- mbed-tls - lists.trustedfirmware.org

by Gilles Peskine

Hello, Mbed TLS supports building and running unit tests in one of two modes: “hosted” or “on target”. The on-target mode relies on Greentea, the Mbed OS test framework. The on-target mode is unmaintained (there's no CI for it and the Mbed TLS maintainers hardly ever even try to build it these days) and we're considering retiring it in Mbed TLS 2.28. If you do use Mbed TLS's on-target unit testing, either by building target_test.function or by plugging your own file instead of target_test.function or host_test.function, please let us know and weigh in on https://github.com/ARMmbed/mbedtls/issues/4912 <https://github.com/ARMmbed/mbedtls/issues/4912> . Best regards, -- Gilles Peskine Mbed TLS developer

4 years

1
1
0 0

How can I read plain-text private key into rsa_context?

by Shariful Alam

Hello, I'm using an older version of mbedtls (polarssl-1.3.9). I have a plain text private key generated from OpenSSL like the following. I'm trying to load this private key into the *rsa_context *using the following code (sorry, for the following code, I just don't know what to copy), Private key with padding (I have added padding manualy to make it divisible by 16 ) ================================================== // Total private key size is 4013 # define KEY_BUFFER_SIZE 4017 unsigned char private_decrypt[KEY_BUFFER_SIZE]; *printf("private key with padding --> \n %s \n", private_decrypt); --> shows the following* private key with padding --> RSA Private-Key: (2048 bit, 2 primes) modulus: 00:cc:40:c3:c6:e7:29:ae:f5:94:d8:3b:3f:a4:33: c2:6d:29:86:63:db:b7:8c:d4:07:f7:b3:db:96:83: f7:55:dd:6a:7b:04:49:53:3d:52:30:5f:af:0b:c2: b1:f0:48:a4:66:0a:b7:aa:29:b1:d0:91:4f:9c:1c: cf:df:5c:10:04:85:f9:bd:7b:93:ed:a6:77:80:12: 34:64:19:1a:18:b5:4e:94:7c:39:ce:99:38:50:e9: 82:71:f6:0f:3e:b8:af:11:3c:f4:05:69:72:8e:96: f6:81:ac:46:29:eb:88:88:c5:54:2f:89:1b:b9:32: da:76:23:a2:00:76:a5:8e:50:d3:ba:39:35:f9:4d: 95:63:ff:6a:3c:c8:a8:53:aa:78:d8:81:c8:bd:af: cf:6c:de:33:aa:c9:d4:80:2c:1f:ef:92:90:8a:c4: 88:e6:9a:e5:ad:2d:08:60:89:1a:77:fc:bf:68:64: 6f:c0:a7:fa:33:6d:ff:d2:e6:a4:7f:ad:87:be:0c: cb:9d:18:44:57:fe:db:86:7f:0b:c5:f7:9a:29:4b: 61:62:48:91:01:f7:e7:5e:64:4d:20:ec:ac:3c:07: 59:d6:19:f5:8c:01:9f:d5:6e:16:a8:8e:f9:2d:f6: f8:73:25:0a:b5:d8:62:2a:f8:ba:d5:dc:ff:6e:77: 0d:35 publicExponent: 65537 (0x10001) privateExponent: 4a:17:50:2d:2d:9b:5c:40:ef:3e:44:b7:c0:3b:9a: 52:78:d6:ac:10:7e:93:92:32:55:b3:23:7b:84:e1: 4a:7f:67:e9:b9:d3:53:63:92:15:c4:0f:be:47:60: be:95:cb:34:cc:bc:74:f8:6c:ed:08:59:05:7b:1a: 18:9e:cf:9c:a4:70:c4:40:38:97:e3:63:c3:cc:56: be:dc:b0:2f:b8:4d:09:e5:ca:1e:5c:4c:26:65:9e: 10:f2:bd:f2:f5:91:63:c2:65:8e:35:02:fe:20:5a: c9:0d:11:e2:90:f2:d5:12:27:88:9a:c6:b8:b6:6e: b2:9e:18:5c:ec:ac:ff:63:42:94:b3:b5:ff:69:75: f5:e9:41:77:8b:ee:1d:fa:47:78:9a:9c:1f:84:8b: 85:f9:29:a5:27:e4:1f:04:34:4e:ce:c2:28:18:38: 72:63:5c:44:88:4f:e2:ec:bc:c4:3e:af:d8:bb:a9: 0f:c9:30:0f:bf:bc:1d:8a:fc:d9:cf:27:f5:16:38: 34:07:3d:bf:a5:45:70:df:c5:8f:ee:79:3e:69:6e: e4:0c:74:76:f7:8a:2c:11:34:53:60:27:c3:73:55: 62:d5:06:cb:35:a4:3d:d6:79:3f:50:d4:81:7c:0f: 03:c5:15:b2:4a:eb:84:f1:16:07:ec:16:02:e4:5c: 1d prime1: 00:e5:40:6a:4c:8d:d3:8d:8d:e6:df:e7:1d:c4:8f: 4d:b4:b7:71:51:b7:c4:8a:19:fe:fd:3e:4b:a9:0b: d0:22:64:e0:76:f4:8b:88:d6:30:4b:f6:41:ae:20: c5:cc:79:ec:05:d0:6b:0e:64:16:c5:b5:e3:74:b6: a8:ac:39:74:1d:8a:09:b8:68:64:a4:c1:74:fa:f6: cd:1b:24:d6:86:1e:40:51:dc:09:78:76:8b:16:3e: f1:ea:a9:9b:25:69:4a:c4:3e:ba:63:62:6c:06:40: 83:8d:af:69:89:bd:ad:07:f4:97:39:7c:25:59:80: 07:59:4e:74:a0:4b:2a:05:67 prime2: 00:e4:15:a8:6a:e6:30:95:d6:36:44:a7:57:ac:99: d5:4d:d9:58:59:05:49:89:b8:42:cb:0e:e8:9d:12: fc:a4:76:e7:07:11:08:97:05:7d:0a:34:21:23:03: c9:4b:97:5c:6f:fc:7e:28:8a:c5:b1:44:12:61:03: 60:5e:f9:d2:51:cf:53:0f:7a:2f:a5:96:5a:f5:33: f7:6f:6e:92:14:cc:54:b1:48:ad:da:f7:37:c7:ca: 6f:a2:6a:00:de:73:6c:67:59:78:af:e9:ce:fb:02: 95:f8:0d:82:38:02:79:e5:a4:3b:61:16:b7:70:b1: 70:c8:9a:e8:81:c7:cb:fb:03 exponent1: 57:04:78:54:ce:90:ba:6e:5e:70:26:9d:d9:fa:3b: 18:99:78:dd:f7:cf:16:4c:7f:c9:48:58:17:b6:70: 2e:5d:f4:05:b3:15:33:bf:79:5d:9b:ff:9a:44:be: 4f:bb:07:a7:bd:50:a5:89:c0:4b:13:9b:5e:b5:e6: 98:58:c6:86:5f:db:08:b0:37:63:82:3b:10:f7:95: 2a:f4:74:a9:3b:da:56:38:1b:30:2a:6e:e8:e6:c3: 94:bb:04:34:d3:1e:9a:16:e5:50:cc:0f:0c:e0:78: 0e:d3:c2:4f:92:3b:97:85:73:d1:52:1a:2b:3a:b9: 8f:60:84:4c:43:bb:93:89 exponent2: 00:d7:ea:08:bc:e9:9c:24:bb:dc:33:b1:96:b5:b6: 0a:ce:df:69:5b:1c:3e:39:39:4d:41:9c:a3:67:ce: 89:8b:c7:63:7c:b5:0b:44:ab:d5:6a:cb:5e:73:1f: 2a:77:7c:99:ed:09:41:04:70:1a:25:6d:23:58:e3: 31:5f:b7:6e:fa:33:21:96:0d:3c:fd:ac:0f:fe:ff: 6a:c4:fa:0f:1f:d1:2e:7b:85:29:cf:97:28:1e:e1: ec:3b:fb:cd:46:c8:4d:5e:a8:bc:2f:0b:4e:fd:1f: bd:88:4c:81:71:34:26:e0:d5:4f:c0:e1:18:56:7e: 23:1e:44:46:c6:54:b5:2c:b1 coefficient: 2e:45:e5:0a:bc:66:bc:6e:9d:0d:ce:02:d6:30:62: 44:f6:38:d0:a7:2a:25:c4:42:76:cc:59:38:af:35: cb:6e:a7:5e:3c:71:97:6a:7b:c4:69:25:2e:c4:07: 20:2c:86:5c:a1:e8:6e:d8:e6:b7:9a:21:28:1e:8a: b1:4b:c5:ab:4e:35:e0:83:b5:30:56:53:d7:50:2f: 69:a2:6c:7b:00:d8:15:17:bb:79:72:33:30:11:47: 06:c5:58:16:63:e3:f5:ac:71:3d:ce:64:67:0e:6a: e0:cd:c2:e6:ad:30:f9:3e:7e:52:01:cf:fc:fc:66: 10:44:1a:4b:1b:08:7a:8d 000 <----- padding ============================================ Remove padding and get the actual private key using the the following code, ============================================================================= size_t lenght=strlen(private_decrypt); // length =4016 int N= lenght-4013; // 4013 is the original length of the private key, N is the length of padding private_decrypt[lenght-N]='\0'; // So, now *private_decrypt *contains the actual key ============================================================================= Then I use the following code to split each key and load into rsa_context, ===================================================================== char *strings[]={ "modulus:", "publicExponent:", "privateExponent:", "prime1:", "prime2:", "exponent1:", "exponent2:", "coefficient:"}; char* in = &private_decrypt; char *token; const char s[2] = " "; char *token_2; int k=0, size; do { if(k<8){ token = strstr(in,strings[k]); size= strlen(token); if (token){ *token = '\0'; } switch (k) { case 1: strcat(in,"\0"); printf("k=%d:\n %s\n",k,in); mpi_read_string(&rsaContext->N, 16, in); break; case 2: token_2 = strtok_r(in, s, &in); strcat(token_2,"\0"); printf("k=%d:\n %s\n",k,token_2); mpi_read_string(&rsaContext->E, 16, token_2); break; case 3: break; case 4: break; case 5: break; case 6: break; case 7: break; } //printf("k=%d \n%s\n",k,in); in = token+strlen(strings[k]); k=k+1; } else{ token= "NULL"; break; } }while(token!=NULL); // Check Public key if(rsa_check_pubkey(rsaContext)!=0){ printf("Reading public key error\n"); exit(0); } ===================================================================== Upon doing all this, when check the if the public key is load correctly or not, I'm getting *"Reading public key error". *Any help, what I'm doing wrong? Regards, Shariful Alam

4 years

1
0
0 0

How can I get plaintext rsa private key from .pem format?

by Shariful Alam

Hello, I found that, /programs/pkeyrsa_genkey.c creates a plaintext rsa private key. Is there any way I can generate the keys in the same format from a .pem format? Regards, Shariful Alam

4 years

1
0
0 0

-0x7880 "error" after successful failed download

by Ron Eggler

Hi, I'm getting the following errors printed: tls : error : [2021/06/21 21:43:12.360] [id = 10]: ../../src/../externals/mbedtls/mbedtls/library/ssl_tls.c(4369): mbedtls_ssl_handle_message_type() returned -30848 (-0x7880) tls : error : [2021/06/21 21:43:12.360] [id = 11]: ../../src/../externals/mbedtls/mbedtls/library/ssl_tls.c(8335): mbedtls_ssl_read_record() returned -30848 (-0x7880) after a file is successfully downloaded. It looks like MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY gets interpreted and printed as error. How can I fix this? Is this a configuration thing or do I edit the ssl_tls.c source code? Thank you, Ron mbedtls 2.16.0

4 years

1
0
0 0

Re: [mbed-tls] FTPS: Bad Record Mac on login

by Ron Eggler

On 2021-08-16 11:11 a.m., Ron Eggler via mbed-tls wrote: > Hi, > > I am working on a client where I need to login to a FTPS server > (vsftpd). I establish the connection, exchange Hellos, certificate & > key exchange and all seems succesful and are happening fine. > > I am able to send "PBSZ 0" to the server which gets acknowledged with > "200 PBSZ set to 0." (as seen in Wireshark). > > Then, when it comes to sending "PROT P", I cannot see it encoded in > Wireshark. it just says "Application Data" and the next frame reads > "Alert (Level: Fatal, Description: Bad Record Mac)". I have > investigated my code (mostly for differences between "PBSZ 0" and > "PROT P" but came up empty) and have searched the web but have failed > to find the resolution to my problem, as of yet. It seems obvious that > the problem must be in my code but I seem to be unable to put my > finger on it! I thought I should check if someone here may have any > other hints that will help me resolve the problem. > > I have temporarily set "mbedtls_ssl_conf_authmode( &ctxt.conf, > MBEDTLS_SSL_VERIFY_NONE);" to make sure that the CA is not the causing > any issues. > I have been able to resolve this. It was caused by usage of different context structure pointers.

4 years

1
0
0 0

FTPS: Bad Record Mac on login

by Ron Eggler

Hi, I am working on a client where I need to login to a FTPS server (vsftpd). I establish the connection, exchange Hellos, certificate & key exchange and all seems succesful and are happening fine. I am able to send "PBSZ 0" to the server which gets acknowledged with "200 PBSZ set to 0." (as seen in Wireshark). Then, when it comes to sending "PROT P", I cannot see it encoded in Wireshark. it just says "Application Data" and the next frame reads "Alert (Level: Fatal, Description: Bad Record Mac)". I have investigated my code (mostly for differences between "PBSZ 0" and "PROT P" but came up empty) and have searched the web but have failed to find the resolution to my problem, as of yet. It seems obvious that the problem must be in my code but I seem to be unable to put my finger on it! I thought I should check if someone here may have any other hints that will help me resolve the problem. I have temporarily set "mbedtls_ssl_conf_authmode( &ctxt.conf, MBEDTLS_SSL_VERIFY_NONE);" to make sure that the CA is not the causing any issues. Thank you!

4 years

1
0
0 0

record and no record delemma

by Dave Plater

Hi, I wonder if anyone can tell me what I'm doing wrong. I use a modified client1.c for getting payment objects from an aws address, curl says that the connection uses "SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256" if it's any use. I can retrieve any single payment object which has a content length of about 443 but when I try to get the entire record of payments of which I only need the first or latest payment to check that I'm in sync, I get "Last error was: -28928 - SSL - Bad input parameters to function". This started at a certain point in the payment object accumulation don't quite know when, the current record of all payments is 22526 and it grows with every transaction. The GET request for the all the payment objects ends in "/payments/" and for a single object /payments/ has the objects id appended to it. There must be a way to receive a truncated record of all payments. Here is my latest config.h: #ifndef MBEDTLS_CONFIG_H #define MBEDTLS_CONFIG_H /* System support */ //#define MBEDTLS_HAVE_ASM #define MBEDTLS_HAVE_TIME #define MBEDTLS_NO_PLATFORM_ENTROPY #define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES #define MBEDTLS_TEST_NULL_ENTROPY #define MBEDTLS_ERROR_C #define MBEDTLS_PLATFORM_C //#define MBEDTLS_PLATFORM_EXIT_ALT //#define MBEDTLS_PLATFORM_TIME_ALT //#define MBEDTLS_PLATFORM_FPRINTF_ALT //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT //#define MBEDTLS_PLATFORM_VSNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT /* mbed TLS feature support */ #define MBEDTLS_CIPHER_MODE_CBC #define MBEDTLS_PKCS1_V15 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_SSL_PROTO_TLS1_2 #define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_TLS_C #define MBEDTLS_ENTROPY_C #define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES //experiment #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED #define MBEDTLS_ECDH_C #define MBEDTLS_ECP_C #define MBEDTLS_ECP_DP_SECP192R1_ENABLED #define MBEDTLS_RSA_C #define MBEDTLS_OID_C #define MBEDTLS_PKCS1_V15 #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_CIPHER_C #define MBEDTLS_MD_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_SHA256_C #define MBEDTLS_PK_PARSE_C #define MBEDTLS_PK_C #define MBEDTLS_ASN1_PARSE_C /* mbed TLS modules */ #define MBEDTLS_AES_C /* #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_DES_C #define MBEDTLS_MD_C #define MBEDTLS_MD5_C //#define MBEDTLS_RSA_C #define MBEDTLS_SHA1_C #define MBEDTLS_SHA256_C */ #define MBEDTLS_X509_USE_C /* For test certificates */ #define MBEDTLS_BASE64_C #define MBEDTLS_CERTS_C #define MBEDTLS_PEM_PARSE_C /* Limit memory use*/ #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /* For testing with compat.sh */ //#define MBEDTLS_FS_IO #include "check_config.h" #endif /* MBEDTLS_CONFIG_H */ Thanks, Dave P

4 years, 1 month

1
0
0 0

Compare certs' RSA keys, subjects etc..

by Nassim Eddequiouaq

Hi, I'd like to compare a signing cert in a cert chain against a pinned cert. Given two mbedtls_x509_crt (or two mbedtls_rsa_context), what is the recommended way to compare them? Thanks! -- Nassim Eddequiouaq

4 years, 1 month

1
0
0 0

Re: [mbed-tls] Could memory leak or heap fragmentation be the issue?

by Gilles Peskine

Hello, I don't see anything obviously wrong with the code. Heap fragmentation is a possibility. A memory leak is also a possibility; we do fairly extensive testing for memory leaks in unit tests, but this doesn't catch unusual conditions (especially not recovering after a low-memory condition). I think the first tool to investigate is to enable MBEDTLS_MEMORY_DEBUG. This has a small cost in code size and gives you access to some introspection functions mbedtls_memory_buffer_alloc_status() and mbedtls_memory_buffer_alloc_max_get(). Call these functions on an error, and also perhaps at other times for comparison. There's also an option MBEDTLS_MEMORY_BACKTRACE which creates extremely verbose logs. Those logs might be helpful, but they're so verbose that they often aren't practical in a real-world application. I notice that the allocation is for a little over 16kB. The default size of the SSL input/output buffers is 16kB because that's the maximum size of a message according to the specification. However you can usually get away with a lot less, especially on IoT networks where the infrastructure is geared towards much smaller messages. See https://tls.mbed.org/kb/how-to/controlling_package_size <https://tls.mbed.org/kb/how-to/controlling_package_size> for more information on message sizes and buffer sizes. If the problem is a memory leak, smaller buffers will only delay the failure. But if the problem is that the application just needs a bit more heap space, this could solve the problem. Concretely, try setting MBEDTLS_SSL_IN_CONTENT_LEN and MBEDTLS_SSL_OUT_CONTENT_LEN in the compile-time configuration to much lower values. MBEDTLS_SSL_OUT_CONTENT_LEN can be as low as you like as long as the handshake messages fit. MBEDTLS_SSL_IN_CONTENT_LEN has to be large enough for the messages that you're sent. Alternatively, enable the option MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, which results in smaller buffers but can make fragmentation worse due to reallocations. Hope this helps. -- Gilles Peskine Mbed TLS developer On 01/08/2021 22:40, Alan Chen via mbed-tls wrote: > > I posted the question on the mbedTLS forum, only to realized that > mbedTLS is now maintained by the projectï¿½s mailing list. Here is the > copy of what I wrote: > > ï¿½ > > *Occasionally*ï¿½ I am getting MBEDTLS_ERR_SSL_ALLOC_FAILED from > mbedtls_ssl_setup() during repeated HTTP partial content download. > Since this problem happens very rarely, it is a bit difficult to > troubleshoot. > > ï¿½ > > I am running mbedTLS on a Microchip PIC32MZ MCU, connected to a > LTE-M/NB-IoT modem. I have 128K static memory reserved for the library > with MBEDTLS_PLATFORM_MEMORY defined in the config.h file. The MCU > runs two main tasks - MQTT client, talking to the AWS MQTT broker, and > HTTPS client, for downloading new firmware image from the AWS S3 > bucket over the air. > > ï¿½ > > Due to the slowness and limited bandwidth of the LTE-M and NB-IoT > technologies, the HTTP file download has to use the partial content > GET, basically 2KB per request, until all ~700KB of data are received. > During the course of the file download, one can see as many as 30 > disconnect and reconnect, and each time the TLS session would close > down and re-open once the cell network is established. Here are some > of my functions: > > ï¿½ > > ``` > > #define MBEDTLS_MAX_MEMORY_ALLOCATEDï¿½ï¿½ï¿½ (1024 * 128) > > static uint8_t tls_memory_buf[MBEDTLS_MAX_MEMORY_ALLOCATED]; > > ï¿½ > > // called in main() > > void mbedtls_mem_init(void) > > { > > ï¿½ï¿½ï¿½ mbedtls_memory_buffer_alloc_init(tls_memory_buf, sizeof > tls_memory_buf); > > } > > ï¿½ > > void HTTPS_TLS_CLOSE(void) > > { > > ï¿½ï¿½ï¿½ if (server_fd_https.fd != -1) > > ï¿½ï¿½ï¿½ {ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½mbedtls_entropy_free(&entropy_https); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ mbedtls_x509_crt_free(&cacert_https); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ mbedtls_ctr_drbg_free(&ctr_drbg_https); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ mbedtls_ssl_config_free(&conf_https); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ mbedtls_ssl_free(&ssl_https); > > ï¿½ > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ server_fd_https.fd = -1; > > ï¿½ï¿½ï¿½ } > > } > > ï¿½ > > bool HTTPS_TLS_OPEN(void) > > { > > ï¿½ï¿½ï¿½ int ret; > > ï¿½ï¿½ï¿½ const char *pers = "https_tls_wrapper"; > > ï¿½ > > ï¿½ > > ï¿½ï¿½ï¿½ server_fd_https.fd = 1; > > ï¿½ï¿½ï¿½ mbedtls_debug_set_threshold(1); > > ï¿½ > > ï¿½ï¿½ï¿½ mbedtls_ssl_init(&ssl_https); > > ï¿½ï¿½ï¿½ mbedtls_ssl_config_init(&conf_https); > > ï¿½ï¿½ï¿½ mbedtls_ctr_drbg_init(&ctr_drbg_https); > > ï¿½ï¿½ï¿½ mbedtls_x509_crt_init(&cacert_https); > > ï¿½ï¿½ï¿½ > > ï¿½ï¿½ï¿½ï¿½mbedtls_entropy_init(&entropy_https);ï¿½ï¿½ï¿½ > > ï¿½ï¿½ï¿½ï¿½mbedtls_entropy_add_source(&entropy_https, my_https_entropy, NULL, > sizeof my_https_random, MBEDTLS_ENTROPY_SOURCE_STRONG); > > ï¿½ï¿½ï¿½ > > ï¿½ï¿½ï¿½ï¿½ret = mbedtls_ctr_drbg_seed(&ctr_drbg_https, mbedtls_entropy_func, > &entropy_https, (const unsigned char *)pers, strlen(pers)); > > ï¿½ï¿½ï¿½ if (ret != 0) > > ï¿½ï¿½ï¿½ { > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ printf("%s: mbedtls_ctr_drbg_seed ERROR -0x%x\r\n", > __FUNCTION__, -ret); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ return false; > > ï¿½ï¿½ï¿½ } > > ï¿½ > > ï¿½ï¿½ï¿½ ret = mbedtls_x509_crt_parse(&cacert_https, TRUSTED_ROOT_CA, > TRUSTED_ROOT_CA_SIZE); > > ï¿½ï¿½ï¿½ if (ret != 0) > > ï¿½ï¿½ï¿½ { > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ printf("%s: mbedtls_x509_crt_parse cacert ERROR -0x%x\r\n", > __FUNCTION__, -ret); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ return false; > > ï¿½ï¿½ï¿½ } > > ï¿½ï¿½ï¿½ > > ï¿½ï¿½ï¿½ï¿½ret = mbedtls_ssl_config_defaults(&conf_https, > MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, > MBEDTLS_SSL_PRESET_DEFAULT); > > ï¿½ï¿½ï¿½ if (ret != 0) > > ï¿½ï¿½ï¿½ { > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ printf("%s: mbedtls_ssl_config_defaults ERROR -0x%x\r\n", > __FUNCTION__, -ret); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ return false; > > ï¿½ï¿½ï¿½ } > > ï¿½ > > ï¿½ï¿½ï¿½ mbedtls_ssl_conf_verify(&conf_https, NULL, NULL); > > ï¿½ï¿½ï¿½ mbedtls_ssl_conf_authmode(&conf_https, MBEDTLS_SSL_VERIFY_REQUIRED); > > ï¿½ï¿½ï¿½ mbedtls_ssl_conf_rng(&conf_https, mbedtls_ctr_drbg_random, > &ctr_drbg_https); > > ï¿½ï¿½ï¿½ mbedtls_ssl_conf_dbg(&conf_https, my_https_debug, stdout); > > ï¿½ï¿½ï¿½ mbedtls_ssl_conf_ca_chain(&conf_https, &cacert_https, NULL); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > > ï¿½ï¿½ï¿½ï¿½mbedtls_ssl_conf_read_timeout(&conf_https, TLS_TIMEOUT_MS); > > ï¿½ > > ï¿½ï¿½ï¿½ HTTPS_SetHostname(); /* calling mbedtls_ssl_set_hostname */ > > ï¿½ï¿½ï¿½ > > ï¿½ï¿½ï¿½ï¿½ret = mbedtls_ssl_setup(&ssl_https, &conf_https); > > ï¿½ï¿½ï¿½ if (ret != 0) > > ï¿½ï¿½ï¿½ { > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ printf("%s: mbedtls_ssl_setup ERROR -0x%x\r\n", __FUNCTION__, > -ret); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ return false; > > ï¿½ï¿½ï¿½ } > > ï¿½ > > ï¿½ï¿½ï¿½ mbedtls_ssl_set_bio(&ssl_https, &server_fd_https, > mbedtls_https_send, mbedtls_https_recv, NULL); > > ï¿½ > > ï¿½ï¿½ï¿½ return true; > > } > > ``` > > Can someone please tell me if I am doing something inappropriate here? > I am speculating that perhaps there is a memory leak or the heap > becomes so fragmented that it fails on mbedtls_calloc(). The exact > error message in my case is: > > ï¿½ > > > ../mbedtls_lib/ssl_tls.c:5661: alloc(16717 bytes) failed > > ï¿½ > > Thanks. > > ï¿½ > > Alan Chen > > > > ------------------------------------------------------------------------ > <https://home.mcafee.com/utm_medium=email&utm_source=link&utm_campaign=sig-e…> > Scanned by McAfee > <https://home.mcafee.com/utm_medium=email&utm_source=link&utm_campaign=sig-e…> > and confirmed virus-free. > >

