks in advance and please let me know in case of any issues or concerns. Regards, Prakash

8 months, 2 weeks

1
1
0 0

Importing ECC privatekey (from PEM) into PSA and mbedtls_ecp_export undefined reference error

by mathi.naickan＠gmail.com

Hi, Iam trying to import an ECC privatekey(parsed through mbedtls_parse_key()) to PSA (psa_import_key()) (for ECDSA NIST-P256-SECP-R1), by following the suggestions here ==> https://github.com/Mbed-TLS/mbedtls/blob/development/docs/psa-transition.md (under the heading - Importing a PK key by export-import for an ECC private key). But, i get an undefined reference to `mbedtls_ecp_export' error. Is there a special flag that controls this? I can see that the definition of this function does exist in ecp.c. Kind Regards, Mathi.

8 months, 2 weeks

3
3
0 0

mbedtls and PQC algorithms support

by shripad.nunjundarao＠broadcom.com

Hi, Is there a plan for mbedtls to add support for PQC algorithms (Dilithium/Khyber)? regards, /Shripad

8 months, 3 weeks

2
2
0 0

mbedtls and PQC algorithms support

by Olivier Deprez

Hi Shripad, Cross-posting to mbed-tls ML. I noticed though you already sent the same query to this list. Regards, Olivier. ________________________________ From: shripad.nunjundarao--- via TF-A <tf-a(a)lists.trustedfirmware.org> Sent: 06 March 2024 05:39 To: tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org> Subject: [TF-A] mbedtls and PQC algorithms support Hi, Is there a plan for mbedtls to add support for PQC algorithms (Dilithium/Khyber)? regards, /Shripad -- TF-A mailing list -- tf-a(a)lists.trustedfirmware.org To unsubscribe send an email to tf-a-leave(a)lists.trustedfirmware.org

8 months, 3 weeks

1
0
0 0

2024

2023

2022

2021

2020

mbed-tls March 2024