4 years, 1 month

1
0
0 0

R: Re: Mbed TLS: long term support versions

by matteo.cogi＠alice.it

Hi Dave and Gilles, Perfect, so I will wait for the last 2.x (presumably the 2.28.x) strand of the version later this year. Thanks again. Regards, Matteo ------ Messaggio Originale ------ Da: mbed-tls(a)lists.trustedfirmware.org A: Gilles.Peskine(a)arm.com; mbed-tls(a)lists.trustedfirmware.org Inviato: giovedì 29 luglio 2021 15:33 Oggetto: Re: [mbed-tls] Mbed TLS: long term support versions Sorry, just realised that myself! Gilles is correct, I should have said 2.28. Thanks Dave On 29/07/2021, 14:25, "mbed-tls on behalf of Gilles Peskine via mbed-tls" <mbed-tls-bounces(a)lists.trustedfirmware.org on behalf of mbed-tls(a)lists.trustedfirmware.org> wrote: Off-by-one error! The current 2.x release is 2.27.0. Most development work is happening on 3.x but there will be at least one more 2.x release: 2.28.0. The last 2.x release will become an LTS. -- Gilles Peskine Mbed TLS developer On 29/07/2021 15:05, Dave Rodgman via mbed-tls wrote: > > Hi Matteo, > > > > We expect to release an LTS later this year. It’s likely to be 2.27, > and very likely will be supported for the usual LTS period of 3 years. > > > > So if you are considering updating to a new LTS, you could use 2.26 > for prototyping in the short term until the LTS becomes available. The > upcoming LTS will be API-compatible with 2.26. > > > > Hope this helps, > > > > Dave > > > > *From: *mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on > behalf of "matteo.cogi--- via mbed-tls" > <mbed-tls(a)lists.trustedfirmware.org> > *Reply to: *"matteo.cogi(a)alice.it" <matteo.cogi(a)alice.it> > *Date: *Tuesday, 27 July 2021 at 07:44 > *To: *"mbed-tls(a)lists.trustedfirmware.org" > <mbed-tls(a)lists.trustedfirmware.org> > *Subject: *[mbed-tls] Mbed TLS: long term support versions > > > > Dear all, > I wish to know which are the future LTS (Long Term Support) versions > for Mbed TLS. > In these last years I have been working with the 2.16.x, but I read it > will be maintained until at least the end of 2021 ( > https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra… > <https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra…> > ), so I am considering an update to a newer LTS version. > However I don’t find which are the next LTS version and for how much > time they will be maintained. > Thanks in advance. > Regards, > Matteo > > -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls

4 years, 1 month

1
0
0 0

Re: [mbed-tls] How to setup config.h to make memory_buffer_alloc_init() thread-safe?

by Gilles Peskine

(Note: I'm replying to the list. Please keep list conversations on the list.) Writing memory allocators is a specialty. It's not my specialty, and apparently it's not your specialty either, so if we design a memory allocator we're likely to end up with poor performance. On most systems, the standard library malloc is designed by experts, and often fine-tuned for the type of platform and usage (e.g. large or small pools, with or without MMU, with or without cache). memory_buffer_alloc uses an array to implement malloc. One possible explanation for poor performance is if your allocator doesn't align data nicely. Some platforms supports unaligned accesses (e.g. accessing a 4-byte value at an address that isn't a multiple of 4) but with a significant performance penalty (most others just crash). If there's a cache, alignment with cache line boundaries can also help. Another potential reason in a multithreaded program is not doing synchronization efficiently, or doing it too often. Note that you do NOT need synchronization if each thread has its own memory pool and no thread ever modifies the data of another thread. Note, however, that Mbed TLS caches some data in public/private key objects, so doing an operation with a key modifies the key object, therefore each thread would need to have its own copy of the key. There are undoubtedly other likely reasons that I'm not thinking of. Best regards, -- Gilles Peskine Mbed TLS developer On 29/07/2021 22:38, Shariful Alam wrote: > Hi Gilles, > Hope you are well. The project that I'm currently working on requires > static memory allocation instead of dynamic memory allocation. I was > trying to use "memory_buffer_alloc()". Since memory_buffer_alloc() > doesn't support multiple memory pools, seems like I can't use this > function in my project. > > I have a working version of a modified bignum.c & bignum.h, where > malloc is replaced with an array. The library is working. However, the > performance is poor (~4 times slower). I was wondering what could > cause this slow performance. I mean, I understand it will be slow, but > I did not expect it to be 4 times slower. > > Is there any version, where an array was used instead of malloc? Or if > you could point out some of the reasons for this library to slow down > while using an array, I will be very grateful. > > Best regards, > Shariful > > > On Tue, Jul 20, 2021 at 2:22 PM Gilles Peskine <gilles.peskine(a)arm.com > <mailto:gilles.peskine@arm.com>> wrote: > > Hi Shariful, > > You just call mbedtls_calloc() (or let other functions call it). > It will use the memory pool set by mbedtls_memory_buffer_alloc_init(). > > The memory_buffer_alloc module does not support multiple memory > pools. If you want a separate pool for each thread's allocation > for performance reasons on a multicore system, you'd better rely > on your platform's built-in calloc(). It's likely to be > fined-tuned for multicore operation. The built-in allocator in > Mbed TLS is intended for highly resource-constrained systems where > the basic platform doesn't even include an allocator. > > Best regards, > > -- > Gilles Peskine > Mbed TLS developer > > On 20/07/2021 22:10, Shariful Alam wrote: >> Hi Gilles, >> Thank you very much, for your reply. Sorry to bother you again. I >> am trying to follow your instructions. I have a question >> regarding your suggestions. >> >> You said "applications call mbedtls_memory_buffer_alloc_init() in >> the startup code of the initial thread, before creating other >> threads. The alloc/free functions are thread-safe, but the >> initialization and deinitialization functions aren't." >> >> I'm a little confused here. Say, if I call >> mbedtls_memory_buffer_alloc_init() with a buffer in the main >> thread, how did all other threads use this memory (or how do all >> the threads know which memory block to use)? >> >> After calling mbedtls_memory_buffer_alloc_init() in the main >> thread, I can get the address of the buffer and pass it to the >> threads, do I have to call mbedtls_memory_buffer_alloc_init() >> again inside each thread? >> >> Thanks, >> Shariful >> >> On Mon, Jul 19, 2021 at 3:48 AM Gilles Peskine via mbed-tls >> <mbed-tls(a)lists.trustedfirmware.org >> <mailto:mbed-tls@lists.trustedfirmware.org>> wrote: >> >> Hi Shariful, >> >> First, please note that the library called PolarSSL with >> functions like >> rsa_private() and memory_buffer_alloc_init() has not been >> supported for >> several years. You should upgrade to Mbed TLS, with functions >> like >> mbedtls_rsa_private() and mbedtls_memory_buffer_alloc_init(). >> That being >> said, the memory_buffer_alloc module works in the same way. >> >> Normally, applications call >> mbedtls_memory_buffer_alloc_init() in the >> startup code of the initial thread, before creating other >> threads. The >> alloc/free functions are thread-safe, but the initialization and >> deinitialization functions aren't. If you must call >> mbedtls_memory_buffer_alloc_init() after creating other >> threads, make >> sure that no thread calls mbedtls_calloc until >> mbedtls_memory_buffer_alloc_init() has returned. >> >> The same principle applies to other parts of Mbed TLS that are >> thread-safe. For example, only the RSA operations (encryption, >> decryption, signature, verification, and also the low-level >> functions >> mbedtls_rsa_public() and mbedtls_rsa_private()) are >> protected. So you >> must finish setting up the RSA key inside one thread before >> you pass a >> pointer to other threads. Similarly, only >> mbedtls_xxx_drbg_random() is >> thread-safe, and the RNG setup (including >> mbedtls_xxx_drgb_seed()) >> should be done as part of the initial application startup. >> >> Finally, note that mbedtls_rsa_private() alone cannot decrypt >> a message: >> all it does it to apply the private key operation. To decrypt >> a simple >> message encrypted with RSA-OAEP, call >> mbedtls_rsa_rsaes_oaep_decrypt() >> or mbedtls_rsa_pkcs1_decrypt() with a key set up for >> MBEDTLS_RSA_PKCS_V21 encoding. To use the legacy PKCS#1v1.5 >> mechanism, >> call mbedtls_rsa_rsaes_pkcs1_v15_decrypt() or >> mbedtls_rsa_pkcs1_decrypt() with a key set up for >> .MBEDTLS_RSA_PKCS_V15. >> To decrypt a message using a RSA FDH hybrid scheme, you do >> need to call >> mbedtls_rsa_private() since Mbed TLS doesn't support it >> natively, but >> what this gives you is the intermediate secret from which you >> then need >> to derive a symmetric key, not the message itself. >> >> Best regards, >> >> -- >> Gilles Peskine >> Mbed TLS developer >> >> On 18/07/2021 07:16, Shariful Alam via mbed-tls wrote: >> > Hello, >> > I have a simple example code to decrypt an >> encrypted message using >> > *rsa_private()*. I use *memory_buffer_alloc_init(), *in >> order to use >> > a static memory for the computation. I want to run my code >> > concurrently. My code works with a single pthread. However, >> when I try >> > to run more than one thread my program fails to decrypt. >> > >> > ** I check the same code >> without *memory_buffer_alloc_init(), *it >> > works concurrently, without any issues at all. >> > >> > Therefore, I believe, the issue that I'm facing is >> coming from the use >> > of static memory(e.g. *memory_buffer_alloc_init()*). The >> documentation >> > of memorry_buffer_alloc.h shows, >> > >> > /** >> > >> > * \brief Initialize use of stack-based memory allocator. >> > >> > * The stack-based allocator does memory >> management >> > inside the >> > >> > * presented buffer and does not call malloc() >> and free(). >> > >> > * It sets the global polarssl_malloc() and >> > polarssl_free() pointers >> > >> > * to its own functions. >> > >> > * (Provided polarssl_malloc() and >> polarssl_free() are >> > thread-safe if >> > >> > * POLARSSL_THREADING_C is defined) >> > >> > * >> > >> > * \note This code is not optimized and provides a >> straight-forward >> > >> > * implementation of a stack-based memory >> allocator. >> > >> > * >> > >> > * \param buf buffer to use as heap >> > >> > * \param len size of the buffer >> > >> > * >> > >> > * \return 0 if successful >> > >> > */ >> > >> > >> > So, I added the following configuration to the *config.h* >> file >> > >> > 1. #define POLARSSL_THREADING_PTHREAD >> > 2. #define POLARSSL_THREADING_C >> > >> > But I'm still getting errors while decrypting. Any help on >> how to fix >> > this? or what else should I add into the config.h file to >> > make *memory_buffer_alloc_init() *thread-safe? Here is my >> sample >> > code: https://pastebin.com/uyW3vknt >> <https://pastebin.com/uyW3vknt> >> <https://pastebin.com/uyW3vknt <https://pastebin.com/uyW3vknt>> >> > >> > Thanks, >> > Shariful >> > >> >> -- >> mbed-tls mailing list >> mbed-tls(a)lists.trustedfirmware.org >> <mailto:mbed-tls@lists.trustedfirmware.org> >> https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls >> <https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls> >> >

4 years, 1 month

1
0
0 0

Could memory leak or heap fragmentation be the issue?

by Alan Chen

I posted the question on the mbedTLS forum, only to realized that mbedTLS is now maintained by the project's mailing list. Here is the copy of what I wrote: *Occasionally* I am getting MBEDTLS_ERR_SSL_ALLOC_FAILED from mbedtls_ssl_setup() during repeated HTTP partial content download. Since this problem happens very rarely, it is a bit difficult to troubleshoot. I am running mbedTLS on a Microchip PIC32MZ MCU, connected to a LTE-M/NB-IoT modem. I have 128K static memory reserved for the library with MBEDTLS_PLATFORM_MEMORY defined in the config.h file. The MCU runs two main tasks - MQTT client, talking to the AWS MQTT broker, and HTTPS client, for downloading new firmware image from the AWS S3 bucket over the air. Due to the slowness and limited bandwidth of the LTE-M and NB-IoT technologies, the HTTP file download has to use the partial content GET, basically 2KB per request, until all ~700KB of data are received. During the course of the file download, one can see as many as 30 disconnect and reconnect, and each time the TLS session would close down and re-open once the cell network is established. Here are some of my functions: ``` #define MBEDTLS_MAX_MEMORY_ALLOCATED (1024 * 128) static uint8_t tls_memory_buf[MBEDTLS_MAX_MEMORY_ALLOCATED]; // called in main() void mbedtls_mem_init(void) { mbedtls_memory_buffer_alloc_init(tls_memory_buf, sizeof tls_memory_buf); } void HTTPS_TLS_CLOSE(void) { if (server_fd_https.fd != -1) { mbedtls_entropy_free(&entropy_https); mbedtls_x509_crt_free(&cacert_https); mbedtls_ctr_drbg_free(&ctr_drbg_https); mbedtls_ssl_config_free(&conf_https); mbedtls_ssl_free(&ssl_https); server_fd_https.fd = -1; } } bool HTTPS_TLS_OPEN(void) { int ret; const char *pers = "https_tls_wrapper"; server_fd_https.fd = 1; mbedtls_debug_set_threshold(1); mbedtls_ssl_init(&ssl_https); mbedtls_ssl_config_init(&conf_https); mbedtls_ctr_drbg_init(&ctr_drbg_https); mbedtls_x509_crt_init(&cacert_https); mbedtls_entropy_init(&entropy_https); mbedtls_entropy_add_source(&entropy_https, my_https_entropy, NULL, sizeof my_https_random, MBEDTLS_ENTROPY_SOURCE_STRONG); ret = mbedtls_ctr_drbg_seed(&ctr_drbg_https, mbedtls_entropy_func, &entropy_https, (const unsigned char *)pers, strlen(pers)); if (ret != 0) { printf("%s: mbedtls_ctr_drbg_seed ERROR -0x%x\r\n", __FUNCTION__, -ret); return false; } ret = mbedtls_x509_crt_parse(&cacert_https, TRUSTED_ROOT_CA, TRUSTED_ROOT_CA_SIZE); if (ret != 0) { printf("%s: mbedtls_x509_crt_parse cacert ERROR -0x%x\r\n", __FUNCTION__, -ret); return false; } ret = mbedtls_ssl_config_defaults(&conf_https, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); if (ret != 0) { printf("%s: mbedtls_ssl_config_defaults ERROR -0x%x\r\n", __FUNCTION__, -ret); return false; } mbedtls_ssl_conf_verify(&conf_https, NULL, NULL); mbedtls_ssl_conf_authmode(&conf_https, MBEDTLS_SSL_VERIFY_REQUIRED); mbedtls_ssl_conf_rng(&conf_https, mbedtls_ctr_drbg_random, &ctr_drbg_https); mbedtls_ssl_conf_dbg(&conf_https, my_https_debug, stdout); mbedtls_ssl_conf_ca_chain(&conf_https, &cacert_https, NULL); mbedtls_ssl_conf_read_timeout(&conf_https, TLS_TIMEOUT_MS); HTTPS_SetHostname(); /* calling mbedtls_ssl_set_hostname */ ret = mbedtls_ssl_setup(&ssl_https, &conf_https); if (ret != 0) { printf("%s: mbedtls_ssl_setup ERROR -0x%x\r\n", __FUNCTION__, -ret); return false; } mbedtls_ssl_set_bio(&ssl_https, &server_fd_https, mbedtls_https_send, mbedtls_https_recv, NULL); return true; } ``` Can someone please tell me if I am doing something inappropriate here? I am speculating that perhaps there is a memory leak or the heap becomes so fragmented that it fails on mbedtls_calloc(). The exact error message in my case is: > ../mbedtls_lib/ssl_tls.c:5661: alloc(16717 bytes) failed Thanks. Alan Chen ________________________________ [https://secureimages.mcafee.com/common/affiliateImages/mfe/logo.png]<https://home.mcafee.com/utm_medium=email&utm_source=link&utm_campaign=sig-e…> Scanned by McAfee<https://home.mcafee.com/utm_medium=email&utm_source=link&utm_campaign=sig-e…> and confirmed virus-free.

4 years, 1 month

1
0
0 0

Re: [mbed-tls] Mbed TLS: long term support versions

by Dave Rodgman

Sorry, just realised that myself! Gilles is correct, I should have said 2.28. Thanks Dave On 29/07/2021, 14:25, "mbed-tls on behalf of Gilles Peskine via mbed-tls" <mbed-tls-bounces(a)lists.trustedfirmware.org on behalf of mbed-tls(a)lists.trustedfirmware.org> wrote: Off-by-one error! The current 2.x release is 2.27.0. Most development work is happening on 3.x but there will be at least one more 2.x release: 2.28.0. The last 2.x release will become an LTS. -- Gilles Peskine Mbed TLS developer On 29/07/2021 15:05, Dave Rodgman via mbed-tls wrote: > > Hi Matteo, > > > > We expect to release an LTS later this year. It’s likely to be 2.27, > and very likely will be supported for the usual LTS period of 3 years. > > > > So if you are considering updating to a new LTS, you could use 2.26 > for prototyping in the short term until the LTS becomes available. The > upcoming LTS will be API-compatible with 2.26. > > > > Hope this helps, > > > > Dave > > > > *From: *mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on > behalf of "matteo.cogi--- via mbed-tls" > <mbed-tls(a)lists.trustedfirmware.org> > *Reply to: *"matteo.cogi(a)alice.it" <matteo.cogi(a)alice.it> > *Date: *Tuesday, 27 July 2021 at 07:44 > *To: *"mbed-tls(a)lists.trustedfirmware.org" > <mbed-tls(a)lists.trustedfirmware.org> > *Subject: *[mbed-tls] Mbed TLS: long term support versions > > > > Dear all, > I wish to know which are the future LTS (Long Term Support) versions > for Mbed TLS. > In these last years I have been working with the 2.16.x, but I read it > will be maintained until at least the end of 2021 ( > https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra… > <https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra…> > ), so I am considering an update to a newer LTS version. > However I don’t find which are the next LTS version and for how much > time they will be maintained. > Thanks in advance. > Regards, > Matteo > > -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls

4 years, 1 month

1
0
0 0

Re: [mbed-tls] Mbed TLS: long term support versions

by Gilles Peskine

Off-by-one error! The current 2.x release is 2.27.0. Most development work is happening on 3.x but there will be at least one more 2.x release: 2.28.0. The last 2.x release will become an LTS. -- Gilles Peskine Mbed TLS developer On 29/07/2021 15:05, Dave Rodgman via mbed-tls wrote: > > Hi Matteo, > > > > We expect to release an LTS later this year. It’s likely to be 2.27, > and very likely will be supported for the usual LTS period of 3 years. > > > > So if you are considering updating to a new LTS, you could use 2.26 > for prototyping in the short term until the LTS becomes available. The > upcoming LTS will be API-compatible with 2.26. > > > > Hope this helps, > > > > Dave > > > > *From: *mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on > behalf of "matteo.cogi--- via mbed-tls" > <mbed-tls(a)lists.trustedfirmware.org> > *Reply to: *"matteo.cogi(a)alice.it" <matteo.cogi(a)alice.it> > *Date: *Tuesday, 27 July 2021 at 07:44 > *To: *"mbed-tls(a)lists.trustedfirmware.org" > <mbed-tls(a)lists.trustedfirmware.org> > *Subject: *[mbed-tls] Mbed TLS: long term support versions > > > > Dear all, > I wish to know which are the future LTS (Long Term Support) versions > for Mbed TLS. > In these last years I have been working with the 2.16.x, but I read it > will be maintained until at least the end of 2021 ( > https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra… > <https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra…> > ), so I am considering an update to a newer LTS version. > However I don’t find which are the next LTS version and for how much > time they will be maintained. > Thanks in advance. > Regards, > Matteo > >

4 years, 1 month

1
0
0 0

Re: [mbed-tls] Mbed TLS: long term support versions

by Dave Rodgman

Hi Matteo, We expect to release an LTS later this year. It’s likely to be 2.27, and very likely will be supported for the usual LTS period of 3 years. So if you are considering updating to a new LTS, you could use 2.26 for prototyping in the short term until the LTS becomes available. The upcoming LTS will be API-compatible with 2.26. Hope this helps, Dave From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of "matteo.cogi--- via mbed-tls" <mbed-tls(a)lists.trustedfirmware.org> Reply to: "matteo.cogi(a)alice.it" <matteo.cogi(a)alice.it> Date: Tuesday, 27 July 2021 at 07:44 To: "mbed-tls(a)lists.trustedfirmware.org" <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] Mbed TLS: long term support versions Dear all, I wish to know which are the future LTS (Long Term Support) versions for Mbed TLS. In these last years I have been working with the 2.16.x, but I read it will be maintained until at least the end of 2021 ( https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra… ), so I am considering an update to a newer LTS version. However I don’t find which are the next LTS version and for how much time they will be maintained. Thanks in advance. Regards, Matteo

4 years, 1 month

1
0
0 0

Mbed TLS: long term support versions

by matteo.cogi＠alice.it

Dear all, I wish to know which are the future LTS (Long Term Support) versions for Mbed TLS. In these last years I have been working with the 2.16.x, but I read it will be maintained until at least the end of 2021 ( https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra… <https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra…> ), so I am considering an update to a newer LTS version. However I don’t find which are the next LTS version and for how much time they will be maintained. Thanks in advance. Regards, Matteo

4 years, 1 month

1
0
0 0

Re: [mbed-tls] May I know why SHA224 is mandatory with SH256?

by Gilles Peskine

Hello, Mbed TLS has never supported a build with SHA-256 but not SHA-224. In Mbed TLS 2.x, enabling MBEDTLS_SHA256_C enables both SHA-256 and SHA-224. Likewise, MBEDTLS_SHA512_C enables both SHA-512 and SHA-384. The reason for this design is that SHA-256 and SHA-224 have essentially the same code but different constants, and likewise for SHA-512 and SHA-384. What changed in Mbed TLS 3.0 is that there are now separate configuration options for each of the four SHA2 variants. It is not possible yet to enable SHA-384 without SHA-512, SHA-224 without SHA-256 or SHA-256 without SHA-224. These are implementation limitations due to missing #ifdef in various places. We expect to lift these limitations in one of the next 3.x releases. Best regards, -- Gilles Peskine Mbed TLS developer On 19/07/2021 14:50, David Hu via mbed-tls wrote: > > Hi, > > ï¿½ > > It seems that SHA224 is mandatory if SHA256 is selected, in Mbed TLS > latest version, according to this new check below: > > ï¿½ > > #if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA224_C) > > #error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C" > > #endif > > ï¿½ > > May I know why SHA224 must be enabled with SHA256? > > Could you please point me to any reference/document? > > ï¿½ > > Best regards, > > Hu Ziji > >

4 years, 1 month

2
3
0 0

Re: [mbed-tls] How to setup config.h to make memory_buffer_alloc_init() thread-safe?

by Shariful Alam

Hi Gilles, Thank you very much, for your reply. Sorry to bother you again. I am trying to follow your instructions. I have a question regarding your suggestions. You said "applications call mbedtls_memory_buffer_alloc_init() in the startup code of the initial thread, before creating other threads. The alloc/free functions are thread-safe, but the initialization and deinitialization functions aren't." I'm a little confused here. Say, if I call mbedtls_memory_buffer_alloc_init() with a buffer in the main thread, how did all other threads use this memory (or how do all the threads know which memory block to use)? After calling mbedtls_memory_buffer_alloc_init() in the main thread, I can get the address of the buffer and pass it to the threads, do I have to call mbedtls_memory_buffer_alloc_init() again inside each thread? Thanks, Shariful On Mon, Jul 19, 2021 at 3:48 AM Gilles Peskine via mbed-tls < mbed-tls(a)lists.trustedfirmware.org> wrote: > Hi Shariful, > > First, please note that the library called PolarSSL with functions like > rsa_private() and memory_buffer_alloc_init() has not been supported for > several years. You should upgrade to Mbed TLS, with functions like > mbedtls_rsa_private() and mbedtls_memory_buffer_alloc_init(). That being > said, the memory_buffer_alloc module works in the same way. > > Normally, applications call mbedtls_memory_buffer_alloc_init() in the > startup code of the initial thread, before creating other threads. The > alloc/free functions are thread-safe, but the initialization and > deinitialization functions aren't. If you must call > mbedtls_memory_buffer_alloc_init() after creating other threads, make > sure that no thread calls mbedtls_calloc until > mbedtls_memory_buffer_alloc_init() has returned. > > The same principle applies to other parts of Mbed TLS that are > thread-safe. For example, only the RSA operations (encryption, > decryption, signature, verification, and also the low-level functions > mbedtls_rsa_public() and mbedtls_rsa_private()) are protected. So you > must finish setting up the RSA key inside one thread before you pass a > pointer to other threads. Similarly, only mbedtls_xxx_drbg_random() is > thread-safe, and the RNG setup (including mbedtls_xxx_drgb_seed()) > should be done as part of the initial application startup. > > Finally, note that mbedtls_rsa_private() alone cannot decrypt a message: > all it does it to apply the private key operation. To decrypt a simple > message encrypted with RSA-OAEP, call mbedtls_rsa_rsaes_oaep_decrypt() > or mbedtls_rsa_pkcs1_decrypt() with a key set up for > MBEDTLS_RSA_PKCS_V21 encoding. To use the legacy PKCS#1v1.5 mechanism, > call mbedtls_rsa_rsaes_pkcs1_v15_decrypt() or > mbedtls_rsa_pkcs1_decrypt() with a key set up for .MBEDTLS_RSA_PKCS_V15. > To decrypt a message using a RSA FDH hybrid scheme, you do need to call > mbedtls_rsa_private() since Mbed TLS doesn't support it natively, but > what this gives you is the intermediate secret from which you then need > to derive a symmetric key, not the message itself. > > Best regards, > > -- > Gilles Peskine > Mbed TLS developer > > On 18/07/2021 07:16, Shariful Alam via mbed-tls wrote: > > Hello, > > I have a simple example code to decrypt an encrypted message using > > *rsa_private()*. I use *memory_buffer_alloc_init(), *in order to use > > a static memory for the computation. I want to run my code > > concurrently. My code works with a single pthread. However, when I try > > to run more than one thread my program fails to decrypt. > > > > ** I check the same code without *memory_buffer_alloc_init(), *it > > works concurrently, without any issues at all. > > > > Therefore, I believe, the issue that I'm facing is coming from the use > > of static memory(e.g. *memory_buffer_alloc_init()*). The documentation > > of memorry_buffer_alloc.h shows, > > > > /** > > > > * \brief Initialize use of stack-based memory allocator. > > > > * The stack-based allocator does memory management > > inside the > > > > * presented buffer and does not call malloc() and free(). > > > > * It sets the global polarssl_malloc() and > > polarssl_free() pointers > > > > * to its own functions. > > > > * (Provided polarssl_malloc() and polarssl_free() are > > thread-safe if > > > > * POLARSSL_THREADING_C is defined) > > > > * > > > > * \note This code is not optimized and provides a > straight-forward > > > > * implementation of a stack-based memory allocator. > > > > * > > > > * \param buf buffer to use as heap > > > > * \param len size of the buffer > > > > * > > > > * \return 0 if successful > > > > */ > > > > > > So, I added the following configuration to the *config.h* file > > > > 1. #define POLARSSL_THREADING_PTHREAD > > 2. #define POLARSSL_THREADING_C > > > > But I'm still getting errors while decrypting. Any help on how to fix > > this? or what else should I add into the config.h file to > > make *memory_buffer_alloc_init() *thread-safe? Here is my sample > > code: https://pastebin.com/uyW3vknt <https://pastebin.com/uyW3vknt> > > > > Thanks, > > Shariful > > > > -- > mbed-tls mailing list > mbed-tls(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls >

4 years, 1 month

2
1
0 0

May I know why SHA224 is mandatory with SH256?

by David Hu

Hi, It seems that SHA224 is mandatory if SHA256 is selected, in Mbed TLS latest version, according to this new check below: #if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA224_C) #error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C" #endif May I know why SHA224 must be enabled with SHA256? Could you please point me to any reference/document? Best regards, Hu Ziji

4 years, 1 month

1
0
0 0

Re: [mbed-tls] How to setup config.h to make memory_buffer_alloc_init() thread-safe?

by Gilles Peskine

Hi Shariful, First, please note that the library called PolarSSL with functions like rsa_private() and memory_buffer_alloc_init() has not been supported for several years. You should upgrade to Mbed TLS, with functions like mbedtls_rsa_private() and mbedtls_memory_buffer_alloc_init(). That being said, the memory_buffer_alloc module works in the same way. Normally, applications call mbedtls_memory_buffer_alloc_init() in the startup code of the initial thread, before creating other threads. The alloc/free functions are thread-safe, but the initialization and deinitialization functions aren't. If you must call mbedtls_memory_buffer_alloc_init() after creating other threads, make sure that no thread calls mbedtls_calloc until mbedtls_memory_buffer_alloc_init() has returned. The same principle applies to other parts of Mbed TLS that are thread-safe. For example, only the RSA operations (encryption, decryption, signature, verification, and also the low-level functions mbedtls_rsa_public() and mbedtls_rsa_private()) are protected. So you must finish setting up the RSA key inside one thread before you pass a pointer to other threads. Similarly, only mbedtls_xxx_drbg_random() is thread-safe, and the RNG setup (including mbedtls_xxx_drgb_seed()) should be done as part of the initial application startup. Finally, note that mbedtls_rsa_private() alone cannot decrypt a message: all it does it to apply the private key operation. To decrypt a simple message encrypted with RSA-OAEP, call mbedtls_rsa_rsaes_oaep_decrypt() or mbedtls_rsa_pkcs1_decrypt() with a key set up for MBEDTLS_RSA_PKCS_V21 encoding. To use the legacy PKCS#1v1.5 mechanism, call mbedtls_rsa_rsaes_pkcs1_v15_decrypt() or mbedtls_rsa_pkcs1_decrypt() with a key set up for .MBEDTLS_RSA_PKCS_V15. To decrypt a message using a RSA FDH hybrid scheme, you do need to call mbedtls_rsa_private() since Mbed TLS doesn't support it natively, but what this gives you is the intermediate secret from which you then need to derive a symmetric key, not the message itself. Best regards, -- Gilles Peskine Mbed TLS developer On 18/07/2021 07:16, Shariful Alam via mbed-tls wrote: > Hello, > I have a simple example code to decrypt an encrypted message using > *rsa_private()*. I use *memory_buffer_alloc_init(), *in order to use > a static memory for the computation. I want to run my code > concurrently. My code works with a single pthread. However, when I try > to run more than one thread my program fails to decrypt. > > ** I check the same code without *memory_buffer_alloc_init(), *it > works concurrently, without any issues at all. > > Therefore, I believe, the issue that I'm facing is coming from the use > of static memory(e.g. *memory_buffer_alloc_init()*). The documentation > of memorry_buffer_alloc.h shows, > > /** > > * \brief Initialize use of stack-based memory allocator. > > * The stack-based allocator does memory management > inside the > > * presented buffer and does not call malloc() and free(). > > * It sets the global polarssl_malloc() and > polarssl_free() pointers > > * to its own functions. > > * (Provided polarssl_malloc() and polarssl_free() are > thread-safe if > > * POLARSSL_THREADING_C is defined) > > * > > * \note This code is not optimized and provides a straight-forward > > * implementation of a stack-based memory allocator. > > * > > * \param buf buffer to use as heap > > * \param len size of the buffer > > * > > * \return 0 if successful > > */ > > > So, I added the following configuration to the *config.h* file > > 1. #define POLARSSL_THREADING_PTHREAD > 2. #define POLARSSL_THREADING_C > > But I'm still getting errors while decrypting. Any help on how to fix > this? or what else should I add into the config.h file to > make *memory_buffer_alloc_init() *thread-safe? Here is my sample > code: https://pastebin.com/uyW3vknt <https://pastebin.com/uyW3vknt> > > Thanks, > Shariful >

4 years, 1 month

1
0
0 0

How to setup config.h to make memory_buffer_alloc_init() thread-safe?

by Shariful Alam

Hello, I have a simple example code to decrypt an encrypted message using *rsa_private()*. I use *memory_buffer_alloc_init(), *in order to use a static memory for the computation. I want to run my code concurrently. My code works with a single pthread. However, when I try to run more than one thread my program fails to decrypt. ** I check the same code without *memory_buffer_alloc_init(), *it works concurrently, without any issues at all. Therefore, I believe, the issue that I'm facing is coming from the use of static memory(e.g. *memory_buffer_alloc_init()*). The documentation of memorry_buffer_alloc.h shows, /** * \brief Initialize use of stack-based memory allocator. * The stack-based allocator does memory management inside the * presented buffer and does not call malloc() and free(). * It sets the global polarssl_malloc() and polarssl_free() > pointers * to its own functions. * (Provided polarssl_malloc() and polarssl_free() are thread-safe > if * POLARSSL_THREADING_C is defined) * * \note This code is not optimized and provides a straight-forward * implementation of a stack-based memory allocator. * * \param buf buffer to use as heap * \param len size of the buffer * * \return 0 if successful */ So, I added the following configuration to the *config.h* file 1. #define POLARSSL_THREADING_PTHREAD 2. #define POLARSSL_THREADING_C But I'm still getting errors while decrypting. Any help on how to fix this? or what else should I add into the config.h file to make *memory_buffer_alloc_init() *thread-safe? Here is my sample code: https://pastebin.com/uyW3vknt Thanks, Shariful

4 years, 1 month

1
1
0 0

question about sslv3 alert certificate unknown

by Ron Eggler

Hi, I'm working on a client application that will connect to an FTPS server (vsftpd) to download files. Now, I have ca-cert, cert and key files all setup to work with curl like: curl -3 -k -v --ftp-ssl --tlsv1.2 --ftp-ssl-reqd --ftp-pasv --verbose \ --ssl \ --cert ./en-cert.pem \ --cert-type PEM \ --key ./en-cert.key \ --key-type PEM \ --cacert ./ca-cert \ ftp://user:pass@10.10.100.1/test.txt -O Now, I use the same cert, key & ca-cert with mbedtls but am unable to handshake, mbedtls_ssl_handshake() keeps giving me an error, what is done in order: - init cert, ca-cert, key, entropy, drbg, ssl, config - parse ca-cert, cert & key - seed RNG - mbedtls_ctr_drbg_seed with mbedtls_hardware_poll - set config defaults MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT - mbedtls_ssl_conf_ca_chain - mbedtls_ssl_conf_rng with mbedtls_ctr_drbg_random - mbedtls_ssl_conf_dbg - mbedtls_ssl_conf_own_cert - mbedtls_ssl_setup - mbedtls_ssl_set_bio - mbedtls_ssl_handshake which up to the handshake all seems to go through without any issues. When I look at it with wireshark, I see something like: Response: 234 Proceed with negotiation. Request:looks like the certificate jumbled up Response 500 OOPS: Response :SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown Any hints on how I best go about troubleshooting this? I have confirmed that ca-cert, cert & key are identical to the ones that are used for the above curl command. Thanks,

4 years, 1 month

1
0
0 0

Re: [mbed-tls] Question about dynamic linking, versioning and API/ABI stability

by Janos Follath

Hi, Semantic versioning applies only to API compatibility but not for ABI. When we break the ABI we increase the SO version for that part of the library and this is how linux distributions normally track our ABI compatibility. Additionally, we try very hard not to break ABI at all in LTS versions. You can find a detailed description what Mbed TLS promises regarding API/ABI compatibility: https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md Kind regards, Janos From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Hugues De Valon via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Date: Wednesday, 14 July 2021 at 17:09 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] Question about dynamic linking, versioning and API/ABI stability Hello, We are using Mbed Crypto in our Parsec project through the psa-crypto Rust crate (https://github.com/parallaxsecond/rust-psa-crypto). We currently have Mbed Crypto through Mbed TLS 2.25.0 which we build statically from scratch by default. We also offer the option to dynamically link with an Mbed Crypto library available on the system. Ideally, this would offer an easy and simple way to patch bug fixes without having to recompile everything. However, as we observed API (and probably ABI) breaking changes over the past versions of Mbed TLS we were wondering if this (dynamic linking) was a model we should promote at all. Is there a semantic versioning process currently applied in Mbed TLS? If we use Mbed TLS 3.0.0 in our crate, can we be sure than 3.x.y versions won’t contain any API/ABI breaking changes or is there nothing of the sort? I believe that Mbed Crypto is catching up to be fully compliant with PSA Crypto 1.0.1. Once that will be the case, will its API/ABI be stable and follow the PSA Crypto semantic versioning? It might be that the good solution is that we shouldn’t dynamically link with Mbed Crypto but always compile it from scratch as we do by default. I am just sending this email so that we follow the good approach! Kind regards, Hugues

4 years, 1 month

2
2
0 0

Question about dynamic linking, versioning and API/ABI stability

by Hugues De Valon

Hello, We are using Mbed Crypto in our Parsec project through the psa-crypto Rust crate (https://github.com/parallaxsecond/rust-psa-crypto). We currently have Mbed Crypto through Mbed TLS 2.25.0 which we build statically from scratch by default. We also offer the option to dynamically link with an Mbed Crypto library available on the system. Ideally, this would offer an easy and simple way to patch bug fixes without having to recompile everything. However, as we observed API (and probably ABI) breaking changes over the past versions of Mbed TLS we were wondering if this (dynamic linking) was a model we should promote at all. Is there a semantic versioning process currently applied in Mbed TLS? If we use Mbed TLS 3.0.0 in our crate, can we be sure than 3.x.y versions won't contain any API/ABI breaking changes or is there nothing of the sort? I believe that Mbed Crypto is catching up to be fully compliant with PSA Crypto 1.0.1. Once that will be the case, will its API/ABI be stable and follow the PSA Crypto semantic versioning? It might be that the good solution is that we shouldn't dynamically link with Mbed Crypto but always compile it from scratch as we do by default. I am just sending this email so that we follow the good approach! Kind regards, Hugues

4 years, 2 months

1
0
0 0

serial communication in FTP

by Sunil Jain

Hello, we are using the mbed-tls for secure communication for FTP. FTP server is handling the client hello serially one at a time, one communication is blocking other clients to communicate. What could be the reason and how to solve this issue. -- Thanks and Regards, Sunil Jain

4 years, 2 months

1
0
0 0

Mbed TLS: Release of Mbed TLS 3.0.0, 2.27.0, and 2.16.11

by Dave Rodgman

Hi Mbed TLS users, We are pleased to announce the release of Mbed TLS versions 3.0.0, 2.27.0 and 2.16.11. These releases of Mbed TLS address several security issues, and provide bug fixes and enhancements. Mbed TLS 3.0.0 also brings many API-breaking changes. Full details, including security advisories, are available in the release notes: https://github.com/ARMmbed/mbedtls/releases/tag/v3.0.0 https://github.com/ARMmbed/mbedtls/releases/tag/v2.27.0 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11 We recommend all users to consider whether they are impacted, and to upgrade appropriately. Dave Rodgman

4 years, 2 months

1
0
0 0

Mbed TLS: Release of Mbed TLS 3.0.0, 2.27.0, and 2.16.11

by Dave Rodgman

Hi Mbed TLS users, We are pleased to announce the release of Mbed TLS versions 3.0.0, 2.27.0 and 2.16.11. These releases of Mbed TLS address several security issues, and provide bug fixes and enhancements. Mbed TLS 3.0.0 also brings many API-breaking changes. Full details, including security advisories, are available in the release notes: https://github.com/ARMmbed/mbedtls/releases/tag/v3.0.0 https://github.com/ARMmbed/mbedtls/releases/tag/v2.27.0 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11 We recommend all users to consider whether they are impacted, and to upgrade appropriately. Dave Rodgman

4 years, 2 months

1
0
0 0

Re: [mbed-tls] mbedtls_x509_crt_parse returned -0x2180

by Danny Backx

Gilles, Thanks for getting me to try to read DER files. There must definitely be something wrong in that area. I am speficying support for PEM in the build but reading DER gets me past that error. Searching further :-) Again, thanks Danny On 05/07/2021 20:27, Gilles Peskine via mbed-tls wrote: > Hello, > > The first thing when you see an unexpected error code is to look up the > corresponding error message. Mbed TLS comes with a utility for that: > > programs/util/strerror 0x2180 > Last error was: -0x2180 - X509 - The CRT/CRL/CSR format is invalid, > e.g. different type expected > > You can also search the error code in the source code: > > grep 0x2180 include/mbedtls/*.h > include/mbedtls/x509.h:#define > MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180 /**< The > CRT/CRL/CSR format is invalid, e.g. different type expected. */ > > At first glance it looks like there's only one case for which CRT > parsing return MBEDTLS_ERR_X509_INVALID_FORMAT as opposed to > (MBEDTLS_ERR_X509_INVALID_FORMAT + low_level_error_code), and that's if > the certificate doesn't parse like a DER format at the top level. A > plausible reason for that is that the certificate is in PEM format and > your build has PEM support turned off. If that's the case, convert the > certifcate to DER when you copy it to the device. You can use the Mbed > TLS utility programs/util/pem2der for that. > > Best regards, > -- Danny Backx - dannybackx(a)telenet.be - http://danny.backx.info

4 years, 2 months

1
0
0 0

SHA NI support in mbedtls

by Lu, Jingdong

Hi, mbedtls experts I note that there is AES NI support (aesni.c) on x86 platform. I'm wondering why there is no SHA NI support for SHA1 and SHA256? How can I get SHA NI support? Should I choose another crypto library? Thanks, Jingdong

4 years, 2 months

1
0
0 0

Re: [mbed-tls] mbedtls_x509_crt_parse returned -0x2180

by Gilles Peskine

Hello, The first thing when you see an unexpected error code is to look up the corresponding error message. Mbed TLS comes with a utility for that: programs/util/strerror 0x2180 Last error was: -0x2180 - X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected You can also search the error code in the source code: grep 0x2180 include/mbedtls/*.h include/mbedtls/x509.h:#define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180 /**< The CRT/CRL/CSR format is invalid, e.g. different type expected. */ At first glance it looks like there's only one case for which CRT parsing return MBEDTLS_ERR_X509_INVALID_FORMAT as opposed to (MBEDTLS_ERR_X509_INVALID_FORMAT + low_level_error_code), and that's if the certificate doesn't parse like a DER format at the top level. A plausible reason for that is that the certificate is in PEM format and your build has PEM support turned off. If that's the case, convert the certifcate to DER when you copy it to the device. You can use the Mbed TLS utility programs/util/pem2der for that. Best regards, -- Gilles Peskine Mbed TLS developer On 05/07/2021 18:10, Danny Backx via mbed-tls wrote: > > Hi, > > I must be missing something obvious but my code (on an ESP32) fails to > accept an incoming connection. > > I tried the same certificate on an ESP32 sample, and it appears to > work there. > > Does anyone have a clue where to look next ? > > Danny > > I (16:06:51.481) esp_https_server: performing session handshake > E (16:06:51.483) x509_crt: x509_crt_parse_der_core -> 0x2180 > E (16:06:51.484) esp_tls_mbedtls: set_pki_context: public_cert > 0x3ffdb924, len 5750 -> ret 0x2180 > E (16:06:51.493) esp-tls-mbedtls: mbedtls_x509_crt_parse returned -0x2180 > E (16:06:51.501) esp-tls-mbedtls: Failed to set server pki context > E (16:06:51.508) esp-tls-mbedtls: Failed to set server configurations > E (16:06:51.515) esp-tls-mbedtls: create_ssl_handle failed > E (16:06:51.521) esp_https_server: esp_tls_create_server_session failed > W (16:06:51.528) httpd: httpd_accept_conn: session creation failed > W (16:06:51.538) httpd: httpd_server: error accepting new connection > > -- > Danny Backx - dannybackx(a)telenet.be - http://danny.backx.info >

4 years, 2 months

1
0
0 0

mbedtls_x509_crt_parse returned -0x2180

by Danny Backx

Hi, I must be missing something obvious but my code (on an ESP32) fails to accept an incoming connection. I tried the same certificate on an ESP32 sample, and it appears to work there. Does anyone have a clue where to look next ? Danny I (16:06:51.481) esp_https_server: performing session handshake E (16:06:51.483) x509_crt: x509_crt_parse_der_core -> 0x2180 E (16:06:51.484) esp_tls_mbedtls: set_pki_context: public_cert 0x3ffdb924, len 5750 -> ret 0x2180 E (16:06:51.493) esp-tls-mbedtls: mbedtls_x509_crt_parse returned -0x2180 E (16:06:51.501) esp-tls-mbedtls: Failed to set server pki context E (16:06:51.508) esp-tls-mbedtls: Failed to set server configurations E (16:06:51.515) esp-tls-mbedtls: create_ssl_handle failed E (16:06:51.521) esp_https_server: esp_tls_create_server_session failed W (16:06:51.528) httpd: httpd_accept_conn: session creation failed W (16:06:51.538) httpd: httpd_server: error accepting new connection -- Danny Backx - dannybackx(a)telenet.be - http://danny.backx.info

4 years, 2 months

1
0
0 0

Hardware CCM decrypt failure

by Navin Reddy

Hello everyone, I am currently evaluating SSL with a local server and an STM32 device. I'm unable to figure out why the decryption fails with CCM as the cipher suite. FYI: I am using MbedTLS *v2.14.1.* *Setup*: I'm using *x86 local server* with *STM32* device as a client. Here is what happens- 1. Software CCM implementation on the client: When I use the *software* implementation of the CCM. Handshake and decryption is *successful*. Therefore, I can stream the data from STM32 and read it on the local server. 2. Hardware CCM implementation with MBEDTLS_CCM_ALT: I have used ccm_alt.c provided from STM32Cube v1.9.0. Here, the handshake is successful. But *decrypting* the message *fails*. The errors are: ssl_decrypt_buf() returned -29056 (-0x7180) mbedtls_ssl_read_record() returned -29056 (-0x7180) Checks performed: - Same certificates are used for SW and HW implementations. - CCM self test returns '0' for both HW and SW CCM implementations. - I have reserved enough heap, no memory issues. Please find all the necessary data in the attachment provided. I have added the logs from the server and the client. I have added the certificates and the code files as well. It would be of great help if somebody could point at what might be going wrong. Thank you! Best regards, Navin

4 years, 2 months

1
0
0 0

Re: [mbed-tls] Is the a version that can use the EdDSA signature algorithm currently?

by Janos Follath

Hi Shudong, Mbed TLS currently does not provide EdDSA. The contribution by @aurel32 is a first step in this direction. The work leading up to a fully functional EdDSA implementation is tracked here: https://github.com/ARMmbed/mbedtls/projects/2#column-11150355 Kind regards, Janos From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Shudong Zhang via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Date: Wednesday, 30 June 2021 at 07:28 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] Is the a version that can use the EdDSA signature algorithm currently? Hello, I want to use EdDSA signature algorithm, but I did’t find API for it in 2.26.0.Then I searched in the issue of Github and I found @aurel32 contributed some code about ed25519.But I am still not sure whether there are any versions under development that provide interface functions for EdDSA signature algorithm. Can someone help me answer my question? Thanks and kind regards, Shudong

4 years, 2 months

1
0
0 0

Is the a version that can use the EdDSA signature algorithm currently?

by Shudong Zhang

Hello, I want to use EdDSA signature algorithm, but I did’t find API for it in 2.26.0.Then I searched in the issue of Github and I found @aurel32 contributed some code about ed25519.But I am still not sure whether there are any versions under development that provide interface functions for EdDSA signature algorithm. Can someone help me answer my question? Thanks and kind regards, Shudong

4 years, 2 months

1
0
0 0

How to include alternate name in CSR

by Danny Backx

Hi, I have an ACME client library for esp32, and I try to extend it to support multiple host names. First step is to include alternate names in the CSR. After I tried the ARMmbed issues forum, I was pointed to this list. My code is in http://svn.code.sf.net/p/esp32-acme-client/code/trunk/libraries/acmeclient/… <http://svn.code.sf.net/p/esp32-acme-client/code/trunk/libraries/acmeclient/…> (see function Acme::CreateAltUrlList) , the function below is an attempt to do what I described, but doesn't work. Can anyone help ? Danny int Acme::CreateAltUrlList(mbedtls_x509write_csr req) { int l = 20; int ret; for (int i=0; alt_urls[i]; i++) { l += strlen(alt_urls[i]) + 20; } unsigned char *buf = (unsigned char *)malloc(l), *p = buf + l; int len = 0; for (int i=0; alt_urls[i]; i++) { MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(&p, buf, (const unsigned char *)alt_urls[i], strlen(alt_urls[i]))); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, strlen(alt_urls[i]))); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)); } MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, len)); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); if ((ret = mbedtls_x509write_csr_set_extension(&req, MBEDTLS_OID_SUBJECT_ALT_NAME, MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_ALT_NAME), (const unsigned char *)p, len)) != 0) { char errbuf[80]; mbedtls_strerror(ret, errbuf, sizeof(errbuf)); ESP_LOGE(acme_tag, "%s: mbedtls_x509write_csr_set_extension failed %s (0x%04x)", *__FUNCTION__*, errbuf, -ret); } free(buf); ESP_LOGD(acme_tag, "%s: ret %d", *__FUNCTION*__, ret); return ret; } -- Danny Backx - dannybackx(a)telenet.be - http://danny.backx.info

4 years, 2 months

1
0
0 0

Re: [mbed-tls] List archive?

by Shebu Varghese Kuriakose

Hi David, Archive can be found here https://lists.trustedfirmware.org/pipermail/mbed-tls/ https://lists.trustedfirmware.org/pipermail/psa-crypto/ Regards, Shebu -----Original Message----- From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> On Behalf Of David Higton via mbed-tls Sent: Friday, June 25, 2021 2:51 PM To: mbed-tls(a)lists.trustedfirmware.org Subject: [mbed-tls] List archive? Hi everybody, I've just joined the list. The first thing I did was to try to find an archive of list postings, but I haven't found one. Is there one, and, if so, where do I find it? The information may have been staring me in the face; if that's the case, I apologise. David -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls

4 years, 2 months

1
1
0 0

List archive?

by David Higton

Hi everybody, I've just joined the list. The first thing I did was to try to find an archive of list postings, but I haven't found one. Is there one, and, if so, where do I find it? The information may have been staring me in the face; if that's the case, I apologise. David

4 years, 2 months

1
0
0 0

Re: [mbed-tls] Is TCP integrated in mbed-TLS?

by Janos Follath

Hi Anasasija, Mbed TLS is entirely agnostic of the communication channel or protocol. You can configure it to use any underlying layer, like TCP, UDP or even just a local buffer. That said, we have a module that makes it more convenient to use Mbed TLS with TCP (or UDP) on common platforms: https://github.com/ARMmbed/mbedtls/blob/development/include/mbedtls/net_soc… You can see an example for using the module in several sample applications, for example: https://github.com/ARMmbed/mbedtls/blob/development/programs/ssl/ssl_client… and https://github.com/ARMmbed/mbedtls/blob/development/programs/ssl/ssl_server… Kind regards, Janos From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of 1637062--- via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Date: Friday, 25 June 2021 at 09:27 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] Is TCP integrated in mbed-TLS? Hello, I am a Student and for my bachelor thesis I am working on a tool that is able to detect whether a server is vulnerable regarding Bleichenbacher's attack or not, testing multiple side channels. For this I am looking for a TLS implementation that has the TCP protocol integrated and generates the TCP messages. I was wondering if mbed-tls has the TCP integrated in the implementation or not. If so, I could make use of this information, too. Thanks and kind regards, Anastasija -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls

4 years, 2 months

1
0
0 0

Re: [mbed-tls] mbed-tls Digest, Vol 16, Issue 12

by Janos Follath

Hi Lijin, It still can be the endianness of the keys. If the key is reversed, there won’t be any discernible pattern or relationship between the derived secrets. Regards, Janos From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of T V LIJIN (EXT) via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Date: Friday, 25 June 2021 at 09:15 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: Re: [mbed-tls] mbed-tls Digest, Vol 16, Issue 12 Hello, We couldn't see word swap in the output from both the end. Issue doesn't look related to the endianness. Could you please confirm that the code used for ECDHE key exchange is proper? SHARED_SECRET (Computed on Client): 11 36 F7 DB 2B 14 BB 86 1C A0 FC DF 6D 4D 17 70 BE 4F D8 58 C2 11 67 10 42 D7 47 EB 14 4B 10 5E SHARED_SECRET(Computed on Sever): c6 96 d9 f0 ec 37 be 9e 1a 60 a4 5f 88 f2 13 d3 bb 98 15 3f 3b d9 81 37 c6 10 12 85 e5 8b 49 16 Thanks, LIJIN T V ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of mbed-tls-request(a)lists.trustedfirmware.org <mbed-tls-request(a)lists.trustedfirmware.org> Sent: Friday, June 25, 2021 4:52 AM To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: mbed-tls Digest, Vol 16, Issue 12 This message is from an external sender. Be cautious, especially with links and attachments. Send mbed-tls mailing list submissions to mbed-tls(a)lists.trustedfirmware.org To subscribe or unsubscribe via the World Wide Web, visit https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… or, via email, send a message with subject or body 'help' to mbed-tls-request(a)lists.trustedfirmware.org You can reach the person managing the list at mbed-tls-owner(a)lists.trustedfirmware.org When replying, please edit your Subject line so it is more specific than "Re: Contents of mbed-tls digest..." Today's Topics: 1. ECDHE Shared Secret is computed differently (T V LIJIN (EXT)) 2. Re: ECDHE Shared Secret is computed differently (Brian D.) 3. How does the bignum.c works? (Shariful Alam) ---------------------------------------------------------------------- Message: 1 Date: Thu, 24 Jun 2021 13:35:03 +0000 From: "T V LIJIN (EXT)" <lijin.tv(a)kone.com> To: "mbed-tls(a)lists.trustedfirmware.org" <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] ECDHE Shared Secret is computed differently Message-ID: <AS8PR07MB8006A77D2451AD93FAFDA3D8FE079(a)AS8PR07MB8006.eurprd07.prod.outlook.com> Content-Type: text/plain; charset="iso-8859-1" Hello , We are trying to perform an ECDHE key exchange between two devices running on different platforms.[one on Linux and another on RTOS] Both the devices use the same code to compute the ECDHE shared secret. The peer public parameters are exchanged in the base64 format and passed to the functions correctly , but the final shared secret computed seems to be different on both ends. We have tested the same source code on Visual studio and found working. I have attached the source files Could you please comment on why the computed shared secret are different on both the ends? Thanks, LIJIN T V

4 years, 2 months

1
0
0 0

Is TCP integrated in mbed-TLS?

by 1637062＠uni-wuppertal.de

Hello, I am a Student and for my bachelor thesis I am working on a tool that is able to detect whether a server is vulnerable regarding Bleichenbacher's attack or not, testing multiple side channels. For this I am looking for a TLS implementation that has the TCP protocol integrated and generates the TCP messages. I was wondering if mbed-tls has the TCP integrated in the implementation or not. If so, I could make use of this information, too. Thanks and kind regards, Anastasija

4 years, 2 months

1
0
0 0

Re: [mbed-tls] mbed-tls Digest, Vol 16, Issue 12

by T V LIJIN (EXT)

Hello, We couldn't see word swap in the output from both the end. Issue doesn't look related to the endianness. Could you please confirm that the code used for ECDHE key exchange is proper? SHARED_SECRET (Computed on Client): 11 36 F7 DB 2B 14 BB 86 1C A0 FC DF 6D 4D 17 70 BE 4F D8 58 C2 11 67 10 42 D7 47 EB 14 4B 10 5E SHARED_SECRET(Computed on Sever): c6 96 d9 f0 ec 37 be 9e 1a 60 a4 5f 88 f2 13 d3 bb 98 15 3f 3b d9 81 37 c6 10 12 85 e5 8b 49 16 Thanks, LIJIN T V ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of mbed-tls-request(a)lists.trustedfirmware.org <mbed-tls-request(a)lists.trustedfirmware.org> Sent: Friday, June 25, 2021 4:52 AM To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: mbed-tls Digest, Vol 16, Issue 12 This message is from an external sender. Be cautious, especially with links and attachments. Send mbed-tls mailing list submissions to mbed-tls(a)lists.trustedfirmware.org To subscribe or unsubscribe via the World Wide Web, visit https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… or, via email, send a message with subject or body 'help' to mbed-tls-request(a)lists.trustedfirmware.org You can reach the person managing the list at mbed-tls-owner(a)lists.trustedfirmware.org When replying, please edit your Subject line so it is more specific than "Re: Contents of mbed-tls digest..." Today's Topics: 1. ECDHE Shared Secret is computed differently (T V LIJIN (EXT)) 2. Re: ECDHE Shared Secret is computed differently (Brian D.) 3. How does the bignum.c works? (Shariful Alam) ---------------------------------------------------------------------- Message: 1 Date: Thu, 24 Jun 2021 13:35:03 +0000 From: "T V LIJIN (EXT)" <lijin.tv(a)kone.com> To: "mbed-tls(a)lists.trustedfirmware.org" <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] ECDHE Shared Secret is computed differently Message-ID: <AS8PR07MB8006A77D2451AD93FAFDA3D8FE079(a)AS8PR07MB8006.eurprd07.prod.outlook.com> Content-Type: text/plain; charset="iso-8859-1" Hello , We are trying to perform an ECDHE key exchange between two devices running on different platforms.[one on Linux and another on RTOS] Both the devices use the same code to compute the ECDHE shared secret. The peer public parameters are exchanged in the base64 format and passed to the functions correctly , but the final shared secret computed seems to be different on both ends. We have tested the same source code on Visual studio and found working. I have attached the source files Could you please comment on why the computed shared secret are different on both the ends? Thanks, LIJIN T V

4 years, 2 months

1
0
0 0

How does the bignum.c works?

by Shariful Alam

Hello, Can someone please briefly explain how does the bignum.c library works in terms of RSA? I understand that this is too broad a question to ask. but If someone can briefly explain the basic working mechanism it will be a great help. Thanks, Shariful

4 years, 2 months

1
0
0 0

Re: [mbed-tls] ECDHE Shared Secret is computed differently

by Brian D.

Hi Linjin, I am not part of the mbed-tls staff but I developed a lot with mbed library and I had your same problem. Try to check the byte order, I had issues when computing the shared secret because I had the little endian from the other side but mbed uses big endian. Try to do a quick test and this could resolve your problem, let me know! Bye, Brian 24 giu 2021, 15:35 da mbed-tls(a)lists.trustedfirmware.org: > Hello , > We are trying to perform an ECDHE key exchange between two devices running on different platforms.[one on Linux and another on RTOS] > Both the devices use the same code to compute the ECDHE shared secret. The peer public parameters are exchanged in the base64 format and passed to the functions correctly , but the final shared secret computed seems to be different on both ends. > We have tested the same source code on Visual studio and found working. > I have attached the source files > > Could you please comment on why the computed shared secret are different on both the ends? > > Thanks, > LIJIN T V >

4 years, 2 months

1
0
0 0

ECDHE Shared Secret is computed differently

by T V LIJIN (EXT)

Hello , We are trying to perform an ECDHE key exchange between two devices running on different platforms.[one on Linux and another on RTOS] Both the devices use the same code to compute the ECDHE shared secret. The peer public parameters are exchanged in the base64 format and passed to the functions correctly , but the final shared secret computed seems to be different on both ends. We have tested the same source code on Visual studio and found working. I have attached the source files Could you please comment on why the computed shared secret are different on both the ends? Thanks, LIJIN T V

4 years, 2 months

1
0
0 0

Re: [mbed-tls] Please help regarding [ERR ][TLSx]: mbedtls_ssl_handshake() failed: -0x7780 (-30592): SSL

by Gilles Peskine

Hi Victor, Looking through the ciphersuites your client sends, I think you've only enabled ECDHE ciphersuites, not DHE ciphersuites, which makes perfect sense, especially on an embedded device, since DH(E) is a lot slower than ECDH(E) for the same security level. So on the server you need to enable ECDHE ciphersuites. Best regards, -- Gilles Peskine Mbed TLS developer On 09/06/2021 23:03, victor Wolff via mbed-tls wrote: > > Hello > > I am relatively new to mbedTLS, but I'm trying to develop an MQTT > client running on an STM32 board connected to an ESP8266 MCU/WiFi > module. The client should publish messages to a local broker/server > where I am using Mosquitto for that purpose. > I want to test different Cipher suites but when I limiting the Server > to only accept one particle Cipher suite I receive an error from the > server point of view ï¿½1622667145: OpenSSL Error[0]: error:1417A0C1:SSL > routines:tls_post_process_client_hello:*no shared cipher*" > Which I find is strange because when I read through the debug list > presented below it says ï¿½[DBG ][TLSx]: ssl_cli.c:0884: |3| client > hello, add ciphersuite: c02cï¿½. > > ï¿½ > > I ï¿½thinkï¿½ I have enabled the "MBEDTLS_SHA256_C" in the config file > (mbed_lib.json) for the TLSsocket, and the cipher suites I have tested > so far to limit it for is: DHE-RSA-AES128-SHA |AES128-SHA | > DHE-RSA-AES128-SHA256. > > ï¿½ > > Could you please look at the debug list presented below to see if > anything looks suspicious, or if you have any ideas? > because I am truly lost and I am shooting in the dark trying to find > the answer online... > > Thank you sincerely in advance > Best regards Victor > > ï¿½ > > ï¿½ > > --------Debug list -------- > > ï¿½ > > AT< WIFI CONNECTED > > AT< WIFI GOT IP > > AT< > > AT= OK > > AT> AT+CIFSR > > AT< > > AT< AT+CIFSR > > AT< +CIFSR:APIP,"192.168.4.1" > > AT< +CIFSR:APMAC,"da:bf:c0:0d:c5:d8" > > AT= +CIFSR:STAIP,"192.168.10.103" > > AT< > > AT< +CIFSR:STAMAC,"d8:bf:c0:0d:c5:d8" > > AT< > > AT= OK > > Network interface opened successfully. > > ï¿½ > > Connecting to host 192.168.10.165:8883 ... > > Hello > > [INFO][TLSx]: Connecting to 192.168.10.165:8883 > > AT> AT+CIPSTART=0,"TCP","192.168.10.165",8883 > > AT< > > AT< AT+CIPSTART=0,"TCP","192.168.10.165",8883 > > AT< 0,CONNECT > > AT< > > AT= OK > > [INFO][TLSx]: Connected. > > [INFO][TLSx]: Starting the TLS handshake... > > [DBG ][TLSx]: ssl_tls.c:6335: |2| => handshake > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:3279: |2| client state: 0 > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2416: |2| => flush output > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2428: |2| <= flush output > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:3279: |2| client state: 1 > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2416: |2| => flush output > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2428: |2| <= flush output > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0717: |2| => write client hello > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0754: |3| client hello, max version: [3:3] > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0693: |3| client hello, current time: 14712 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0764: |3| dumping 'client hello, random bytes' > (32 bytes) > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0764: |3| 0000:ï¿½ 00 00 39 78 00 7d 4e 7a c5 43 > 7f d9 5b 0c cd 3fï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > ..9x.}Nz.C..[..? > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0764: |3| 0010:ï¿½ 01 a0 2f 60 8e a5 c1 54 1c 0e > 58 6a a3 da c0 7aï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > ../`...T..Xj...z > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0817: |3| client hello, session id len.: 0 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0818: |3| dumping 'client hello, session id' > (0 bytes) > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c02c > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c030 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c0ad > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c024 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c028 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c0af > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c02b > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c02f > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c0ac > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c023 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c027 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c0ae > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c038 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c037 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: 00a9 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c0a5 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: 00af > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c0a9 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: 00a8 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c0a4 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: 00ae > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c0a8 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0918: |3| client hello, got 23 ciphersuites > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0949: |3| client hello, compress len.: 1 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0950: |3| client hello, compress alg.: 0 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0071: |3| client hello, adding server name > extension: > 192.168.10ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ .165 > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0178: |3| client hello, adding > signature_algorithms extension > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0263: |3| client hello, adding > supported_elliptic_curves extensiï¿½ï¿½ï¿½ï¿½ï¿½ > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½on > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0326: |3| client hello, adding > supported_point_formats extension > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0507: |3| client hello, adding > encrypt_then_mac extension > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0541: |3| client hello, adding > extended_master_secret extension > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:0575: |3| client hello, adding session ticket > extension > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:1022: |3| client hello, total extension length: 73 > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2701: |2| => write record > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2835: |3| output record: msgtype = 22, version > = [3:1], msglen =ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½164 > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2840: |4| dumping 'output record sent to > network' (169 bytes) > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2840: |4| 0000:ï¿½ 16 03 01 00 a4 01 00 00 a0 03 > 03 00 00 39 78 00ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > .............9x. > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2840: |4| 0010:ï¿½ 7d 4e 7a c5 43 7f d9 5b 0c cd > 3f 01 a0 2f 60 8eï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > }Nz.C..[..?../`. > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2840: |4| 0020:ï¿½ a5 c1 54 1c 0e 58 6a a3 da c0 > 7a 00 00 2e c0 2cï¿½ï¿½ï¿½ï¿½ï¿½ > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½..T..Xj...z...., > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2840: |4| 0030:ï¿½ c0 30 c0 ad c0 24 c0 28 c0 af > c0 2b c0 2f c0 acï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > .0...$.(...+./.. > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2840: |4| 0040:ï¿½ c0 23 c0 27 c0 ae c0 38 c0 37 > 00 a9 c0 a5 00 afï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > .#.'...8.7...... > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2840: |4| 0050:ï¿½ c0 a9 00 a8 c0 a4 00 ae c0 a8 > 00 ff 01 00 00 49ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½...............I > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2840: |4| 0060:ï¿½ 00 00 00 13 00 11 00 00 0e 31 > 39 32 2e 31 36 38ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > .........192.168 > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2840: |4| 0070:ï¿½ 2e 31 30 2e 31 36 35 00 0d 00 > 12 00 10 06 03 06ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > .10.165......... > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2840: |4| 0080:ï¿½ 01 05 03 05 01 04 03 04 01 03 > 03 03 01 00 0a 00ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > ................ > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2840: |4| 0090:ï¿½ 06 00 04 00 18 00 17 00 0b 00 > 02 01 00 00 16 00ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½................ > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2840: |4| 00a0:ï¿½ 00 00 17 00 00 00 23 00 > 00ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > ......#.. > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2416: |2| => flush output > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2434: |2| message length: 169, out_left: 169 > > ï¿½ > > AT> AT+CIPSEND=0,169 > > AT< > > AT< AT+CIPSEND=0,169 > > AT< > > AT< OK > > AT= > > > [DBG ][TLSx]: ssl_tls.c:2441: |2| ssl->f_send() returned 169 (-0xffffff57) > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2460: |2| <= flush output > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2850: |2| <= write record > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:1049: |2| <= write client hello > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:3279: |2| client state: 2 > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2416: |2| => flush output > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2428: |2| <= flush output > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:1410: |2| => parse server hello > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:3728: |2| => read record > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2208: |2| => fetch input > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2365: |2| in_left: 0, nb_want: 5 > > ï¿½ > > AT< > > AT< Recv 169 bytes > > AT< > > AT< SEND OK > > AT< > > AT! +IPD > > AT= ,0,7: > > AT< 0,CLOSED > > [DBG ][TLSx]: ssl_tls.c:2389: |2| in_left: 0, nb_want: 5 > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:6345: |2| <= handshake > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:6335: |2| => handshake > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:3279: |2| client state: 2 > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2416: |2| => flush output > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2428: |2| <= flush output > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:1410: |2| => parse server hello > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:3728: |2| => read record > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2208: |2| => fetch input > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2365: |2| in_left: 0, nb_want: 5 > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2389: |2| in_left: 0, nb_want: 5 > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2391: |2| ssl->f_recv(_timeout)() returned 5 > (-0xfffffffb) > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2403: |2| <= fetch input > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:3479: |4| dumping 'input record header' (5 bytes) > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:3479: |4| 0000:ï¿½ 15 03 03 00 > 02ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½..... > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:3485: |3| input record: msgtype = 21, version > = [3:3], msglen =ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ 2 > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2208: |2| => fetch input > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2365: |2| in_left: 5, nb_want: 7 > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2389: |2| in_left: 5, nb_want: 7 > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2391: |2| ssl->f_recv(_timeout)() returned 2 > (-0xfffffffe) > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:2403: |2| <= fetch input > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:3656: |4| dumping 'input record from network' > (7 bytes) > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:3656: |4| 0000:ï¿½ 15 03 03 00 02 02 > 28ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½......( > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:3960: |2| got an alert message, type: [2:40] > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:3968: |1| is a fatal alert message (msg 40) > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:3744: |1| mbedtls_ssl_handle_message_type() > returned -30592 (-0xï¿½ï¿½ï¿½ > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½7780) > > ï¿½ > > [DBG ][TLSx]: ssl_cli.c:1416: |1| mbedtls_ssl_read_record() returned > -30592 (-0x7780) > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:6345: |2| <= handshake > > ï¿½ > > [ERR ][TLSx]: mbedtls_ssl_handshake() failed: -0x7780 (-30592): SSL > > AT> AT+CIPCLOSE=0 > > AT< AT+CIPCLOSE=0 > > AT< UNLINK > > AT< > > AT< ERROR > > AT> AT+CIPCLOSE=0 > > AT< AT+CIPCLOSE=0 > > AT< UNLINK > > AT< > > AT< ERROR > > ERROR: rc from TCP connect is -30592 > > [DBG ][TLSx]: ssl_tls.c:7055: |2| => free > > ï¿½ > > [DBG ][TLSx]: ssl_tls.c:7120: |2| <= free > > ï¿½ > > AT> AT+CWQAP > > AT< AT+CWQAP > > AT< > > AT= OK > >

4 years, 3 months

1
0
0 0

Re: [mbed-tls] export keys in pkcs8. plain or encrypted

by Gilles Peskine

Hi Andrey, Thank you for your interest in Mbed TLS! In general we welcome contributions to the project. Unfortunately, our limiting factor is bandwidth for review. In 2021 the Mbed TLS team has grown, so we have more time for reviews, but we are still struggling to catch up with the large backlog. There is already an old attempt to add unencrypted PKCS#8 writing support (https://github.com/ARMmbed/mbedtls/issues/1695 <https://github.com/ARMmbed/mbedtls/issues/1695>). There is a long pending request for encrypted PKCS#8 writing support (https://github.com/ARMmbed/mbedtls/issues/1372 <https://github.com/ARMmbed/mbedtls/issues/1372>) but I'm not aware of any prior implementation. We would be glad to have your contribution, but I must be honest and say it might take us several months to get around to it. Best regards, -- Gilles Peskine Mbed TLS developer On 09/06/2021 22:46, Андрей Макаров via mbed-tls wrote: > Recently I used mbedtls library in my working project. In accordance > with the needs of the project, I added some functions to mbedtls for > saving and loading keys in plain and encrypted pem and der forms. > The changes are still raw and should be brought up to pull request > requirements - there are no tests, since the functions tested as part > of a working project which uses mbedtls. I can, over time, finalize > the changes to a pull request, but it will take some time and effort > that you don't want to waste unnecessarily — this will have to be done > at my home time. > If there is an interest for this work, then I will try to do it, but > if few people need it or do not coincide with the general direction of > development of the project, then I would not bother. > To be done: 1) added mbedtls_pk_write_key_pkcs8_der() write > non-encrypted pkcs8 der key 2) added mbedtls_pk_write_key_pkcs8_pem() > write non-encrypted pkcs8 pem key 3) added > mbedtls_pk_write_key_encrypted_pem() write legacy encryped pem file > with DEK-Info header 4) added > mbedtls_pk_write_key_pkcs8_encrypted_der() write to encrypted pkcs8 > der key; pkcs5 pbes1, pkcs12 and pbes2 schemes are supported 5) added > mbedtls_pk_write_key_pkcs8_encrypted_pem() same as above but pem key > 6) changed mbedtls_pem_read_buffer() which reads legacy encrypted pem > formats (with DEK-Info header) now it uses mbedtls_cipher_… functions > which allow to use any supported cipher rather than four enforced (was > limited to des-cbc, des-ede3-cbc, ars-128-cbc and aes-256-cbc) 7) > changed pk_parse_key_pkcs8_encrypted_der() 7.1) added pkcs5 pbes1 > support MD5-DES-CB CpbeWithMD5AndDES-CBC) and SHA1-DES-CBC > (pbeWithSHA1AndDES-CBC) 7.2) changed pkcs12 pbe (use same cipher for > all SHA1-DES2-EDE-CBC (pbeWithSHAAnd2-KeyTripleDES-CBC), > SHA1-DES3-EDE-CBC (pbeWithSHAAnd3-KeyTripleDES-CBC) and SHA1-RC4-128 > (pbeWithSHA1And128BitRC4); (the special > mbedtls_pkcs12_pbe_sha1_rc4_128() is not used now and may be removed) > 7.3) changed pkcs5 pbes2 support: added AES-128-CBC and AES-256-CBC > ciphers Some «preview» is available at fork > https://github.com/loafer-mka/mbedtls > <https://github.com/loafer-mka/mbedtls>, branch ‘dev_clean’ Of course, > many changes relate to obsolete formats, and may be undesirable … also > I do not touch PSK at all. > Please, give me some feedback — try to finish this with tests, pull > request, etc or not. ----------- Regards, Andrey >

4 years, 3 months

1
0
0 0

Re: [mbed-tls] mbedtls_ssl_set_bio hangs

by Ron Eggler

Just finishing off this thread: The issue appeared due to an invalid pointer access else where in the application that coincided with the mbedtls_ssl_set_bio function. Working on resolution now. Thanks for all the help, pointers & hints from the list! On 2021-06-08 2:27 p.m., Ron Eggler via mbed-tls wrote: > > Yes, there's some kind of "memory magic" going on here: > > The task got terminated due to "Load from invalid memory" > > and I see: > > |Instruction at 0x6310604d is trying to load data at 0x4, which is an > invalid memory area. You are probably dereferencing a NULL pointer.| > > |and i got some trace back addresses that point to:| > > * > > mbedtls_aes_crypt_ecb > > * > > mbedtls_ctr_drbg_random_with_add > > * > > mbedtls_ssl_handshake_step > > * > > mbedtls_ssl_handshake > > > || > > On 2021-06-08 11:43 a.m., Gilles Peskine via mbed-tls wrote: >> Hi Ron, >> >> This behavior can't be explained by the library code and the code you >> posted alone. There has to be something wrong elsewhere. >> >> Check that you aren't exceeding a limitation such as the stack size or >> the size of executable and data sections. If it can be an issue on your >> platform, check that load addresses are correct and sections don't >> overlap. Make sure there's no overlap with any device memory mapping either. >> >> Make sure that the whole binary is compiled with consistent settings. >> The layout of mbedtls_ssl_context can be influenced by the Mbed TLS >> configuration, so make sure that there's a single copy of >> mbedtls/config.h and both Mbed TLS itself and your application were >> built against that copy. The layout of mbedtls_ssl_context can also be >> influenced by compiler settings on some platforms (e.g. structure >> packing options), so make sure those are consistent across your build. >> >> That's all I can think of for now. It may help to add a lot of printf >> debugging with %p on various addresses, and compare these addresses with >> what you know about memory mappings on that platform. Good luck! >> >

4 years, 3 months

1
0
0 0

export keys in pkcs8. plain or encrypted

by Андрей Макаров

Recently I used mbedtls library in my working project. In accordance with the needs of the project, I added some functions to mbedtls for saving and loading keys in plain and encrypted pem and der forms. The changes are still raw and should be brought up to pull request requirements - there are no tests, since the functions tested as part of a working project which uses mbedtls. I can, over time, finalize the changes to a pull request, but it will take some time and effort that you don't want to waste unnecessarily — this will have to be done at my home time. If there is an interest for this work, then I will try to do it, but if few people need it or do not coincide with the general direction of development of the project, then I would not bother. To be done: 1) added mbedtls_pk_write_key_pkcs8_der() write non-encrypted pkcs8 der key 2) added mbedtls_pk_write_key_pkcs8_pem() write non-encrypted pkcs8 pem key 3) added mbedtls_pk_write_key_encrypted_pem() write legacy encryped pem file with DEK-Info header 4) added mbedtls_pk_write_key_pkcs8_encrypted_der() write to encrypted pkcs8 der key; pkcs5 pbes1, pkcs12 and pbes2 schemes are supported 5) added mbedtls_pk_write_key_pkcs8_encrypted_pem() same as above but pem key 6) changed mbedtls_pem_read_buffer() which reads legacy encrypted pem formats (with DEK-Info header) now it uses mbedtls_cipher_… functions which allow to use any supported cipher rather than four enforced (was limited to des-cbc, des-ede3-cbc, ars-128-cbc and aes-256-cbc) 7) changed pk_parse_key_pkcs8_encrypted_der() 7.1) added pkcs5 pbes1 support MD5-DES-CB CpbeWithMD5AndDES-CBC) and SHA1-DES-CBC (pbeWithSHA1AndDES-CBC) 7.2) changed pkcs12 pbe (use same cipher for all SHA1-DES2-EDE-CBC (pbeWithSHAAnd2-KeyTripleDES-CBC), SHA1-DES3-EDE-CBC (pbeWithSHAAnd3-KeyTripleDES-CBC) and SHA1-RC4-128 (pbeWithSHA1And128BitRC4); (the special mbedtls_pkcs12_pbe_sha1_rc4_128() is not used now and may be removed) 7.3) changed pkcs5 pbes2 support: added AES-128-CBC and AES-256-CBC ciphers Some «preview» is available at fork https://github.com/loafer-mka/mbedtls, branch ‘dev_clean’ Of course, many changes relate to obsolete formats, and may be undesirable … also I do not touch PSK at all. Please, give me some feedback — try to finish this with tests, pull request, etc or not. ----------- Regards, Andrey

4 years, 3 months

1
0
0 0

session resumption and renegotiation queries

by hardik dave

Dear All, I am having multiple queries regarding session resumption and renegotiation. I understand that normally session resumption is used at every new connection and session renegotiation is used on live connection. Our domain standards recommends to use session resumption to change session key ( or keyblock key_block = PRF(SecurityParameters.master_secret, "key expansion", SecurityParameters.server_random + SecurityParameters.client_random); ) at regular intervals without closing connection and session renegotiation to change master key at regular interval using session renegotiation. This is due to the fact that the connection will be long lasting. Query 1: I understand that mbedtls currently does not support session resumption on live connection. Is there any plan to include it in the near future? ( may be similar to openssl SSL_renegotiate_abbreviated api) Query 3: If the application wants to know if session renegotiation has happened as part of mbedtls_tls_read and mbedtls_tls_write, is there any callback/API for that? --> I am only thinking of using session->start comparison in application to know if session is renegotiated. Is there any better method? Query 4: Our requirement is to understand and log security event in case failure due to certificate verification fail (revoked/expired etc..) currently we use mbedtls_ssl_get_verify_result api for same There is a case when certificate becomes expired/revoked while doing session renegotiation, mbedtls_ssl_get_verify_result api returns value 0 in above case I am thinking in case of session renegotiation, a valid session will always be available (it will not be NULL in the method below) and session renegotiation failure information will be available with session_negotiate pointer instead of session pointer in the below function. uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ) { if( ssl->session != NULL ) return( ssl->session->verify_result ); if( ssl->session_negotiate != NULL ) return( ssl->session_negotiate->verify_result ); return( 0xFFFFFFFF ); } Am I using the right API to get certificate verify_result? should mbedtls_ssl_get_verify_result api checks give priority to session_negotiate then session? I think when there is a failure, the result will always be with session_negotiate, when success session_negotiate becomes NULL and session_negotiate pointers will be assigned to session pointers. uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ) { if( ssl->session_negotiate != NULL ) return( ssl->session_negotiate->verify_result ); if( ssl->session != NULL ) return( ssl->session->verify_result ); return( 0xFFFFFFFF ); } Kind request to guide me Thanks in advance Regards Hardik Dave

4 years, 3 months

1
0
0 0

Re: [mbed-tls] mbedtls_ssl_set_bio hangs

by Ron Eggler

Yes, there's some kind of "memory magic" going on here: The task got terminated due to "Load from invalid memory" and I see: |Instruction at 0x6310604d is trying to load data at 0x4, which is an invalid memory area. You are probably dereferencing a NULL pointer.| |and i got some trace back addresses that point to:| * mbedtls_aes_crypt_ecb * mbedtls_ctr_drbg_random_with_add * mbedtls_ssl_handshake_step * mbedtls_ssl_handshake || On 2021-06-08 11:43 a.m., Gilles Peskine via mbed-tls wrote: > Hi Ron, > > This behavior can't be explained by the library code and the code you > posted alone. There has to be something wrong elsewhere. > > Check that you aren't exceeding a limitation such as the stack size or > the size of executable and data sections. If it can be an issue on your > platform, check that load addresses are correct and sections don't > overlap. Make sure there's no overlap with any device memory mapping either. > > Make sure that the whole binary is compiled with consistent settings. > The layout of mbedtls_ssl_context can be influenced by the Mbed TLS > configuration, so make sure that there's a single copy of > mbedtls/config.h and both Mbed TLS itself and your application were > built against that copy. The layout of mbedtls_ssl_context can also be > influenced by compiler settings on some platforms (e.g. structure > packing options), so make sure those are consistent across your build. > > That's all I can think of for now. It may help to add a lot of printf > debugging with %p on various addresses, and compare these addresses with > what you know about memory mappings on that platform. Good luck! >

4 years, 3 months

1
0
0 0

Re: [mbed-tls] mbedtls_ssl_set_bio hangs

by Gilles Peskine

Hi Ron, This behavior can't be explained by the library code and the code you posted alone. There has to be something wrong elsewhere. Check that you aren't exceeding a limitation such as the stack size or the size of executable and data sections. If it can be an issue on your platform, check that load addresses are correct and sections don't overlap. Make sure there's no overlap with any device memory mapping either. Make sure that the whole binary is compiled with consistent settings. The layout of mbedtls_ssl_context can be influenced by the Mbed TLS configuration, so make sure that there's a single copy of mbedtls/config.h and both Mbed TLS itself and your application were built against that copy. The layout of mbedtls_ssl_context can also be influenced by compiler settings on some platforms (e.g. structure packing options), so make sure those are consistent across your build. That's all I can think of for now. It may help to add a lot of printf debugging with %p on various addresses, and compare these addresses with what you know about memory mappings on that platform. Good luck! -- Gilles Peskine Mbed TLS developer On 08/06/2021 19:16, Ron Eggler via mbed-tls wrote: > > On 2021-06-08 7:40 a.m., Ron Eggler via mbed-tls wrote: >> On 2021-06-08 12:28 a.m., Gilles Peskine via mbed-tls wrote: >>> Hi Ron, >>> >>> The code you've shown so far only consists of setup functions that >>> populate fields in the configuration structure, then in the context >>> structure. Communication has not started yet. mbedtls_ssl_set_bio in >>> particular is a very simple setter function. >>> >>> Where does the code actually hang? Have some messages already been >>> exchanged on the network at that point? Can you get a stack trace? >>> >>> Best regards, >>> >> Hi Gilles, >> >> Thank you for the response! >> >> I've inserted print statements after each of the setup functions and >> can see that it never gets past mbedtls_ssl_set_bio. The messages >> that have been exchanged, include the complete bring up and login of >> the control channel, on the data channel, I call >> mbedtls_x509_crt_init >> mbedtls_pk_init >> mbedtls_entropy_init >> mbedtls_ctr_drbg_init >> mbedtls_ssl_init >> mbedtls_ssl_config_init >> followed by the certificate and key file got parsing, seeding of the >> RNG and that's where the previously mentioned procedure with >> mbedtls_ssl_config_defaults() starts. >> I unfortunately do not have a debugger available on that platform and >> hence getting a stack trace won't be so straight forward. Do you have >> any pointers as to what could be the issue potentially? >> >> Thank you, >> >> Ron > > Okay, I've made some further findings: > > I changed the mbedtls_ssl_set_bio funmction so that I inserted a print > statement on entry and after every set line, like so: > > void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, > void *p_bio, > mbedtls_ssl_send_t *f_send, > mbedtls_ssl_recv_t *f_recv, > mbedtls_ssl_recv_timeout_t *f_recv_timeout ) > { > iprintf("mbedtls_ssl_set_bio::entry\n"); > ssl->p_bio = p_bio; > iprintf("mbedtls_ssl_set_bio::p_bio set\n"); > ssl->f_send = f_send; > iprintf("mbedtls_ssl_set_bio::f_send set\n"); > ssl->f_recv = f_recv; > iprintf("mbedtls_ssl_set_bio::f_recv set\n"); > ssl->f_recv_timeout = f_recv_timeout; > iprintf("mbedtls_ssl_set_bio::f_recv_timeout set\n"); > } > > and turns out, that I only see the very first print on > "mbedtls_ssl_set_bio::entry\n" and nothing there after, which leads me > to the believe that my *ssl is invalid which is odd as that variable > is also used for ret = mbedtls_ssl_setup( &ssl_d, &conf_d ); and it is > initialized at the beginning of the function with mbedtls_ssl_init( > &ssl_d ); > >

4 years, 3 months

1
0
0 0

Re: [mbed-tls] mbedtls_ssl_set_bio hangs

by Ron Eggler

On 2021-06-08 7:40 a.m., Ron Eggler via mbed-tls wrote: > On 2021-06-08 12:28 a.m., Gilles Peskine via mbed-tls wrote: >> Hi Ron, >> >> The code you've shown so far only consists of setup functions that >> populate fields in the configuration structure, then in the context >> structure. Communication has not started yet. mbedtls_ssl_set_bio in >> particular is a very simple setter function. >> >> Where does the code actually hang? Have some messages already been >> exchanged on the network at that point? Can you get a stack trace? >> >> Best regards, >> > Hi Gilles, > > Thank you for the response! > > I've inserted print statements after each of the setup functions and > can see that it never gets past mbedtls_ssl_set_bio. The messages that > have been exchanged, include the complete bring up and login of the > control channel, on the data channel, I call > mbedtls_x509_crt_init > mbedtls_pk_init > mbedtls_entropy_init > mbedtls_ctr_drbg_init > mbedtls_ssl_init > mbedtls_ssl_config_init > followed by the certificate and key file got parsing, seeding of the > RNG and that's where the previously mentioned procedure with > mbedtls_ssl_config_defaults() starts. > I unfortunately do not have a debugger available on that platform and > hence getting a stack trace won't be so straight forward. Do you have > any pointers as to what could be the issue potentially? > > Thank you, > > Ron Okay, I've made some further findings: I changed the mbedtls_ssl_set_bio funmction so that I inserted a print statement on entry and after every set line, like so: void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, void *p_bio, mbedtls_ssl_send_t *f_send, mbedtls_ssl_recv_t *f_recv, mbedtls_ssl_recv_timeout_t *f_recv_timeout ) { iprintf("mbedtls_ssl_set_bio::entry\n"); ssl->p_bio = p_bio; iprintf("mbedtls_ssl_set_bio::p_bio set\n"); ssl->f_send = f_send; iprintf("mbedtls_ssl_set_bio::f_send set\n"); ssl->f_recv = f_recv; iprintf("mbedtls_ssl_set_bio::f_recv set\n"); ssl->f_recv_timeout = f_recv_timeout; iprintf("mbedtls_ssl_set_bio::f_recv_timeout set\n"); } and turns out, that I only see the very first print on "mbedtls_ssl_set_bio::entry\n" and nothing there after, which leads me to the believe that my *ssl is invalid which is odd as that variable is also used for ret = mbedtls_ssl_setup( &ssl_d, &conf_d ); and it is initialized at the beginning of the function with mbedtls_ssl_init( &ssl_d );

4 years, 3 months

1
0
0 0

Re: [mbed-tls] mbedtls_ssl_set_bio hangs

by Ron Eggler

On 2021-06-08 12:28 a.m., Gilles Peskine via mbed-tls wrote: > Hi Ron, > > The code you've shown so far only consists of setup functions that > populate fields in the configuration structure, then in the context > structure. Communication has not started yet. mbedtls_ssl_set_bio in > particular is a very simple setter function. > > Where does the code actually hang? Have some messages already been > exchanged on the network at that point? Can you get a stack trace? > > Best regards, > Hi Gilles, Thank you for the response! I've inserted print statements after each of the setup functions and can see that it never gets past mbedtls_ssl_set_bio. The messages that have been exchanged, include the complete bring up and login of the control channel, on the data channel, I call mbedtls_x509_crt_init mbedtls_pk_init mbedtls_entropy_init mbedtls_ctr_drbg_init mbedtls_ssl_init mbedtls_ssl_config_init followed by the certificate and key file got parsing, seeding of the RNG and that's where the previously mentioned procedure with mbedtls_ssl_config_defaults() starts. I unfortunately do not have a debugger available on that platform and hence getting a stack trace won't be so straight forward. Do you have any pointers as to what could be the issue potentially? Thank you, Ron

4 years, 3 months

1
0
0 0

FW: How to map PSA method to openssl method

by Gyorgy Szing

Hi, Can you please help Jun to find an answer to is question? (See below.) /George ---------- Forwarded message --------- 发件人： Jun Nie <jun.nie(a)linaro.org> Date: 2021年6月7日周一下午2:31 Subject: How to map PSA method to openssl method To: <mbed-tls(a)lists.trustedfirmware.org> Hi, I want to sign a data on PC with openssl, and verifiy it with PSA-RoT on board. Does anybody know how to map PSA method to openssl method? Such as: psa_sign_hash(key_handle, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), hash, hash_len, sig, sizeof(sig), sig_len); Regards, Jun

4 years, 3 months

1
0
0 0

Re: [mbed-tls] mbedtls_ssl_set_bio hangs

by Gilles Peskine

Hi Ron, The code you've shown so far only consists of setup functions that populate fields in the configuration structure, then in the context structure. Communication has not started yet. mbedtls_ssl_set_bio in particular is a very simple setter function. Where does the code actually hang? Have some messages already been exchanged on the network at that point? Can you get a stack trace? Best regards, -- Gilles Peskine Mbed TLS developer On 08/06/2021 02:30, Ron Eggler via mbed-tls wrote: > > On 2021-06-07 5:00 p.m., Ron Eggler via mbed-tls wrote: >> Hi, >> >> >> i'm in the process of wrioting an FTPS client for a system running on >> uCOS. >> >> I've been able to setup the control channel fine and working on >> setting up the data channel for a simple list command execution. >> >> It seems like I seem able to setup everything fine but the call to >> mbedtls_ssl_set_bio() hangs even though I set it to execute the >> timeout function like: >> >> mbedtls_ssl_set_bio( &ssl_d, >> &data_fd, >> mbedtls_tls_send, >> NULL, >> mbedtls_tls_recv_timeout); >> >> Where the mbed_tls_recv_timeout looks like: >> >> https://pastebin.com/Jw3iLc0x >> >> The current connection uses ipv4, i.e. the select () branch is >> active. I never see the timed out message. Any idea what may be going >> on here? >> >> Thank you, >> >> Ron >> > A bit more detail: as for what comes before the mbedtls_ssl_set_bio() > call: > > ret = mbedtls_ssl_config_defaults(&conf_d, > MBEDTLS_SSL_IS_CLIENT, > MBEDTLS_SSL_TRANSPORT_STREAM, > MBEDTLS_SSL_PRESET_DEFAULT); > > mbedtls_ssl_conf_authmode( &conf_d, MBEDTLS_SSL_VERIFY_OPTIONAL); > mbedtls_ssl_conf_ca_chain( &conf_d, &cacert_d, NULL ); > mbedtls_ssl_conf_rng(&conf_d, mbedtls_ctr_drbg_random, &ctr_drbg_d ); > mbedtls_ssl_conf_dbg(&conf_d, mydebug, stdout); > ret = mbedtls_ssl_conf_own_cert( &conf_d, &clicert_d, &pkey_d); > > ret = mbedtls_ssl_setup( &ssl_d, &conf_d ); > > mbedtls_ssl_set_bio( &ssl_d, > &data_fd, > mbedtls_tls_send, > NULL, > mbedtls_tls_recv_timeout); >

4 years, 3 months

1
0
0 0

Re: [mbed-tls] mbedtls_ssl_set_bio hangs

by Ron Eggler

On 2021-06-07 5:00 p.m., Ron Eggler via mbed-tls wrote: > Hi, > > > i'm in the process of wrioting an FTPS client for a system running on > uCOS. > > I've been able to setup the control channel fine and working on > setting up the data channel for a simple list command execution. > > It seems like I seem able to setup everything fine but the call to > mbedtls_ssl_set_bio() hangs even though I set it to execute the > timeout function like: > > mbedtls_ssl_set_bio( &ssl_d, > &data_fd, > mbedtls_tls_send, > NULL, > mbedtls_tls_recv_timeout); > > Where the mbed_tls_recv_timeout looks like: > > https://pastebin.com/Jw3iLc0x > > The current connection uses ipv4, i.e. the select () branch is active. > I never see the timed out message. Any idea what may be going on here? > > Thank you, > > Ron > A bit more detail: as for what comes before the mbedtls_ssl_set_bio() call: ret = mbedtls_ssl_config_defaults(&conf_d, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); mbedtls_ssl_conf_authmode( &conf_d, MBEDTLS_SSL_VERIFY_OPTIONAL); mbedtls_ssl_conf_ca_chain( &conf_d, &cacert_d, NULL ); mbedtls_ssl_conf_rng(&conf_d, mbedtls_ctr_drbg_random, &ctr_drbg_d ); mbedtls_ssl_conf_dbg(&conf_d, mydebug, stdout); ret = mbedtls_ssl_conf_own_cert( &conf_d, &clicert_d, &pkey_d); ret = mbedtls_ssl_setup( &ssl_d, &conf_d ); mbedtls_ssl_set_bio( &ssl_d, &data_fd, mbedtls_tls_send, NULL, mbedtls_tls_recv_timeout);

4 years, 3 months

1
0
0 0

mbedtls_ssl_set_bio hangs

by Ron Eggler

Hi, i'm in the process of wrioting an FTPS client for a system running on uCOS. I've been able to setup the control channel fine and working on setting up the data channel for a simple list command execution. It seems like I seem able to setup everything fine but the call to mbedtls_ssl_set_bio() hangs even though I set it to execute the timeout function like: mbedtls_ssl_set_bio( &ssl_d, &data_fd, mbedtls_tls_send, NULL, mbedtls_tls_recv_timeout); Where the mbed_tls_recv_timeout looks like: https://pastebin.com/Jw3iLc0x The current connection uses ipv4, i.e. the select () branch is active. I never see the timed out message. Any idea what may be going on here? Thank you, Ron

4 years, 3 months

1
0
0 0

Re: [mbed-tls] Signing without explicit private key

by Gilles Peskine

Hi Stefano, The pk module has limited support for opaque RSA keys, by using the RSA_ALT functionality (https://tls.mbed.org/kb/cryptography/use-external-rsa-private-key <https://tls.mbed.org/kb/cryptography/use-external-rsa-private-key>). There's no support for opaque EC keys. For a TLS server, you can use the asynchronous callback feature to use an opaque key. See https://tls.mbed.org/kb/how-to/ssl_async <https://tls.mbed.org/kb/how-to/ssl_async> The PSA crypto API supports opaque keys. On the application side, you need to use functions like psa_asymmetric_sign instead of mbedtls_pk_sign. On the hardware side, you need to implement a secure element driver for your crypto chip. Driver support is work in progress, and documentation and tooling are still sparse. The driver specifications are in https://github.com/ARMmbed/mbedtls/tree/development/docs/proposed <https://github.com/ARMmbed/mbedtls/tree/development/docs/proposed> . To add driver support, you currently need to edit library/psa_crypto_driver_wrappers.c and replace calls to the test driver by calls to your real driver. Best regards, -- Gilles Peskine Mbed TLS developer and PSA Crypto architect On 03/06/2021 17:20, stefano664 via mbed-tls wrote: > Hi all, > I'm using mbedTLS libraries with an OPTIGA cryptochip. At the > moment, when I call the sign function: > > err = mbedtls_pk_sign(&priv_key, MBEDTLS_MD_SHA384, hash, 0, sign, > &olen, mbedtls_ctr_drbg_random, &ctr_drbg); > > I need to pass it a valid private key else if it isn't used, because > alternative sign routine use the one into cryptochip. > > It is possible to avoid passing this key? > > Best regards, > Stefano Mologni >

4 years, 3 months

1
0
0 0

Re: [mbed-tls] Request for Support [Issue : Webserver handshake failing with self-signed certificate]

by Gilles Peskine

Hi Selin, Another thing to check is that the stack is large enough. Stack overflows can sometimes cause weird behavior. Other than that, I'm afraid I can't think of a reason why there would be an infinite loop involving mbedtls_mpi_cmp_mpi. To go further, I think you need to trace the program in a debugger, figure out what arguments are being passed to the functions, and where the infinite loop is. Best regards, -- Gilles Peskine Mbed TLS developer On 26/05/2021 10:24, Selin Chris via mbed-tls wrote: > Hi Gilles, > > Thanks for the quick reply. > > I migrated to version 2.16, and I have seen the same issue is still > there. Moreover, we have reseeded the RNG, still issue is there. > > > > I created a client and it's working fine, it's able to handshake and > send data to the server. Only problem is server communication where > control is going in infinite loop while creating server key exchange. > As you asked for the call stack of the loop, I am attaching the call > stack with this mail. > > Please support us. > > > > Thank you. > > > Regards, > > Selin. > > > > On Fri, May 21, 2021 at 5:30 PM > <mbed-tls-request(a)lists.trustedfirmware.org > <mailto:mbed-tls-request@lists.trustedfirmware.org>> wrote: > > Send mbed-tls mailing list submissions to > mbed-tls(a)lists.trustedfirmware.org > <mailto:mbed-tls@lists.trustedfirmware.org> > > To subscribe or unsubscribe via the World Wide Web, visit > > https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls > <https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls> > or, via email, send a message with subject or body 'help' to > mbed-tls-request(a)lists.trustedfirmware.org > <mailto:mbed-tls-request@lists.trustedfirmware.org> > > You can reach the person managing the list at > mbed-tls-owner(a)lists.trustedfirmware.org > <mailto:mbed-tls-owner@lists.trustedfirmware.org> > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of mbed-tls digest..." > > > Today's Topics: > > 1. Re: Request for Support [Issue : Webserver handshake failing > with self-signed certificate] (Gilles Peskine) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 20 May 2021 15:13:54 +0200 > From: Gilles Peskine <gilles.peskine(a)arm.com > <mailto:gilles.peskine@arm.com>> > To: mbed-tls(a)lists.trustedfirmware.org > <mailto:mbed-tls@lists.trustedfirmware.org> > Subject: Re: [mbed-tls] Request for Support [Issue : Webserver > handshake failing with self-signed certificate] > Message-ID: <93c3cd71-bdc1-c3ec-4bbc-89ff995a8444(a)arm.com > <mailto:93c3cd71-bdc1-c3ec-4bbc-89ff995a8444@arm.com>> > Content-Type: text/plain; charset=utf-8 > > Hi Selin, > > A possible problem could be a misconfigured random generator. However > this is purely speculation. Can you get a stack trace? Finding the > root > cause requires finding where mbedtls_mpi_cmp_mpi is called. > > Please note that Mbed TLS 2.16.3 has known bugs and > vulnerabilities. You > should upgrade to the latest bug-fixing version of the 2.16 > branch, 2.16.10. > > -- > Gilles Peskine > Mbed TLS developer > > On 20/05/2021 13:06, Selin Chris via mbed-tls wrote: > > > > Hi, > > > > Thank you for adding me to the mbed-tls mailing list. > > > > We have created a self-signed certificate with ECC key of > > MBEDTLS_ECP_DP_SECP256R1 type, since it is a self-signed certificate > > after we send the certificate to chrome from our web server it shows > > not trusted and goes to the page where we need to manually proceed > > with the acceptance of the certificate to allow further > communication. > > After this we again have to perform handshake for which we need to > > prepare the server key exchange, while preparing the server key > > exchange we notice that it is infinitely calling the > > mbedtls_mpi_cmp_mpi() function in bignum.c and the execution is not > > able to proceed hereafter. Sometimes we also see that when executing > > ssl_prepare_server_key_exchange() function in ssl_srv.c we find > > ciphersuite_info pointer as null and the program goes into data > panic > > due to that. We have checked our stacks and not seen any sign of > > corruption. > > > > The mbedtls version that we are using is mbedtls-2.16.3. > > Please find the attached wireshark trace during this scenario. > The IP > > 192.168.2.67 corresponds to our webserver and 192.168.2.100 the pc > > with the browser. > > > > Please let us know the root-cause of the issue and the actions to be > > taken to fix this - can you please expedite as this is a blocking > > issue in our project. > > > > Thanks for the support. > > > > Regards, > > Selin. > > > > > > > > > > ------------------------------ > > Subject: Digest Footer > > mbed-tls mailing list > mbed-tls(a)lists.trustedfirmware.org > <mailto:mbed-tls@lists.trustedfirmware.org> > https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls > <https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls> > > > ------------------------------ > > End of mbed-tls Digest, Vol 15, Issue 8 > *************************************** > >

4 years, 3 months

1
0
0 0

How to map PSA method to openssl method

by Jun Nie

Hi, I want to sign a data on PC with openssl, and verifiy it with PSA-RoT on board. Does anybody know how to map PSA method to openssl method? Such as: psa_sign_hash(key_handle, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), hash, hash_len, sig, sizeof(sig), sig_len); Regards, Jun

4 years, 3 months

1
0
0 0

Re: [mbed-tls] NV_SEED read working and write not working

by Janos Follath

Hi Gopi, FN_NV_SEED_WR supposed to be called the first time the entropy context is used to retrieve some entropy. This is tracked by the `initial_entropy_run` member in the `mbedtls_entropy_context` structure (on the initial run it is zero, non-zero otherwise). FN_NV_SEED_WR not being called might mean that your “Entropy” variable hasn’t been properly initialised or that it has been used before the callbacks are set. Please note that Mbed TLS 2.16.2 has known bugs and vulnerabilities. You should upgrade to the latest bug-fixing version of the 2.16 branch, 2.16.10. Best regards, Janos (Mbed TLS developer) From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Subramanian Gopi Krishnan via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Date: Friday, 4 June 2021 at 05:50 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Cc: T V LIJIN (EXT) <lijin.tv(a)kone.com> Subject: Re: [mbed-tls] NV_SEED read working and write not working Hi, I am working on a embedded platform, that does not has any entropy source except system ticks. To improve the randomness, I am trying to utilize NV_SEED operations. The version of mbedtls version 2.16.2 is being used. Configuration file I have enabled: #define MBEDTLS_ENTROPY_NV_SEED #define MBEDTLS_PLATFORM_NV_SEED_ALT After initializing and before seeding random number generator, I assign functions of nv seed read and write to platform seeding function as below. if( r = mbedtls_platform_set_nv_seed(FN_NV_SEED_RD, FN_NV_SEED_WR) ) { return( r ); } if( r = mbedtls_ctr_drbg_seed( &CtrDrbg, mbedtls_entropy_func, &Entropy, (const unsigned char *) u8SeedingString, (size_t)Length ) ) { return ( r ); } Later functions to generate random and free context. While running, I could see only the FN_NV_SEED_RD function is getting called. And, FN_NV_SEED_WR function is not getting called. I tried to add some print statements in mbedtls library function, mbedtls_entropy_update_nv_seed(). But it looks like, this function was never called by the library. 1. Anything else to be done? 2. someone could help me ensure NV_SEED is properly incorporated 3. How to trace the issue. Thanks, Gopi Krishnan

4 years, 3 months

2
1
0 0

NV_SEED read working and write not working

by Subramanian Gopi Krishnan

Hi, I am working on a embedded platform, that does not has any entropy source except system ticks. To improve the randomness, I am trying to utilize NV_SEED operations. Configuration file I have enabled: #define MBEDTLS_ENTROPY_NV_SEED #define MBEDTLS_PLATFORM_NV_SEED_ALT After initializing and before seeding random number generator, I assign functions of nv seed read and write to platform seeding function as below. if( r = mbedtls_platform_set_nv_seed(FN_NV_SEED_RD, FN_NV_SEED_WR) ) { return( r ); } if( r = mbedtls_ctr_drbg_seed( &CtrDrbg, mbedtls_entropy_func, &Entropy, (const unsigned char *) u8SeedingString, (size_t)Length ) ) { return ( r ); } Later functions to generate random and free context. While running, I could see only the FN_NV_SEED_RD function is getting called. And, FN_NV_SEED_WR function is not getting called. Could anyone suggest how to trace the issue. I do not have debugger on for my platform. I could debug only with print statements. Thanks, Gopi Krishnan

4 years, 3 months

1
1
0 0

Signing without explicit private key

by stefano664

Hi all, I'm using mbedTLS libraries with an OPTIGA cryptochip. At the moment, when I call the sign function: err = mbedtls_pk_sign(&priv_key, MBEDTLS_MD_SHA384, hash, 0, sign, &olen, mbedtls_ctr_drbg_random, &ctr_drbg); I need to pass it a valid private key else if it isn't used, because alternative sign routine use the one into cryptochip. It is possible to avoid passing this key? Best regards, Stefano Mologni

4 years, 3 months

1
0
0 0

Please help regarding [ERR ][TLSx]: mbedtls_ssl_handshake() failed: -0x7780 (-30592): SSL

by victor Wolff

Hello I am relatively new to mbedTLS, but I'm trying to develop an MQTT client running on an STM32 board connected to an ESP8266 MCU/WiFi module. The client should publish messages to a local broker/server where I am using Mosquitto for that purpose. I want to test different Cipher suites but when I limiting the Server to only accept one particle Cipher suite I receive an error from the server point of view "1622667145: OpenSSL Error[0]: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher" Which I find is strange because when I read through the debug list presented below it says "[DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c02c". I "think" I have enabled the "MBEDTLS_SHA256_C" in the config file (mbed_lib.json) for the TLSsocket, and the cipher suites I have tested so far to limit it for is: DHE-RSA-AES128-SHA |AES128-SHA | DHE-RSA-AES128-SHA256. Could you please look at the debug list presented below to see if anything looks suspicious, or if you have any ideas? because I am truly lost and I am shooting in the dark trying to find the answer online... Thank you sincerely in advance Best regards Victor --------Debug list -------- AT< WIFI CONNECTED AT< WIFI GOT IP AT< AT= OK AT> AT+CIFSR AT< AT< AT+CIFSR AT< +CIFSR:APIP,"192.168.4.1" AT< +CIFSR:APMAC,"da:bf:c0:0d:c5:d8" AT= +CIFSR:STAIP,"192.168.10.103" AT< AT< +CIFSR:STAMAC,"d8:bf:c0:0d:c5:d8" AT< AT= OK Network interface opened successfully. Connecting to host 192.168.10.165:8883 ... Hello [INFO][TLSx]: Connecting to 192.168.10.165:8883 AT> AT+CIPSTART=0,"TCP","192.168.10.165",8883 AT< AT< AT+CIPSTART=0,"TCP","192.168.10.165",8883 AT< 0,CONNECT AT< AT= OK [INFO][TLSx]: Connected. [INFO][TLSx]: Starting the TLS handshake... [DBG ][TLSx]: ssl_tls.c:6335: |2| => handshake [DBG ][TLSx]: ssl_cli.c:3279: |2| client state: 0 [DBG ][TLSx]: ssl_tls.c:2416: |2| => flush output [DBG ][TLSx]: ssl_tls.c:2428: |2| <= flush output [DBG ][TLSx]: ssl_cli.c:3279: |2| client state: 1 [DBG ][TLSx]: ssl_tls.c:2416: |2| => flush output [DBG ][TLSx]: ssl_tls.c:2428: |2| <= flush output [DBG ][TLSx]: ssl_cli.c:0717: |2| => write client hello [DBG ][TLSx]: ssl_cli.c:0754: |3| client hello, max version: [3:3] [DBG ][TLSx]: ssl_cli.c:0693: |3| client hello, current time: 14712 [DBG ][TLSx]: ssl_cli.c:0764: |3| dumping 'client hello, random bytes' (32 bytes) [DBG ][TLSx]: ssl_cli.c:0764: |3| 0000: 00 00 39 78 00 7d 4e 7a c5 43 7f d9 5b 0c cd 3f ..9x.}Nz.C..[..? [DBG ][TLSx]: ssl_cli.c:0764: |3| 0010: 01 a0 2f 60 8e a5 c1 54 1c 0e 58 6a a3 da c0 7a ../`...T..Xj...z [DBG ][TLSx]: ssl_cli.c:0817: |3| client hello, session id len.: 0 [DBG ][TLSx]: ssl_cli.c:0818: |3| dumping 'client hello, session id' (0 bytes) [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c02c [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c030 [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c0ad [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c024 [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c028 [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c0af [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c02b [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c02f [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c0ac [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c023 [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c027 [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c0ae [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c038 [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c037 [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: 00a9 [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c0a5 [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: 00af [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c0a9 [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: 00a8 [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c0a4 [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: 00ae [DBG ][TLSx]: ssl_cli.c:0884: |3| client hello, add ciphersuite: c0a8 [DBG ][TLSx]: ssl_cli.c:0918: |3| client hello, got 23 ciphersuites [DBG ][TLSx]: ssl_cli.c:0949: |3| client hello, compress len.: 1 [DBG ][TLSx]: ssl_cli.c:0950: |3| client hello, compress alg.: 0 [DBG ][TLSx]: ssl_cli.c:0071: |3| client hello, adding server name extension: 192.168.10 .165 [DBG ][TLSx]: ssl_cli.c:0178: |3| client hello, adding signature_algorithms extension [DBG ][TLSx]: ssl_cli.c:0263: |3| client hello, adding supported_elliptic_curves extensi on [DBG ][TLSx]: ssl_cli.c:0326: |3| client hello, adding supported_point_formats extension [DBG ][TLSx]: ssl_cli.c:0507: |3| client hello, adding encrypt_then_mac extension [DBG ][TLSx]: ssl_cli.c:0541: |3| client hello, adding extended_master_secret extension [DBG ][TLSx]: ssl_cli.c:0575: |3| client hello, adding session ticket extension [DBG ][TLSx]: ssl_cli.c:1022: |3| client hello, total extension length: 73 [DBG ][TLSx]: ssl_tls.c:2701: |2| => write record [DBG ][TLSx]: ssl_tls.c:2835: |3| output record: msgtype = 22, version = [3:1], msglen = 164 [DBG ][TLSx]: ssl_tls.c:2840: |4| dumping 'output record sent to network' (169 bytes) [DBG ][TLSx]: ssl_tls.c:2840: |4| 0000: 16 03 01 00 a4 01 00 00 a0 03 03 00 00 39 78 00 .............9x. [DBG ][TLSx]: ssl_tls.c:2840: |4| 0010: 7d 4e 7a c5 43 7f d9 5b 0c cd 3f 01 a0 2f 60 8e }Nz.C..[..?../`. [DBG ][TLSx]: ssl_tls.c:2840: |4| 0020: a5 c1 54 1c 0e 58 6a a3 da c0 7a 00 00 2e c0 2c ..T..Xj...z...., [DBG ][TLSx]: ssl_tls.c:2840: |4| 0030: c0 30 c0 ad c0 24 c0 28 c0 af c0 2b c0 2f c0 ac .0...$.(...+./.. [DBG ][TLSx]: ssl_tls.c:2840: |4| 0040: c0 23 c0 27 c0 ae c0 38 c0 37 00 a9 c0 a5 00 af .#.'...8.7...... [DBG ][TLSx]: ssl_tls.c:2840: |4| 0050: c0 a9 00 a8 c0 a4 00 ae c0 a8 00 ff 01 00 00 49 ...............I [DBG ][TLSx]: ssl_tls.c:2840: |4| 0060: 00 00 00 13 00 11 00 00 0e 31 39 32 2e 31 36 38 .........192.168 [DBG ][TLSx]: ssl_tls.c:2840: |4| 0070: 2e 31 30 2e 31 36 35 00 0d 00 12 00 10 06 03 06 .10.165......... [DBG ][TLSx]: ssl_tls.c:2840: |4| 0080: 01 05 03 05 01 04 03 04 01 03 03 03 01 00 0a 00 ................ [DBG ][TLSx]: ssl_tls.c:2840: |4| 0090: 06 00 04 00 18 00 17 00 0b 00 02 01 00 00 16 00 ................ [DBG ][TLSx]: ssl_tls.c:2840: |4| 00a0: 00 00 17 00 00 00 23 00 00 ......#.. [DBG ][TLSx]: ssl_tls.c:2416: |2| => flush output [DBG ][TLSx]: ssl_tls.c:2434: |2| message length: 169, out_left: 169 AT> AT+CIPSEND=0,169 AT< AT< AT+CIPSEND=0,169 AT< AT< OK AT= > [DBG ][TLSx]: ssl_tls.c:2441: |2| ssl->f_send() returned 169 (-0xffffff57) [DBG ][TLSx]: ssl_tls.c:2460: |2| <= flush output [DBG ][TLSx]: ssl_tls.c:2850: |2| <= write record [DBG ][TLSx]: ssl_cli.c:1049: |2| <= write client hello [DBG ][TLSx]: ssl_cli.c:3279: |2| client state: 2 [DBG ][TLSx]: ssl_tls.c:2416: |2| => flush output [DBG ][TLSx]: ssl_tls.c:2428: |2| <= flush output [DBG ][TLSx]: ssl_cli.c:1410: |2| => parse server hello [DBG ][TLSx]: ssl_tls.c:3728: |2| => read record [DBG ][TLSx]: ssl_tls.c:2208: |2| => fetch input [DBG ][TLSx]: ssl_tls.c:2365: |2| in_left: 0, nb_want: 5 AT< AT< Recv 169 bytes AT< AT< SEND OK AT< AT! +IPD AT= ,0,7: AT< 0,CLOSED [DBG ][TLSx]: ssl_tls.c:2389: |2| in_left: 0, nb_want: 5 [DBG ][TLSx]: ssl_tls.c:6345: |2| <= handshake [DBG ][TLSx]: ssl_tls.c:6335: |2| => handshake [DBG ][TLSx]: ssl_cli.c:3279: |2| client state: 2 [DBG ][TLSx]: ssl_tls.c:2416: |2| => flush output [DBG ][TLSx]: ssl_tls.c:2428: |2| <= flush output [DBG ][TLSx]: ssl_cli.c:1410: |2| => parse server hello [DBG ][TLSx]: ssl_tls.c:3728: |2| => read record [DBG ][TLSx]: ssl_tls.c:2208: |2| => fetch input [DBG ][TLSx]: ssl_tls.c:2365: |2| in_left: 0, nb_want: 5 [DBG ][TLSx]: ssl_tls.c:2389: |2| in_left: 0, nb_want: 5 [DBG ][TLSx]: ssl_tls.c:2391: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) [DBG ][TLSx]: ssl_tls.c:2403: |2| <= fetch input [DBG ][TLSx]: ssl_tls.c:3479: |4| dumping 'input record header' (5 bytes) [DBG ][TLSx]: ssl_tls.c:3479: |4| 0000: 15 03 03 00 02 ..... [DBG ][TLSx]: ssl_tls.c:3485: |3| input record: msgtype = 21, version = [3:3], msglen = 2 [DBG ][TLSx]: ssl_tls.c:2208: |2| => fetch input [DBG ][TLSx]: ssl_tls.c:2365: |2| in_left: 5, nb_want: 7 [DBG ][TLSx]: ssl_tls.c:2389: |2| in_left: 5, nb_want: 7 [DBG ][TLSx]: ssl_tls.c:2391: |2| ssl->f_recv(_timeout)() returned 2 (-0xfffffffe) [DBG ][TLSx]: ssl_tls.c:2403: |2| <= fetch input [DBG ][TLSx]: ssl_tls.c:3656: |4| dumping 'input record from network' (7 bytes) [DBG ][TLSx]: ssl_tls.c:3656: |4| 0000: 15 03 03 00 02 02 28 ......( [DBG ][TLSx]: ssl_tls.c:3960: |2| got an alert message, type: [2:40] [DBG ][TLSx]: ssl_tls.c:3968: |1| is a fatal alert message (msg 40) [DBG ][TLSx]: ssl_tls.c:3744: |1| mbedtls_ssl_handle_message_type() returned -30592 (-0x 7780) [DBG ][TLSx]: ssl_cli.c:1416: |1| mbedtls_ssl_read_record() returned -30592 (-0x7780) [DBG ][TLSx]: ssl_tls.c:6345: |2| <= handshake [ERR ][TLSx]: mbedtls_ssl_handshake() failed: -0x7780 (-30592): SSL AT> AT+CIPCLOSE=0 AT< AT+CIPCLOSE=0 AT< UNLINK AT< AT< ERROR AT> AT+CIPCLOSE=0 AT< AT+CIPCLOSE=0 AT< UNLINK AT< AT< ERROR ERROR: rc from TCP connect is -30592 [DBG ][TLSx]: ssl_tls.c:7055: |2| => free [DBG ][TLSx]: ssl_tls.c:7120: |2| <= free AT> AT+CWQAP AT< AT+CWQAP AT< AT= OK

4 years, 3 months

1
0
0 0

Parsing PKCS12 file

by Sunil Jain

Hello, We have requirements of parsing PKCS12 file in our project to import the certificate. I have seen the code and am not able to find the related API which can be used to parse the PKCS12 file. Do you have some sample example code which does this work? Thanks for your help. -- Regards, Sunil Jain

4 years, 3 months

1
0
0 0

FTP Data connection handshake is failing

by Sunil Jain

Hello, We are porting MbedTLS 2.16 for FTP server. There are 2 connection in FTP communication, Control and data. For control communication we are ok with handshake but data communication handshake is having issue. We have observed with FTP Client (FileZilla) our earlier implementation of FTP server with Mocana secure library, we used to send certificate and server key exchange in control communication handshake only, for Data communication handshake ServerHello and change cipher spec was sent. But in case of MbedTLS, we are sending certificate and server key exchange in data communication handshake also. FTP Client (FileZilla) is rejecting the handshake after receiving the server certificate server key exchange and from the FTP server as I believe it is expecting session resumption and FTP Server is waiting for client key exchange in handshake. In attached wireshark trace, packet number 1570 is having issue. When we tested this server with another FTP client (WinSCP), its working fine as this client is not expecting session resumption. As I go through the code documentation of MbedTLS, I found that we cannot set the session resumption at server side, only client side we can do this setting. How can we make FTP server ready with session resumption? Please support us. Thanks and Regards, Sunil

4 years, 3 months

1
0
0 0

ECDSA signature verification failure

by Nassim Eddequiouaq

Hi, I'm running into a signature verification issue with ECDSA. I've generated test values with python and have a working signature verification: --------- Python --------- In [66]: sig_bytes.hex() Out[66]: '30440220704fb7e4e51dc0f2f9bb0a3645d433bdd7ea23dff5e0e231449261f043c645db02203e648d4924c56b14004d984bcacf954e47ae6109db15597695664d06c0b782c2' In [67]: statement Out[67]: b'1:VALID_SESSION:2:xxxx' In [68]: key = load_pem_public_key(b'-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWaBFEuO91YcVK6mJqDtjCvRT8cE7\nfjKNmOxU/wYzSPVHyyZ0IhxY9 ...: UFwZKWO1iEWkeReHK/SNRk2rtvX4qX44g==\n-----END PUBLIC KEY-----\n') In [69]: key.verify(sig_bytes, statement, primitives.asymmetric.ec.ECDSA(primitives.hashes.SHA256())) Success ---------------------------- And have the following code on the mbedTLS C side which fails on mbedtls_ecdsa_read_signature(): --------- MbedTLS --------- uint8_t sha256_digest_buff[SHA256_DIGEST_BYTES] = { 0 }; uint8_t* message = (uint8_t*)"1:VALID_SESSION:2:xxxx"; uint8_t* public_key_pem = (uint8_t*)"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEc8uijCCOayvXQz5+2fjVjAbNraYf\nReDKcN8p5ttPedCXxr8A9rGcmA89pFcmpuDRvZgx+qiRC/pNcs0kqy1VVQ==\n-----END PUBLIC KEY-----\n"; uint8_t signature[70] = {0x30, 0x44, 0x02, 0x20, 0x70, 0x4f, 0xb7, 0xe4, 0xe5, 0x1d, 0xc0, 0xf2, 0xf9, 0xbb, 0x0a, 0x36, 0x45, 0xd4, 0x33, 0xbd, 0xd7, 0xea, 0x23, 0xdf, 0xf5, 0xe0, 0xe2, 0x31, 0x44, 0x92, 0x61, 0xf0, 0x43, 0xc6, 0x45, 0xdb, 0x02, 0x20, 0x3e, 0x64, 0x8d, 0x49, 0x24, 0xc5, 0x6b, 0x14, 0x00, 0x4d, 0x98, 0x4b, 0xca, 0xcf, 0x95, 0x4e, 0x47, 0xae, 0x61, 0x09, 0xdb, 0x15, 0x59, 0x76, 0x95, 0x66, 0x4d, 0x06, 0xc0, 0xb7, 0x82, 0xc2}; [...] int mbedtls_status = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_pk_context pubkey_ctx; mbedtls_ecdsa_context ecdsa_ctx; mbedtls_ecp_curve_info *curve_info = NULL; /* Create public key context */ mbedtls_pk_init(&pubkey_ctx); /* Create ecdsa context */ mbedtls_ecdsa_init(&ecdsa_ctx); /* Parse public key */ if ((mbedtls_status = mbedtls_pk_parse_public_key(&pubkey_ctx, pubkey_pem, pubkey_pem_len)) != 0) { ERRORF("Failure failure parsing PEM-encoded ecdsa-p256r1 public key, mbedTLS status: %d", mbedtls_status); ret = E_INVAL_PUBKEY; goto cleanup; } /* Hash the message with sha256 */ if ((mbedtls_status = mbedtls_sha256_ret(message, message_len, sha256_digest_buff, 0 /* Not 224 bits hashing */ )) != 0) { ERRORF("Failure sha256-hashing message before ecdsa-p256r1 signature verification, mbedTLS status: %d", mbedtls_status); ret = E_FAILED_HASH; goto cleanup; } /* Set the public key as the ecdsa signature verification key */ if ((mbedtls_status = mbedtls_ecp_copy(&ecdsa_ctx.Q, &mbedtls_pk_ec(pubkey_ctx)->Q)) != 0 ) { ERRORF("Failure copying ecdsa-p256r1 public key to ecdsa context, mbedTLS status: %d", mbedtls_status); ret = E_UNKNOWN; goto cleanup; } if ((mbedtls_status = mbedtls_ecp_group_copy(&ecdsa_ctx.grp, &mbedtls_pk_ec(pubkey_ctx)->grp)) != 0 ) { ERRORF("Failure copying ecdsa-p256r1 public key group to ecdsa context, mbedTLS status: %d", mbedtls_status); ret = E_UNKNOWN; goto cleanup; } /* Verify ecdsa-p256r1 signature verification */ if ((mbedtls_status = mbedtls_ecdsa_read_signature(&ecdsa_ctx, sha256_digest_buff, sizeof(sha256_digest_buff), signature, signature_len)) != 0) { ERRORF("Failure verifying ecdsa-p256r1 signature against message, mbedTLS status: %d", mbedtls_status); ret = E_INVALID_SIG; goto cleanup; } /* Success */ ret = E_SUCCESS; ---------------------------- Also, `mbedtls_ecp_curve_info_from_grp_id( ecdsa_ctx.grp.id )->name` yields the right curve prior to the signature verification. I must be missing something in the process. Would love to get some input, thanks a lot! -- Nassim Eddequiouaq

4 years, 3 months

1
0
0 0

Re: [mbed-tls] Request for Support [Issue : Webserver handshake failing with self-signed certificate]

by Selin Chris

Hi Gilles, Thanks for the quick reply. I migrated to version 2.16, and I have seen the same issue is still there. Moreover, we have reseeded the RNG, still issue is there. I created a client and it's working fine, it's able to handshake and send data to the server. Only problem is server communication where control is going in infinite loop while creating server key exchange. As you asked for the call stack of the loop, I am attaching the call stack with this mail. Please support us. Thank you. Regards, Selin. On Fri, May 21, 2021 at 5:30 PM <mbed-tls-request(a)lists.trustedfirmware.org> wrote: > Send mbed-tls mailing list submissions to > mbed-tls(a)lists.trustedfirmware.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls > or, via email, send a message with subject or body 'help' to > mbed-tls-request(a)lists.trustedfirmware.org > > You can reach the person managing the list at > mbed-tls-owner(a)lists.trustedfirmware.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of mbed-tls digest..." > > > Today's Topics: > > 1. Re: Request for Support [Issue : Webserver handshake failing > with self-signed certificate] (Gilles Peskine) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 20 May 2021 15:13:54 +0200 > From: Gilles Peskine <gilles.peskine(a)arm.com> > To: mbed-tls(a)lists.trustedfirmware.org > Subject: Re: [mbed-tls] Request for Support [Issue : Webserver > handshake failing with self-signed certificate] > Message-ID: <93c3cd71-bdc1-c3ec-4bbc-89ff995a8444(a)arm.com> > Content-Type: text/plain; charset=utf-8 > > Hi Selin, > > A possible problem could be a misconfigured random generator. However > this is purely speculation. Can you get a stack trace? Finding the root > cause requires finding where mbedtls_mpi_cmp_mpi is called. > > Please note that Mbed TLS 2.16.3 has known bugs and vulnerabilities. You > should upgrade to the latest bug-fixing version of the 2.16 branch, > 2.16.10. > > -- > Gilles Peskine > Mbed TLS developer > > On 20/05/2021 13:06, Selin Chris via mbed-tls wrote: > > > > Hi, > > > > Thank you for adding me to the mbed-tls mailing list. > > > > We have created a self-signed certificate with ECC key of > > MBEDTLS_ECP_DP_SECP256R1 type, since it is a self-signed certificate > > after we send the certificate to chrome from our web server it shows > > not trusted and goes to the page where we need to manually proceed > > with the acceptance of the certificate to allow further communication. > > After this we again have to perform handshake for which we need to > > prepare the server key exchange, while preparing the server key > > exchange we notice that it is infinitely calling the > > mbedtls_mpi_cmp_mpi() function in bignum.c and the execution is not > > able to proceed hereafter. Sometimes we also see that when executing > > ssl_prepare_server_key_exchange() function in ssl_srv.c we find > > ciphersuite_info pointer as null and the program goes into data panic > > due to that. We have checked our stacks and not seen any sign of > > corruption. > > > > The mbedtls version that we are using is mbedtls-2.16.3. > > Please find the attached wireshark trace during this scenario. The IP > > 192.168.2.67 corresponds to our webserver and 192.168.2.100 the pc > > with the browser. > > > > Please let us know the root-cause of the issue and the actions to be > > taken to fix this - can you please expedite as this is a blocking > > issue in our project. > > > > Thanks for the support. > > > > Regards, > > Selin. > > > > > > > > > > ------------------------------ > > Subject: Digest Footer > > mbed-tls mailing list > mbed-tls(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls > > > ------------------------------ > > End of mbed-tls Digest, Vol 15, Issue 8 > *************************************** >

4 years, 3 months

1
0
0 0

Server and client fails with “Verification of the message MAC failed” after Successful Handshake

by Vaibhav Sathye

Hi I am writing a server client with Libuv as tcp stack and mbedtls as ssl. I am able to do a successful handshake between server and client but after that when I try to write/read application data it fails with “Verification of the message MAC failed”. After inspecting debug logs, I found the server and client have the same Pre-master master secret and IV and still it is failing. Currently both client and server are on the same machine . I am attaching server and client logs. Any help is appreciated. server.log <https://drive.google.com/file/d/1oaMMV2_YVDL8GLn6GH3PIQSIH5BDbGeU/view?usp=…> client.log <https://drive.google.com/file/d/1Z9P1ssglqRpBUmXF9TuRQd6KJKvyw6RJ/view?usp=…> Thanks Vaibhav

4 years, 3 months

1
0
0 0

Re: [mbed-tls] Request for Support [Issue : Webserver handshake failing with self-signed certificate]

by Gilles Peskine

Hi Selin, A possible problem could be a misconfigured random generator. However this is purely speculation. Can you get a stack trace? Finding the root cause requires finding where mbedtls_mpi_cmp_mpi is called. Please note that Mbed TLS 2.16.3 has known bugs and vulnerabilities. You should upgrade to the latest bug-fixing version of the 2.16 branch, 2.16.10. -- Gilles Peskine Mbed TLS developer On 20/05/2021 13:06, Selin Chris via mbed-tls wrote: > > Hi, > > Thank you for adding me to the mbed-tls mailing list. > > We have created a self-signed certificate with ECC key of > MBEDTLS_ECP_DP_SECP256R1 type, since it is a self-signed certificate > after we send the certificate to chrome from our web server it shows > not trusted and goes to the page where we need to manually proceed > with the acceptance of the certificate to allow further communication. > After this we again have to perform handshake for which we need to > prepare the server key exchange, while preparing the server key > exchange we notice that it is infinitely calling the > mbedtls_mpi_cmp_mpi() function in bignum.c and the execution is not > able to proceed hereafter. Sometimes we also see that when executing > ssl_prepare_server_key_exchange() function in ssl_srv.c we find > ciphersuite_info pointer as null and the program goes into data panic > due to that. We have checked our stacks and not seen any sign of > corruption. > > The mbedtls version that we are using is mbedtls-2.16.3. > Please find the attached wireshark trace during this scenario. The IP > 192.168.2.67 corresponds to our webserver and 192.168.2.100 the pc > with the browser. > > Please let us know the root-cause of the issue and the actions to be > taken to fix this - can you please expedite as this is a blocking > issue in our project. > > Thanks for the support. > > Regards, > Selin. > > >

4 years, 3 months

1
0
0 0

Request for Support [Issue : Webserver handshake failing with self-signed certificate]

by Selin Chris

Hi, Thank you for adding me to the mbed-tls mailing list. We have created a self-signed certificate with ECC key of MBEDTLS_ECP_DP_SECP256R1 type, since it is a self-signed certificate after we send the certificate to chrome from our web server it shows not trusted and goes to the page where we need to manually proceed with the acceptance of the certificate to allow further communication. After this we again have to perform handshake for which we need to prepare the server key exchange, while preparing the server key exchange we notice that it is infinitely calling the mbedtls_mpi_cmp_mpi() function in bignum.c and the execution is not able to proceed hereafter. Sometimes we also see that when executing ssl_prepare_server_key_exchange() function in ssl_srv.c we find ciphersuite_info pointer as null and the program goes into data panic due to that. We have checked our stacks and not seen any sign of corruption. The mbedtls version that we are using is mbedtls-2.16.3. Please find the attached wireshark trace during this scenario. The IP 192.168.2.67 corresponds to our webserver and 192.168.2.100 the pc with the browser. Please let us know the root-cause of the issue and the actions to be taken to fix this - can you please expedite as this is a blocking issue in our project. Thanks for the support. Regards, Selin.

4 years, 3 months

1
0
0 0

Re: [mbed-tls] Query for TLS 1.3

by Shebu Varghese Kuriakose

Hi Manoj, As you might have seen, TLS1.3 prototype is available in github https://github.com/hannestschofenig/mbedtls/tree/tls13-prototype The project is working on reviewing the prototype and upstreaming parts of it to Mbed TLS. The currently open pull requests to Mbed TLS project can be found here: https://github.com/ARMmbed/mbedtls/labels/MPS%20%2F%20TLS%201.3 Some of the outstanding work is captured here - https://github.com/ARMmbed/mbedtls/projects/2#column-12964476 If possible, please test the TLS1.3 prototype and let know if you have any feedback. Also welcome to review any patches. 1. Expected date for release of MbedTLS with TLS 1.3 support? A subset of TLS 1.3 features is aimed to be available around the last quarter of 2021. TLS1.3 support in Mbed TLS at that point would be limited for TLS (no DTLS), Client side and ECDHE. There won't be support for server side, PSK and 0-RTT in this initial version. Note the last quarter target is based on high level task estimations and can change based on progress made in the coming months. You can use the prototype above in the interim for prototyping/development purposes. It is not expected to be integrated on production platforms though. 1. Is MbedTLS with TLS 1.3 support available under paid subscription? No, there is no paid offerings in Mbed TLS project. Mbed TLS project is an open source community project under trustedfirmware.org (https://www.trustedfirmware.org/) and is available to use under the open source license (Refer license section - https://github.com/ARMmbed/mbedtls). 1. Process for paid subscription (if point #2 applicable) Not Applicable Regards, Shebu From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org<mailto:mbed-tls-bounces@lists.trustedfirmware.org>> On Behalf Of Manoj Srivastava via mbed-tls Sent: Monday, May 17, 2021 8:57 PM To: mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org> Subject: [mbed-tls] Query for TLS 1.3 Hello, I am using mbedTLS for TLS support. I am looking for TLS 1.3 support for PSK only mode. I have checked source code online but didn't get TLS 1.3 PSK only code. I found all prototype code only. Can you please highlight the repository if the same is available ? In case fixed code for TLS 1.3 for PSK only mode is not available then can please answer followings: 1. Expected date for release of MbedTLS with TLS 1.3 support? 2. Is MbedTLS with TLS 1.3 support available under paid subscription? 3. Process for paid subscription (if point #2 applicable) Best Regards, Manoj Srivastava

4 years, 3 months

1
0
0 0

Query for TLS 1.3

by Manoj Srivastava

Hello, I am using mbedTLS for TLS support. I am looking for TLS 1.3 support for PSK only mode. I have checked source code online but didn't get TLS 1.3 PSK only code. I found all prototype code only. Can you please highlight the repository if the same is available ? In case fixed code for TLS 1.3 for PSK only mode is not available then can please answer followings: 1. Expected date for release of MbedTLS with TLS 1.3 support? 2. Is MbedTLS with TLS 1.3 support available under paid subscription? 3. Process for paid subscription (if point #2 applicable) Best Regards, Manoj Srivastava

4 years, 3 months

1
0
0 0

Re: [mbed-tls] Support for ECDH key generation with Curve25519

by brian_d＠tutanota.com

Hi, thanks a lot for the fast reply and sorry for my late answer but I did a lot of tests in order to solve the problem (I never had success on compute shared function when "talking" with another peer). Yes, you're right, no need to modify anything. The issue was that mbedtls uses ecp point coordinates in big endian format while the other peer bytes were intended to be in little endian format. After reversing the bytes before compute shared everything worked! Thank you, have a nice day! Brian 3 mag 2021, 21:53 da mbed-tls(a)lists.trustedfirmware.org: > Hi Brian, > > It's not clear to me what you're trying to do. Mbed TLS supports > Curve25519 arithmetic for X25519, accessible through the > mbedtls_ecdh_xxx interface. If you want to use Curve25519 for some other > purpose, this may or may not be supported via direct access to the > mbedtls_ecp_xxx interface. The curve arithmetic code only supports > predefined groups, it does not support changing the generator without > patching the library. > > For Curve25519, the generator is the point (X,Z)=(9,1). Isn't this the > generator you want? > > Best regards, > > -- > Gilles Peskine > Mbed TLS developer > > On 30/04/2021 17:39, Brian via mbed-tls wrote: > >> Hi all, >> I'm trying to set the generator g to a value of 9 for the Curve25519 with mbedtls_ecp_gen_key function. However I cannot find any way to accomplish that. >> Could anyone help me? >> Thank you, have a nice day,Brian >> > > -- > mbed-tls mailing list > mbed-tls(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls >

4 years, 4 months

1
0
0 0

Not sure if the TLS implementation is correct or not

by Younes Boulahya

Please see these 2 stackoverflow posts: Implementing TLS over HTTP in STM32F303RC using W5500 <https://stackoverflow.com/questions/67522903/implementing-tls-over-http-in-…> HTTPS Handshake Debugging <https://stackoverflow.com/questions/67534996/https-handshake-debugging> In short I have implemented mbedtls over an HTTP Client but I am not sure if it's working or not, when I debug using wireshark I can see the handshake and the encrypted data sent to the server, but I don't see any records added to mysql database. [image: 1.PNG]

4 years, 4 months

1
0
0 0

mbedTLS -entropy source issue

by Pandurangan, Devi

Hi, I'm trying to integrate NXPs secure element SE050 into an application running on MSP432E401Y chip. I was able to successfully integrate their middleware(Plug and trust) on a baremetal project with mbedTLS enabled. It seems on this baremetal project, entropy_source (from entropy_alt.c) is not working. And this has a knock on effect on mbedtls_ctr_drbg_seed function which fails and takes the entire project down with it. Also, from the sole example given in the Simplelink SDK (tcpechotls), I see that mbedtls is used in a project with RTOS enabled. Should I try integrating this code in an RTOS based project and check? Has anyone worked on this ? Thanks, Devi Pandurangan Lead Engineer - Embedded Software Armstrong Fluid Technology #59, "Hampapura Mane" 3rd Main, Margosa Road, Malleswaram, Bangalore, Karnataka, 560 003, India T : +91-80-49063555<tel:+91-80-49063555> | F : +91-80-23343535 www.armstrongfluidtechnology.com [cid:image001.jpg@01D741AF.326E2340]<http://www.armstrongfluidtechnology.com/> [cid:image002.jpg@01D741AF.326E2340]<http://twitter.com/ArmstrongFT_UK> [cid:image003.jpg@01D741AF.326E2340]<http://plus.google.com/+Armstrongfluidtechnology> [cid:image004.jpg@01D741AF.326E2340]<http://www.linkedin.com/company/armstrong-fluid-technology> [cid:image005.jpg@01D741AF.326E2340]<http://www.youtube.com/user/ArmstrongFT> [cid:image006.jpg@01D741AF.326E2340]<https://www.facebook.com/ArmstrongFluidTechnology/> [cid:image007.jpg@01D741AF.326E2340]<https://www.flickr.com/photos/armstrongintegrated/collections/> DISCLAIMER: This email and any attachments are sent in confidence, subject to applicable legal privilege and upon the basis that the recipient will conduct appropriate checks. If you have received this email in error, please send it back to us and immediately and permanently delete it: you are strictly prohibited from using, copying or disclosing it or any information contained in it or in any attachment. Internet communications are not secure and Armstrong Design Private Limited is not responsible for their abuse by third parties, nor for any alteration or corruption in transmission, nor for any damage or loss caused by any virus or other defect. Armstrong Fluid Technology is a trading name of Armstrong Design Private Limited, #59, First Floor, 3rd Main Margosa Road, Malleswaram, Bangalore, 560 003, India registered in India company no. 029120KA2004PTC034014.

4 years, 4 months

1
0
0 0

Re: [mbed-tls] URGENT PLEASE

by Frank Bergmann

Hello Younes, I assume that you recently joined the list here. In that case: Please welcome! Since ole times of Usenet it is a common behaviour to first subscribe a list/channel and listen to the posts. After some time write your own first email to the list, introduce yourself quickly and write about your problem. But please do never start with an email carrying "URGENT" in subject. This is not politely. See, the people maintaining this list do this without any fees. The spent their time to answer questions "from the community" for free. And they do it well! Hence please avoid galopping in here. ;-) You want https and sftp implementations, which are layer 7 and actually mostly on a different/higher layer then mbed TLS. And they are not trivial - there is NO SIMPLE implementation! Please compare it to projects like e.g. Apache or OpenSSH: The people required months/years to get an implementation. Regarding the C code you sent: Obviously it is at least partly coming from STM and it has a size of more than 50 KiB. Why did you sent that? This is not just a code snippet of a few lines. Did you actually expect that anyone would analyze it? Maybe someone is on this list who knows the code and can give you some hints. But don't expect a "working example of https and sftp". Hence my personal answer: - Basic examples like "client" and "server" are already provided by mbed TLS! You just need to extend them with https and sftp protocol. - If you want to use a SIMPLE implementation then please use Python or Java/Groovy. Because then you don't need to know most of the technical details of https and sftp. - If you are looking for many "working examples" of code then you should also think about using a lib like OpenSSL which is mostly used. And please be politely. Please remember that the people here are giving support for free. Great support for free. cheers, Frank On 03.05.21 21:11, Younes Boulahya via mbed-tls wrote: > I am using STM32F303RCT6 and W5500, I want to upgrade to HTTPS and > SFTP, but I can't find any working example that I can use, can you > provide me a simple one PLEASE, of both HTTPS and SFTP. > > I attach my current c code, thank you so much 🌷 > -- Frank Bergmann, Pödinghauser Str. 5, D-32051 Herford, Tel. +49-5221-9249753 SAP Hybris & Linux LPIC-3, E-Mail tx2014(a)tuxad.de, USt-IdNr DE237314606 http://tdyn.de/freel -- Redirect to profile at freelancermap http://www.gulp.de/freiberufler/2HNKY2YHW.html -- Profile at GULP

4 years, 4 months

1
0
0 0

Re: [mbed-tls] Support for ECDH key generation with Curve25519

by Gilles Peskine

Hi Brian, It's not clear to me what you're trying to do. Mbed TLS supports Curve25519 arithmetic for X25519, accessible through the mbedtls_ecdh_xxx interface. If you want to use Curve25519 for some other purpose, this may or may not be supported via direct access to the mbedtls_ecp_xxx interface. The curve arithmetic code only supports predefined groups, it does not support changing the generator without patching the library. For Curve25519, the generator is the point (X,Z)=(9,1). Isn't this the generator you want? Best regards, -- Gilles Peskine Mbed TLS developer On 30/04/2021 17:39, Brian via mbed-tls wrote: > Hi all, > I'm trying to set the generator g to a value of 9 for the Curve25519 with mbedtls_ecp_gen_key function. However I cannot find any way to accomplish that. > Could anyone help me? > Thank you, have a nice day,Brian

4 years, 4 months

1
0
0 0

URGENT PLEASE

by Younes Boulahya

<mbed-tls(a)lists.trustedfirmware.org>I am using STM32F303RCT6 and W5500, I want to upgrade to HTTPS and SFTP, but I can't find any working example that I can use, can you provide me a simple one PLEASE, of both HTTPS and SFTP. I attach my current c code, thank you so much 🌷

4 years, 4 months

1
0
0 0

Support for ECDH key generation with Curve25519

by brian_d＠tutanota.com

Hi all, I'm trying to set the generator g to a value of 9 for the Curve25519 with mbedtls_ecp_gen_key function. However I cannot find any way to accomplish that. Could anyone help me? Thank you, have a nice day,Brian

4 years, 4 months

1
0
0 0

Problems during certificate verifing

by stefano664

Good morning, I'm testing a routine that verify the validity of an intermediate certificate, against my root certificate. Both certificates are generated on my machine. The code to do this is here: https://wtools.io/paste-code/b4OL I can do the verify with openSSL and works fine. When I pass certificates tombedTLS it returns these errors: The certificate is signed with an unacceptable hash. The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). The certificate is signed with an unacceptable key (eg bad curve, RSA too short). Can someone help me to find the mistakes? Thanks for your help. ROOT CERTIFICATE: -----BEGIN CERTIFICATE----- MIIB8TCCAXagAwIBAgIBATAMBggqhkjOPQQDAgUAMDkxCzAJBgNVBAMMAkNBMR0w GwYDVQQKDBRDb21lbGl0IEdyb3VwIFMucC5BLjELMAkGA1UEBhMCSVQwHhcNMDEw MTAxMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjA5MQswCQYDVQQDDAJDQTEdMBsGA1UE CgwUQ29tZWxpdCBHcm91cCBTLnAuQS4xCzAJBgNVBAYTAklUMHYwEAYHKoZIzj0C AQYFK4EEACIDYgAE/u9D/9E9S8kmJ5W75GwaZxUuXYuCYfszCsjNEuylVMj8N1r6 Ce+FJ3eSKQGgh2/H2Pd5Ck7TENQSuVBZIVsUcUv5q/MGGJWUNLCSZm2b5kadVKXQ 6Cn6t7RDFQ0IvRoLo1AwTjAMBgNVHRMEBTADAQH/MB8GA1UdIwQYMBaAFOzrPv2f Rkotop0JzDEg/9CtjcRjMB0GA1UdDgQWBBTs6z79n0ZKLaKdCcwxIP/QrY3EYzAM BggqhkjOPQQDAgUAA2cAMGQCMAxEjQOUP2hC3yhGIkz04Y9fFR6WWH8kUqQEutfb 57Q9ADRFsmAVtJgOZEsVhnZ6ugIwcRK7dngvNozV9Uu4ifhDCLF7qQhAH4XyQ/WI GgKtCIBIps/H+JQNqjpwsVs8zlER -----END CERTIFICATE----- INTERMEDIATE CERTIFICATE: -----BEGIN CERTIFICATE----- MIIDDDCCAo+gAwIBAgIBATAMBggqhkjOPQQDAgUAMDkxCzAJBgNVBAMMAkNBMR0w GwYDVQQKDBRDb21lbGl0IEdyb3VwIFMucC5BLjELMAkGA1UEBhMCSVQwHhcNMDEw MTAxMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBozE+MDwGA1UEAww1Q29tZWxpdCBD bG91ZCBBcyBEZXYgS2ZHWUFjWHg5U3NvMnlic3plcDRQTjZjR295R1BMaTAxJjAk BgNVBAsMHUNvbWVsaXQgR3JvdXAgU3BhIC0gQ2xvdWQgTGFiMRowGAYDVQQKDBFD b21lbGl0IEdyb3VwIFNwYTEQMA4GA1UECAwHQmVyZ2FtbzELMAkGA1UEBhMCSVQw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfGrKbFRgC5o8REbcYdRzW FXS772+CC15nXCJR67gWL1wmKzrCekkFNlOnQrsPhe4iYnkhLuBYNWaVvSaHt9dS X/ZBbJ3bRnGAarw7QnirLZJFYSRRBhMw6xi91nt8kIvcA6kACFcooaRmg/jQzCyb eXO1skJhDv13TxwDB8UTtRkfOTFl23FekMPWmJpqU1YxjAAYRtcY4jGAtV4D7T3V 3WjZ0eaIjl9n2g9/slG6p3ZSjONIRmyTiBRQNynKCxy1Q9Px1ohDCcS2SsK0smy6 0EzCghEz8QjAWs7U9Ilh3OTCdCpV9clp1DQrjbDZky1rMEd7mRmTp8Fmd2c3ld0F AgMBAAGjUDBOMB0GA1UdDgQWBBT3OOc7ZPbeOBTkeYPBFQcQTLhECDAfBgNVHSME GDAWgBTs6z79n0ZKLaKdCcwxIP/QrY3EYzAMBgNVHRMEBTADAQH/MAwGCCqGSM49 BAMCBQADaQAwZgIxAJvrL0kIeB4mvRJT1MRA0Kc/mw5ZVVv0ErOQqLhQShECw6+K s5DL9V/tHf72iCCivAIxANfBJ2IMLzSZCOrSmr9fOCQktM6mFC5PyAuZX+3OGPfU UuJwph7GaoWW+fw1IxQm2Q== -----END CERTIFICATE----- Thanks a lot, Stefano

4 years, 4 months

1
0
0 0

Mbed TLS 3.0 branch transition

by Dave Rodgman

Hi, Today we are switching our branches around, so that the development branch focuses on Mbed TLS 3.0, to be released mid-year. This will include API-breaking changes. 2.x development work will continue on the development_2.x branch. After merging development_3.0 onto development, the development_3.0 branch will be removed. There is no change to the process for submitting PRs: new PRs should continue to target development, with backports to 2.x and 2.16 as needed. (The exception would be a bug-fix that only affects older branches, which would only need ports to the affected branches and not to development). As part of the 3.0 work, we are looking at various things that can be removed from the library. For some of these, we’ve notified the mailing list – please let us know in the next week if you have a good reason for retaining the feature in question. - Remove support for TLS 1.0, TLS 1.1 and DTLS 1.0 https://github.com/ARMmbed/mbedtls/issues/4286 - Remove support for the "Truncated HMAC" (D)TLS extension https://github.com/ARMmbed/mbedtls/issues/4341 - Remove support for 3DES ciphersuites in (D)TLS https://github.com/ARMmbed/mbedtls/issues/4367 - Remove support for RC4, Blowfish, XTEA, MD2 and MD4 https://github.com/ARMmbed/mbedtls/issues/4084 - Remove support for pre-v3 X.509 certificates with extensions https://github.com/ARMmbed/mbedtls/issues/4386 - Remove the RSA key mutex https://github.com/ARMmbed/mbedtls/issues/4124 - Remove MBEDTLS_CHECK_PARAMS https://github.com/ARMmbed/mbedtls/issues/4313 - 3.0 and 2.x :- Minimum development environment: is it OK to require Python >= 3.6 and/or CMake >= 3.5.2? https://lists.trustedfirmware.org/pipermail/mbed-tls/2021-March/000319.html Dave Rodgman

4 years, 4 months

1
0
0 0

Removal of generated source and build files from the development branch

by Gilles Peskine

Hello, A number of files in the Mbed TLS source tree are automatically generated from other files, with a content that does not depend on the platform or configuration. We are considering removing the generated files from the development branch in Git, at least during the work towards Mbed TLS 3.0. This would affect at least the development branch until the 3.0 release, and may affect the development_2.x branch and the development branch after the 3.0 release. Long-time support branches and official releases will continue to have these source files in the Git tree. The reason to remove the generated files is to facilitate development, especially with the restructuring that is happening as we prepare a new major version of the library. This is an experimental change; depending on how effective it is, we may or may not wish to restore the generated files on the development branch when 3.0 stabilizes. It's also still possible that we will not go ahead with this change, depending on the impact on our CI and on the feedback we receive. The affected files are: * Two library source files: library/error.c and library/version_features.c. * Parts of some test programs: programs/test/query_config.c and programs/psa/psa_constant_names_generated.c. * The Visual Studio project files. * Some unit test data files. What does this change for you? **If you were using a long-time support branch or an official release**: no change. **If you were using the supplied GNU Makefile**: there should be no effective change. **If you were using CMake, Visual Studio or custom build scripts** on the development branch: Perl (>=5.8) will be required to generate some library sources and to generate the Visual Studio project files. Python (>=3.4) was already required to run config.py and to build the unit tests. Note that the generated files are independent of the Mbed TLS configuration, so if your deployment has a pre-configuration step, you can generate the files at this step: no new tool is required after the library is configured. The ongoing work (not complete yet as I write) is at https://github.com/ARMmbed/mbedtls/pull/4395 if you want to see what this change means concretely. We are aware that the additional dependencies are a burden in some environments, which is why we will definitely not change anything to releases or to current and future long-time support branches. If you are building Mbed TLS from the development branch and this change affects you, please let us know what constraints apply to your environment. Best regards, -- Gilles Peskine Mbed TLS developer

4 years, 4 months

1
0
0 0

Re: [mbed-tls] Uninitialized variable in rsa_prepare_blinding

by Gilles Peskine

Hello, The macro MBEDTLS_MPI_CHK sets ret, so this particular case is safe. That being said, we do have a hygiene rule to initialize ret variables, to avoid accidentally having uninitialized variables in edge cases. I'll file an issue to fix those. Thanks for reaching out! -- Gilles Peskine Mbed TLS developer On 21/04/2021 17:33, momo 19 via mbed-tls wrote: > Hello, > > I would like to report a possible bug in rsa_prepare_blinding function > in rsa.c > (https://github.com/ARMmbed/mbedtls/blob/v2.26.0/library/rsa.c > <https://github.com/ARMmbed/mbedtls/blob/v2.26.0/library/rsa.c>). I am > not sure if it is a real issue, but I think that there is a > possibility to use uninitialized variable ret: > > static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, > int (*f_rng)(void *, unsigned char *, size_t), void > *p_rng ) > { > int ret, count = 0; <--- uninitialized variable ret > mbedtls_mpi R; > > mbedtls_mpi_init( &R ); > > if( ctx->Vf.p != NULL ) > { > /* We already have blinding values, just update them by > squaring */ > MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, > &ctx->Vi ) ); > MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, > &ctx->N ) ); > MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, > &ctx->Vf ) ); > MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, > &ctx->N ) ); > > goto cleanup; <--- going to cleanup without setting a value of ret > } > > (Skipping lines for readability) > > cleanup: > mbedtls_mpi_free( &R ); > > return( ret ); <--- returning uninitialized variable ret > } > > Best regards, > grapix121 > >

4 years, 4 months

1
0
0 0

Uninitialized variable in rsa_prepare_blinding

by momo 19

Hello, I would like to report a possible bug in rsa_prepare_blinding function in rsa.c (https://github.com/ARMmbed/mbedtls/blob/v2.26.0/library/rsa.c). I am not sure if it is a real issue, but I think that there is a possibility to use uninitialized variable ret: static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret, count = 0; <--- uninitialized variable ret mbedtls_mpi R; mbedtls_mpi_init( &R ); if( ctx->Vf.p != NULL ) { /* We already have blinding values, just update them by squaring */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->N ) ); goto cleanup; <--- going to cleanup without setting a value of ret } (Skipping lines for readability) cleanup: mbedtls_mpi_free( &R ); return( ret ); <--- returning uninitialized variable ret } Best regards, grapix121

4 years, 4 months

1
0
0 0

Re: [mbed-tls] Signing messages with ECDSA

by stefano664

Excuse me, I replied to your e-mail without note that I'm replying to your address instead of mailing-list address. Now I'll do some other tests, starting from a blank project. I can't send a fully compilable FW because my target is an ESP32 with an OPTIGA crypto chip connected,. than it is necessary to have my hardware to run it. But attached I put my mbedtls configuration. Thank you, Stefano Il giorno mer 21 apr 2021 alle ore 14:36 Gilles Peskine < gilles.peskine(a)arm.com> ha scritto: > I adjusted your code to compile and added the missing definitions and > declarations, and this version works for me. I've attached my code. Here's > the output I get (Mbed TLS , default configuration): > > Message: PLUTOxPLUTOxPLUTOxPLUTOxPLUTOxxx > Private key: -----BEGIN EC PRIVATE KEY----- > MIGkAgEBBDCv5Vq0yRsOKLkkaI0lR32vByL9MB+4O0f+bhVErb8Fd0W1XFhN1897 > iAtnV/DeXDygBwYFK4EEACKhZANiAARgYE9uzG+nXYDoydWyDE6wrlgxiRKqm6kg > si00tFa0KD//vCemOAoYAmmbtFd9RvE6tNOw+Ze5eRtVvosmvYl5IoWx4Jda+Wv9 > ftRXkUk3nRzcAmXnG7bGmgwNC2iC73s= > -----END EC PRIVATE KEY----- > > Hash: yrmtrgMb4WzvHD5XWwb00yAE13RCi934x2ySjcWup5g= > Signature: MGQCMD8pezXqUF6v01b0WQiIUZWuuvxPR1tT15YnN9atogKR2pBPizBYbbhjAIz+ftm78AIwDogKWZVxDk5r6I38oIn0JALO7h8EcTCwjUsulYS5BRl8iyITAC42Xx+HlRPofwbr > Public key: -----BEGIN PUBLIC KEY----- > MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEYGBPbsxvp12A6MnVsgxOsK5YMYkSqpup > ILItNLRWtCg//7wnpjgKGAJpm7RXfUbxOrTTsPmXuXkbVb6LJr2JeSKFseCXWvlr > /X7UV5FJN50c3AJl5xu2xpoMDQtogu97 > -----END PUBLIC KEY----- > > > I don't think I can be of any more help unless you post code to reproduce > the problem that can be compiled and run a popular platform (preferably > Linux) without modifications, and also your library configuration > (mbedtls/config.h). Preferably post those on the mailing list, because I > personally have limited time and I'm not sure when I'll next be able to > take a look. > > Best regards, > > -- > Gilles Peskine > Mbed TLS developer > > > On 21/04/2021 14:14, stefano664 wrote: > > I'm sure that the problem isn't here. > > 1) mbedtls_base64_encode is used only to generate human readable data in > this case, and to print it. The chain have the same behaviour without these. > > 2) I changed len_b64 and olen type to size_t and removed casting. I have > the same result and verify fails... > > Here the new code: https://wtools.io/paste-code/b4Hy > > Here the new output: https://wtools.io/paste-code/b4H0 > > Do you have some other idea? > Thanks a lot for your help! > > Stefano > > > Il giorno mer 21 apr 2021 alle ore 13:36 Gilles Peskine < > gilles.peskine(a)arm.com> ha scritto: > >> Ok, I found the problem: >> >> mbedtls_base64_encode(hash_b64, sizeof(hash_b64), (size_t *) &len_b64, hash, 32); >> >> >> &len_b64 is a pointer to uint16_t. Casting the pointer to size_t* doesn't >> give you a pointer to a size_t object, it gives you an invalid pointer >> since it isn't pointing to a size_t object. When mbedtls_base64_encode >> writes through that pointer, it overwrites whatever is next on the stack. >> Other calls with a size_t* cast have the same problem. Depending on exactly >> how your compiler lays out the stack, this might part of the message, or >> part of the pk structure, or part of the result... >> >> I found this problem because I massaged your code until it ran on Linux, >> and it crashed during mbedtls_pk_sign because the pk structure had been >> corrupted. Other potential ways to find such problems include static >> analysis (Coverity is good but very expensive), AddressSanitizer (if you >> can build your code on a platform that has enough space), and of course >> code review (any cast is suspicious: most of the times, when a compiler >> complains about something, a cast will silence the compiler but not >> actually fix the problem). >> >> Best regards, >> >> -- >> Gilles Peskine >> Mbed TLS developer >> >> On 21/04/2021 09:43, stefano664 wrote: >> >> Hi Gilles, >> thanks for your reply. >> >> The posted code is without error checks to be smaller. The complete code >> is here: >> >> https://wtools.io/paste-code/b4Hi >> >> All error checks pass true than all functions seems ok. >> >> In this version I added also the verify, that fail. >> >> Here you can find the output with all prints, messages and datas: >> >> https://wtools.io/paste-code/b4Hj >> >> As you can see my signature is 71 byte wide, a bit too little even after >> zeroes removing. The same made with openSSL is 104 byte wide. >> I've checked my keys, and I confirm it is 384 bit. You can check, it is >> printed during process. >> >> Thanks a lot for your help! >> >> Best regards, >> Stefano >> >> >> Il giorno mar 20 apr 2021 alle ore 21:48 Gilles Peskine via mbed-tls < >> mbed-tls(a)lists.trustedfirmware.org> ha scritto: >> >>> Hi Stefano, >>> >>> Assuming that the key is in PEM format and that the buffers (hash, tmp) >>> are large enough, I don't see anything wrong in the part of the code you >>> posted. >>> >>> You posted code without error checking. Can you confirm that all >>> functions return 0? >>> >>> mbedtls_pk_sign produces ECDSA signatures in ASN.1 format. The size of >>> the signature can be up to 104 bytes, and is often a few bytes shorter >>> because it consists of numbers in which leading zeros are omitted. Make >>> sure the tmp buffer is large enough. You can use >>> MBEDTLS_ECDSA_MAX_SIG_LEN(384) or MBEDTLS_ECDSA_MAX_LEN (from >>> mbedtls/ecdsa.h) as the signature buffer size. >>> >>> 72 bytes is the maximum size of a signature for a 256-bit key, reached >>> about 25% of the time. Are you sure you're signing with the key you >>> intended? >>> >>> People may be able to help more if you post complete code that we can >>> run on our machine. >>> >>> Best regards, >>> >>> -- >>> Gilles Peskine >>> Mbed TLS developer >>> >>> On 20/04/2021 16:49, stefano664 via mbed-tls wrote: >>> > Hi all, >>> > I have some problems with mbedTLS during ECDSA signing process. >>> > >>> > I followed the example supplied with the source code and write this >>> code: >>> > >>> > mbedtls_pk_init(&pk); >>> > mbedtls_pk_parse_key(&pk, (const unsigned char *) >>> > flash.flash_ver0.ecc_priv_key, strlen(flash.flash_ver0.ecc_priv_key) + >>> > 1, (const unsigned char *)CA_DEF_ISSUER_PWD, CA_DEF_ISSUER_PWD_LEN); >>> > mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), msg, msg_len, >>> > hash); >>> > mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, tmp, (size_t *)&len, >>> > mbedtls_ctr_drbg_random, &ctr_drbg); >>> > >>> > The private key is an ECC key with 384 bit. I have two issue: >>> > >>> > 1) In tmp variable I found the signature, but it is 72 byte, instead >>> > of 96 (384*2/87); >>> > 2) On this signature I try to make a verify, but fails. >>> > >>> > Where I'm wrong? >>> > >>> > Best regards, >>> > Stefano >>> > >>> >>> -- >>> mbed-tls mailing list >>> mbed-tls(a)lists.trustedfirmware.org >>> https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls >>> >> >> IMPORTANT NOTICE: The contents of this email and any attachments are >> confidential and may also be privileged. If you are not the intended >> recipient, please notify the sender immediately and do not disclose the >> contents to any other person, use it for any purpose, or store or copy the >> information in any medium. Thank you. >> > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. >

4 years, 4 months

1
0
0 0

3.0 proposal: remove support for pre-v3 X.509 certificate with extensions

by Manuel Pegourie-Gonnard

Hi all, Version 3 of X.509 was published in 1997 and introduced extensions. However, in the years that followed, some implementations did generate certificates with extensions and a declared version less than 3. Such certs were never compliant and are rejected by default, however we have a compile-time option to no reject them for that reason: MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 Since this is 2021 and pre-v3 certificates are unlikely to still be used, we'd like to remove this option in Mbed TLS 3.0. (It would remain in 2.16 and the upcoming 2.x LTS branch.) As usual, more details can be found in the github issue: https://github.com/ARMmbed/mbedtls/issues/4386 If you need this option to still be available in Mbed TLS 3.0, please speak up now, here on on github! Regards, Manuel.

4 years, 4 months

1
0
0 0

Re: [mbed-tls] SSL session cache API in Mbed TLS 3.0

by Jérémy Audiger

Hi Hanno, Regarding your first point, I'm not against having the structure mbedtls_ssl_session as opaque on the application side, at least, it ensures the application is not modifying something that it shouldn't. Having said that, on my side, I access three fields of this structure: * sslContext.state * sslContext.own_cid_len * sslContext.own_cid The first one is used to retrieve the current state, mainly MBEDTLS_SSL_HANDSHAKE_OVER, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT. Finally, the match between an incoming LwM2M Client encrypted message using CID and the structure mbedtls_ssl_session is done by accessing own_cid / own_cid_len. But I think this one could be done using mbedtls_ssl_get_peer_cid(). Regards, Jérémy ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Hanno Becker via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Sent: Friday, April 16, 2021 06:37 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] SSL session cache API in Mbed TLS 3.0 Hi Mbed TLS enthusiasts, For Mbed TLS 3.0, we're considering to modify the API around SSL sessions and server-side SSL session caches as follows: 1) The mbedtls_ssl_session structure becomes opaque, that is, its layout, fields, size is not part of the API and thus not subject to any stability promises. Instances of mbedtls_ssl_session may only be accessed through public function API. At the time of writing, this is mainly mbedtls_ssl_session_load()/save() for session serialization and deserialization. In particular, user code requiring access to specific fields of mbedtls_ssl_session won't be portable without further adjustments, e.g. the addition of getter functions. If you access fields of mbedtls_ssl_session in your code and would like to retain the ability to do so, now is the time to speak up and let us know about your use case. 2) The SSL session cache API gets modified as proposed in https://github.com/ARMmbed/mbedtls/issues/4333#issuecomment-820297322: int mbedtls_ssl_cache_get( void *data, unsigned char const *session_id, size_t session_id_len, mbedtls_ssl_session *dst_session ); int mbedtls_ssl_cache_set( void *data, unsigned char const *session_id, size_t session_id_len, mbedtls_ssl_session const *session ); In words: The session ID becomes an explicit parameter. This modification is necessary because the present session cache API requires custom implementations to peek into the mbedtls_ssl_session structure, at least to inspect the session ID. With the session ID being added as an explicit parameter, this is no longer necessary. We propose that custom session cache implementations treat mbedtls_ssl_session instances opaquely and only use them through the serialization and deserialization API mbedtls_ssl_session_load()/save(). The reason why the proposed API does not operate on serialized data directly is that this would enforce unnecessary copies. If you are using a custom SSL server-side session cache implementation which accesses fields other than the session ID and which can not be implemented based on session serialization, now is the time to speak up and let us know about your use case. Kind regards, Hanno

4 years, 4 months

2
1
0 0

Re: [mbed-tls] Signing messages with ECDSA

by Gilles Peskine

Hi Stefano, Assuming that the key is in PEM format and that the buffers (hash, tmp) are large enough, I don't see anything wrong in the part of the code you posted. You posted code without error checking. Can you confirm that all functions return 0? mbedtls_pk_sign produces ECDSA signatures in ASN.1 format. The size of the signature can be up to 104 bytes, and is often a few bytes shorter because it consists of numbers in which leading zeros are omitted. Make sure the tmp buffer is large enough. You can use MBEDTLS_ECDSA_MAX_SIG_LEN(384) or MBEDTLS_ECDSA_MAX_LEN (from mbedtls/ecdsa.h) as the signature buffer size. 72 bytes is the maximum size of a signature for a 256-bit key, reached about 25% of the time. Are you sure you're signing with the key you intended? People may be able to help more if you post complete code that we can run on our machine. Best regards, -- Gilles Peskine Mbed TLS developer On 20/04/2021 16:49, stefano664 via mbed-tls wrote: > Hi all, > I have some problems with mbedTLS during ECDSA signing process. > > I followed the example supplied with the source code and write this code: > > mbedtls_pk_init(&pk); > mbedtls_pk_parse_key(&pk, (const unsigned char *) > flash.flash_ver0.ecc_priv_key, strlen(flash.flash_ver0.ecc_priv_key) + > 1, (const unsigned char *)CA_DEF_ISSUER_PWD, CA_DEF_ISSUER_PWD_LEN); > mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), msg, msg_len, > hash); > mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, tmp, (size_t *)&len, > mbedtls_ctr_drbg_random, &ctr_drbg); > > The private key is an ECC key with 384 bit. I have two issue: > > 1) In tmp variable I found the signature, but it is 72 byte, instead > of 96 (384*2/87); > 2) On this signature I try to make a verify, but fails. > > Where I'm wrong? > > Best regards, > Stefano >

4 years, 4 months

1
0
0 0

Signing messages with ECDSA

by stefano664

Hi all, I have some problems with mbedTLS during ECDSA signing process. I followed the example supplied with the source code and write this code: mbedtls_pk_init(&pk); mbedtls_pk_parse_key(&pk, (const unsigned char *) flash.flash_ver0.ecc_priv_key, strlen(flash.flash_ver0.ecc_priv_key) + 1, (const unsigned char *)CA_DEF_ISSUER_PWD, CA_DEF_ISSUER_PWD_LEN); mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), msg, msg_len, hash); mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, tmp, (size_t *)&len, mbedtls_ctr_drbg_random, &ctr_drbg); The private key is an ECC key with 384 bit. I have two issue: 1) In tmp variable I found the signature, but it is 72 byte, instead of 96 (384*2/87); 2) On this signature I try to make a verify, but fails. Where I'm wrong? Best regards, Stefano

4 years, 4 months

1
0
0 0

Re: [mbed-tls] TLS serialization

by Manuel Pegourie-Gonnard

Hi Jérémy, Thanks for your question! Indeed, the context (de)serialization feature only support DTLS so far. We've added an enhancement request to our backlog to extend it to TLS: https://github.com/ARMmbed/mbedtls/issues/4340 However, it may take some time before we get to it, as we're currently focused on preparing Mbed TLS 3.0. Also, this enhancement may very well turn out to be more complex that it might look initially: TLS is a reliable stream protocol (as opposed to DTLS which is an unreliable datagram protocol) and there will probably be some precautions to take and corner case to handle in order to make sure the full stream is preserved. If you or anyone else wants to open a PR for that, that would obviously help - though again, I'm afraid we'll have little review bandwidth until the end of June. (More generally, it's always a good idea to coordinate on the list before raising a large or complex PR.) Regards, Manuel. ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Jérémy Audiger via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Sent: 12 April 2021 18:39 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] TLS serialization Hi everyone, I'm currently trying to add the ability to serialize / deserialize a TLS security session using these APIs: * mbedtls_ssl_context_load() * mbedtls_ssl_context_save() I'm on TLS Server-side (so not talking about TLS Client here). After digging through the mailing list, I discovered this previous topic: https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000012.html and this Github repository: https://github.com/dimakuv/mbedtls-psk-example The scenario is the same here: using PSK with ciphersuite MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 Once the handshake is done, I'm able to serialize the TLS session with the patch attached to this email. After that I'm able to decrypt one incoming packet and encrypt one ongoing packet. So, almost everything is fine. But, when the TLS Server is receiving another message from the TLS Client (message sent in two fragments), the Server is able to decrypt the first fragment but not the second one, getting this error: ssl_msg.c:5475: 0x7f9aa803d288: => read ssl_msg.c:4029: 0x7f9aa803d288: => read record ssl_msg.c:2012: 0x7f9aa803d288: => fetch input ssl_msg.c:2167: 0x7f9aa803d288: in_left: 0, nb_want: 5 ssl_msg.c:2192: 0x7f9aa803d288: in_left: 0, nb_want: 5 ssl_msg.c:2195: 0x7f9aa803d288: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_msg.c:2215: 0x7f9aa803d288: <= fetch input ssl_msg.c:3763: 0x7f9aa803d288: dumping 'input record header' (5 bytes) ssl_msg.c:3763: 0x7f9aa803d288: 0000: 17 03 03 00 41 ....A ssl_msg.c:3765: 0x7f9aa803d288: input record: msgtype = 23, version = [3:3], msglen = 65 ssl_msg.c:2012: 0x7f9aa803d288: => fetch input ssl_msg.c:2167: 0x7f9aa803d288: in_left: 5, nb_want: 70 ssl_msg.c:2192: 0x7f9aa803d288: in_left: 5, nb_want: 70 ssl_msg.c:2195: 0x7f9aa803d288: ssl->f_recv(_timeout)() returned 65 (-0xffffffbf) ssl_msg.c:2215: 0x7f9aa803d288: <= fetch input ssl_msg.c:3874: 0x7f9aa803d288: dumping 'input record from network' (70 bytes) ssl_msg.c:3874: 0x7f9aa803d288: 0000: 17 03 03 00 41 00 00 00 00 00 00 00 03 27 9d 1a ....A........'.. ssl_msg.c:3874: 0x7f9aa803d288: 0010: 50 14 ff e1 14 8c b0 f5 de 06 1c f0 43 5c a0 91 P...........C\.. ssl_msg.c:3874: 0x7f9aa803d288: 0020: 46 23 3e 42 86 ed 3a 48 38 3d e8 b4 05 09 50 ac F#>B..:H8=....P. ssl_msg.c:3874: 0x7f9aa803d288: 0030: 94 6b 9c fb c6 22 7b 46 62 e0 af 08 ab 60 50 3c .k..."{Fb....`P< ssl_msg.c:3874: 0x7f9aa803d288: 0040: 6d c6 c8 7c cb 2c m..|., ssl_msg.c:1301: 0x7f9aa803d288: => decrypt buf ssl_msg.c:1414: 0x7f9aa803d288: dumping 'additional data used for AEAD' (13 bytes) ssl_msg.c:1414: 0x7f9aa803d288: 0000: 00 00 00 00 00 00 00 02 17 03 03 00 31 ............1 ssl_msg.c:1423: 0x7f9aa803d288: dumping 'IV used' (12 bytes) ssl_msg.c:1423: 0x7f9aa803d288: 0000: db 70 01 4b 00 00 00 00 00 00 00 03 .p.K........ ssl_msg.c:1424: 0x7f9aa803d288: dumping 'TAG used' (8 bytes) ssl_msg.c:1424: 0x7f9aa803d288: 0000: 50 3c 6d c6 c8 7c cb 2c P<m..|., ssl_msg.c:1437: 0x7f9aa803d288: mbedtls_cipher_auth_decrypt() returned -25344 (-0x6300) ssl_msg.c:3900: 0x7f9aa803d288: ssl_decrypt_buf() returned -29056 (-0x7180) Between each emission or reception of the fragment, the TLS security context is loaded and saved into a database. The use case here is really interesting, it seems to work well except when I receive or emit a message split into multiple fragments. Something is lost during the session backup. Maybe an interesting thing to add is when I'm loading a TLS session from the database, I'm following these steps: * Load the session into a buffer from the database * Init a security session with mbedtls_ssl_init() and mbedtls_ssl_setup() * Load the session from the buffer with mbedtls_ssl_context_load() Since I'm not an expert of mbed TLS code, I would like to know if someone could help me investigate this issue. TLS serialization/deserialization could be interesting to be part of the mbed TLS library. Regards, Jérémy Audiger

4 years, 4 months

2
1
0 0

3.0 Proposal: remove 3DES ciphersuites

by Manuel Pegourie-Gonnard

Hi all, We'd like to completely remove support for 3DES TLS ciphersuites in Mbed TLS 3.0. Those ciphersuites are vulnerable to the Sweet32 attack and 3DES has been deprecated by NIST. If we remove them from Mbed TLS 3.0, they will remain available in Mbed TLS 2.16 and 2.x, the latter being supported until 3 years after 3.0 has been released. As usual, if for any reason you need support for 3DES TLS ciphersuites in Mbed TLS 3.0, please speak up now and let use know about your use case! More context can be found at https://github.com/ARMmbed/mbedtls/issues/4367 Regards, Manuel.

4 years, 4 months

1
0
0 0

3.0 proposal: remove support for MD2, MD4, RC4, Blowfish and XTEA

by Ronald Cron

Hi, We consider removing the support for MD2, MD4, RC4, Blowfish and XTEA from Mbed TLS 3.0 (but the support will remain in the 2.16 and 2.2x LTS branches for the course of their lifetime). If you use one of those cryptographic primitives and think it should remain in Mbed TLS 3.0, please let us know and explain why. You can find more information in the following GitHub issue: https://github.com/ARMmbed/mbedtls/issues/4084. Best regards, Ronald Cron.

4 years, 4 months

1
0
0 0

SSL session cache API in Mbed TLS 3.0

by Hanno Becker

Hi Mbed TLS enthusiasts, For Mbed TLS 3.0, we're considering to modify the API around SSL sessions and server-side SSL session caches as follows: 1) The mbedtls_ssl_session structure becomes opaque, that is, its layout, fields, size is not part of the API and thus not subject to any stability promises. Instances of mbedtls_ssl_session may only be accessed through public function API. At the time of writing, this is mainly mbedtls_ssl_session_load()/save() for session serialization and deserialization. In particular, user code requiring access to specific fields of mbedtls_ssl_session won't be portable without further adjustments, e.g. the addition of getter functions. If you access fields of mbedtls_ssl_session in your code and would like to retain the ability to do so, now is the time to speak up and let us know about your use case. 2) The SSL session cache API gets modified as proposed in https://github.com/ARMmbed/mbedtls/issues/4333#issuecomment-820297322: int mbedtls_ssl_cache_get( void *data, unsigned char const *session_id, size_t session_id_len, mbedtls_ssl_session *dst_session ); int mbedtls_ssl_cache_set( void *data, unsigned char const *session_id, size_t session_id_len, mbedtls_ssl_session const *session ); In words: The session ID becomes an explicit parameter. This modification is necessary because the present session cache API requires custom implementations to peek into the mbedtls_ssl_session structure, at least to inspect the session ID. With the session ID being added as an explicit parameter, this is no longer necessary. We propose that custom session cache implementations treat mbedtls_ssl_session instances opaquely and only use them through the serialization and deserialization API mbedtls_ssl_session_load()/save(). The reason why the proposed API does not operate on serialized data directly is that this would enforce unnecessary copies. If you are using a custom SSL server-side session cache implementation which accesses fields other than the session ID and which can not be implemented based on session serialization, now is the time to speak up and let us know about your use case. Kind regards, Hanno

4 years, 4 months

1
0
0 0

3.0 proposal: remove support for Truncated HMAC

by Manuel Pegourie-Gonnard

Hi everyone, Truncated HMAC is a TLS extension that was originally created to reduce overhead in constrained environments. Nowadays, CCM-8 ciphersuites are an alternative that's superior both in terms of having even lower overhead and in terms of security. Consequently, recent RFCs have stated that the Truncated HMAC extensions must no longer be used. So, we would like to entirely remove support for this extension from Mbed TLS 3.0. (LTS branches would obviously retain support for it.) If you need support for Truncated HMAC extension in Mbed TLS 3.0, please speak up now! More context and details can be found in this github issue, which can also be used for discussion: https://github.com/ARMmbed/mbedtls/issues/4341 Regards, Manuel.

4 years, 5 months

1
0
0 0

TLS serialization

by Jérémy Audiger

Hi everyone, I'm currently trying to add the ability to serialize / deserialize a TLS security session using these APIs: * mbedtls_ssl_context_load() * mbedtls_ssl_context_save() I'm on TLS Server-side (so not talking about TLS Client here). After digging through the mailing list, I discovered this previous topic: https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000012.html and this Github repository: https://github.com/dimakuv/mbedtls-psk-example The scenario is the same here: using PSK with ciphersuite MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 Once the handshake is done, I'm able to serialize the TLS session with the patch attached to this email. After that I'm able to decrypt one incoming packet and encrypt one ongoing packet. So, almost everything is fine. But, when the TLS Server is receiving another message from the TLS Client (message sent in two fragments), the Server is able to decrypt the first fragment but not the second one, getting this error: ssl_msg.c:5475: 0x7f9aa803d288: => read ssl_msg.c:4029: 0x7f9aa803d288: => read record ssl_msg.c:2012: 0x7f9aa803d288: => fetch input ssl_msg.c:2167: 0x7f9aa803d288: in_left: 0, nb_want: 5 ssl_msg.c:2192: 0x7f9aa803d288: in_left: 0, nb_want: 5 ssl_msg.c:2195: 0x7f9aa803d288: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_msg.c:2215: 0x7f9aa803d288: <= fetch input ssl_msg.c:3763: 0x7f9aa803d288: dumping 'input record header' (5 bytes) ssl_msg.c:3763: 0x7f9aa803d288: 0000: 17 03 03 00 41 ....A ssl_msg.c:3765: 0x7f9aa803d288: input record: msgtype = 23, version = [3:3], msglen = 65 ssl_msg.c:2012: 0x7f9aa803d288: => fetch input ssl_msg.c:2167: 0x7f9aa803d288: in_left: 5, nb_want: 70 ssl_msg.c:2192: 0x7f9aa803d288: in_left: 5, nb_want: 70 ssl_msg.c:2195: 0x7f9aa803d288: ssl->f_recv(_timeout)() returned 65 (-0xffffffbf) ssl_msg.c:2215: 0x7f9aa803d288: <= fetch input ssl_msg.c:3874: 0x7f9aa803d288: dumping 'input record from network' (70 bytes) ssl_msg.c:3874: 0x7f9aa803d288: 0000: 17 03 03 00 41 00 00 00 00 00 00 00 03 27 9d 1a ....A........'.. ssl_msg.c:3874: 0x7f9aa803d288: 0010: 50 14 ff e1 14 8c b0 f5 de 06 1c f0 43 5c a0 91 P...........C\.. ssl_msg.c:3874: 0x7f9aa803d288: 0020: 46 23 3e 42 86 ed 3a 48 38 3d e8 b4 05 09 50 ac F#>B..:H8=....P. ssl_msg.c:3874: 0x7f9aa803d288: 0030: 94 6b 9c fb c6 22 7b 46 62 e0 af 08 ab 60 50 3c .k..."{Fb....`P< ssl_msg.c:3874: 0x7f9aa803d288: 0040: 6d c6 c8 7c cb 2c m..|., ssl_msg.c:1301: 0x7f9aa803d288: => decrypt buf ssl_msg.c:1414: 0x7f9aa803d288: dumping 'additional data used for AEAD' (13 bytes) ssl_msg.c:1414: 0x7f9aa803d288: 0000: 00 00 00 00 00 00 00 02 17 03 03 00 31 ............1 ssl_msg.c:1423: 0x7f9aa803d288: dumping 'IV used' (12 bytes) ssl_msg.c:1423: 0x7f9aa803d288: 0000: db 70 01 4b 00 00 00 00 00 00 00 03 .p.K........ ssl_msg.c:1424: 0x7f9aa803d288: dumping 'TAG used' (8 bytes) ssl_msg.c:1424: 0x7f9aa803d288: 0000: 50 3c 6d c6 c8 7c cb 2c P<m..|., ssl_msg.c:1437: 0x7f9aa803d288: mbedtls_cipher_auth_decrypt() returned -25344 (-0x6300) ssl_msg.c:3900: 0x7f9aa803d288: ssl_decrypt_buf() returned -29056 (-0x7180) Between each emission or reception of the fragment, the TLS security context is loaded and saved into a database. The use case here is really interesting, it seems to work well except when I receive or emit a message split into multiple fragments. Something is lost during the session backup. Maybe an interesting thing to add is when I'm loading a TLS session from the database, I'm following these steps: * Load the session into a buffer from the database * Init a security session with mbedtls_ssl_init() and mbedtls_ssl_setup() * Load the session from the buffer with mbedtls_ssl_context_load() Since I'm not an expert of mbed TLS code, I would like to know if someone could help me investigate this issue. TLS serialization/deserialization could be interesting to be part of the mbed TLS library. Regards, Jérémy Audiger

4 years, 5 months

1
0
0 0

3.0 proposal: remove support for TLS 1.0, TLS 1.1 and DTLS 1.0

by Manuel Pegourie-Gonnard

Hi everyone, The IETF has recently published RFC 8996, which formally deprecates TLS 1.0, TLS 1.1 and DTLS 1.0 (there is no DTLS 1.1). One of the stated goals of the RFC is to empower maintainers of (D)TLS stacks to remove them from their code base, reducing the maintenance cost and the attack surface at the same time. This RFC comes right during the time we're preparing a new major version, which is the only time we allow ourselves to remove features. We'd like to take advantage of this opportunity by entirely removing support for TLS 1.0, TLS 1.1 and DTLS 1.0 in Mbed TLS 3.0. (They would obviously stay in our long-term support branches.) If you find yourself needing support for these versions in Mbed TLS 3.0, now is the time to speak up! More details can be found in the following github issue: https://github.com/ARMmbed/mbedtls/issues/4286 Feel free to discuss this issue on the list or on github, whatever's more convenient for you. Best regards, Manuel.

4 years, 5 months

1
0
0 0

Mbed TLS 3.0 branching

by Dave Rodgman

Hello Mbed TLS users, As previously announced, we are going to switch the focus of Mbed TLS development onto the upcoming 3.0 release. * We have created the development_2.x branch, currently aligned with the tip of development * For the next two weeks, we will keep development and development_2.x in sync (daily) * On April 22, we will merge development_3.0 into development, and remove development_3.0 This means that after April 22: * development will contain API-breaking changes * new features will not normally be back-ported to development_2.x (unless there is a compelling reason to do so) * relevant bugfixes will be backported as normal Impact for users: * users of development should consider whether they should switch to using development_2.x * authors of PRs requiring backports may require an additional backport to development_2.x Regards Dave Rodgman

4 years, 5 months

1
0
0 0

3.0 proposal: remove MBEDTLS_CHECK_PARAMS

by Gilles Peskine

Hello, I propose to remove the MBEDTLS_CHECK_PARAMS feature from Mbed TLS 3.0. (As with everything else, it will of course remain in the 2.16 and 2.2x long-time support branches.) If you are using MBEDTLS_CHECK_PARAMS and you think it should remain, please let us know and explain why. If you are not using this feature, I personally think that you're making the right choice. But if you're curious what it is, you can read the documentation or my description in https://github.com/ARMmbed/mbedtls/issues/4313 . -- Gilles Peskine Mbed TLS developer

4 years, 5 months

1
0
0 0

Re: [mbed-tls] mbedtls_hmac_drbg_seed fails, returns MBEDTLS_ERR_ENTROPY_SOURCE_FAILED

by Gilles Peskine

Hi Jeff, It looks like you're using an old version of Mbed TLS. mbedtls_hmac_drbg_seed used to set ctx->entropy_len to entropy_len * 3 / 2, but this changed (https://github.com/ARMmbed/mbed-crypto/pull/238) to making a call to mbedtls_entropy_func for entropy_len and then one again for entropy_len / 2, precisely to avoid the scenario you're describing where the HMAC_DRBG module would request more entropy than the entropy can deliver in a single call. Please upgrade to the latest release of Mbed TLS, or the latest 2.16 release if you want a long-time support branch. The version you're using is old and has known vulnerabilities. -- Gilles Peskine Mbed TLS developer On 06/04/2021 13:59, Thompson, Jeff via mbed-tls wrote: > > ï¿½ > > The call flow is mbedtls_hmac_drbg -> mbedtls_hmac_drbg_reseed -> > mbedtls_entropy_func where the parameter, len, is 48 and > MBEDTLS_ENTROPY_BLOCK_SIZE is 32. I see that mbedtls_hmac_drbg_seed > sets ï¿½ctx->entropy_len = entropy_len * 3 / 2, which explains the size > difference. Iï¿½ve probably mis-configured (see attached) in order to > use TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, because other ciphers take too > long. > > ï¿½ > > *Jeff Thompson*ï¿½| ï¿½Senior Electrical Engineer-Firmware > +1 704 752 6513 x1394 > www.invue.com <www.invue.com> > > ï¿½ > >

4 years, 5 months

1
0
0 0

mbedtls_hmac_drbg_seed fails, returns MBEDTLS_ERR_ENTROPY_SOURCE_FAILED

by Thompson, Jeff

The call flow is mbedtls_hmac_drbg -> mbedtls_hmac_drbg_reseed -> mbedtls_entropy_func where the parameter, len, is 48 and MBEDTLS_ENTROPY_BLOCK_SIZE is 32. I see that mbedtls_hmac_drbg_seed sets ctx->entropy_len = entropy_len * 3 / 2, which explains the size difference. I've probably mis-configured (see attached) in order to use TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, because other ciphers take too long. Jeff Thompson | Senior Electrical Engineer-Firmware +1 704 752 6513 x1394 www.invue.com [cid:image001.gif@01D72ABA.56C4A310]

4 years, 5 months

1
0
0 0

Re: [mbed-tls] Mbed TLS mbedtls_ssl_config (struct) Question

by Manuel Pegourie-Gonnard

Hi Keith, Those are good questions, and the short answer is everything should work in a multi-threaded environment if Mbed TLS was built with threading support (for example, enabling MBEDTLS_THREADING_C and MBEDTLS_THREADING_PTHREAD in config.h). Now for some more details: regarding mbedtls_ssl_config, it is indeed treated as read-only by all function in the SSL/TLS module, except of course those functions that are explicitly meant to modify it (those whose name starts with mbedtls_ssl_conf_). So, if you set it up in the main thread and then use it in other threads, everything will be fine regarding the top-level structure itself (for sub-structures see below), regardless of whether threading support is enabled. For the DRBG contexts, you're right that each time we draw from them, they need to update their state. However, this is protected by a mutex if threading support was enabled at compile-time. A similar thing goes for private keys : RSA private keys are protected by a mutex if threading support is enabled (using them mutates state used for side-channel countermeasures), and ECDSA private keys are safe too. X.509 structures are always treated as read-only. Regarding documentation: we did recently expand the documentation on DRBGs: https://github.com/ARMmbed/mbedtls/commit/f305d92480c81c6eb02934a4e1af58152… Regarding SSL, I agree this should be better documented. If you'd like to open a PR to add documentation that would have answered your question, that would be very welcome. Regards, Manuel ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Keith Cancel via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Sent: 02 April 2021 06:43 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] Mbed TLS mbedtls_ssl_config (struct) Question Hello, I hope this a simple question regarding mbedtls_ssl_config. So it seems this structure is meant to be shared/used for multiple connections. However, if I have multiple threads is it treated as a read only structure by all the library code, or does it update some state at times? Similar thing regarding the mbedtls_x509_crt struct and mbedtls_ctr_drbg_context which also seem to be added to the config when I setup the config. I was hoping that once set I don’t have to worry about any mutexs/locks being used by the library under the hood. Mainly, that once the configuration is set in the main thread it state is never updated again. What made me curious about this is the fact the RNG seems to be part of the configuration and a CPRNG will generally have state that needs to change. Moreover, I can’t really find a clear answer looking at the docs. Thanks, Keith Cancel -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls

4 years, 5 months

1
0
0 0

Mbed TLS mbedtls_ssl_config (struct) Question

by Keith Cancel

Hello, I hope this a simple question regarding mbedtls_ssl_config. So it seems this structure is meant to be shared/used for multiple connections. However, if I have multiple threads is it treated as a read only structure by all the library code, or does it update some state at times? Similar thing regarding the mbedtls_x509_crt struct and mbedtls_ctr_drbg_context which also seem to be added to the config when I setup the config. I was hoping that once set I don’t have to worry about any mutexs/locks being used by the library under the hood. Mainly, that once the configuration is set in the main thread it state is never updated again. What made me curious about this is the fact the RNG seems to be part of the configuration and a CPRNG will generally have state that needs to change. Moreover, I can’t really find a clear answer looking at the docs. Thanks, Keith Cancel

4 years, 5 months

1
0
0 0

MbedTLS handshark faild "The certificate is not correctly signed bythe trusted CA"

by chen

Hello, I run a client that has been ported MbedTLS, but the client connect server faild. I check the debug log, the end client state is 15. In the client state 3, the client receive only one certificate from server, and the log printing "Certificate verification flags 8". Here are part of logs: ..\MbedTLS\library\ssl_tls.c:4232: dumping 'input record from network' (4467 bytes) ..\MbedTLS\library\ssl_tls.c:4232: 0000: 16 03 03 11 6e 0b 00 11 6a 00 11 67 00 05 c2 30 ....n...j..g...0 ..\MbedTLS\library\ssl_tls.c:4232: 0010: -------- omit some network input data -------- ..\MbedTLS\library\ssl_tls.c:4232: 0ff0: 38 a0 36 a0 34 86 32 68 74 74 70 3a 2f 2f 63 72 8.6.4.2http://cr ..\MbedTLS\library\ssl_tls.c:3624: handshake message: msglen = 4462, type = 11, hslen = 4462 ..\MbedTLS\library\ssl_tls.c:4385: <= read record ..\MbedTLS\library\ssl_tls.c:5606: peer certificate #1: ..\MbedTLS\library\ssl_tls.c:5606: cert. version : 3 ..\MbedTLS\library\ssl_tls.c:5606: serial number : F0:57:5F:65:80:A9:70:B4:F9:8E:42:91:AE:D0:70:27 ..\MbedTLS\library\ssl_tls.c:5606: issuer name : C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA ..\MbedTLS\library\ssl_tls.c:5606: subject name : CN=*.xxxxxxxx.com ..\MbedTLS\library\ssl_tls.c:5606: issued on : 2020-06-01 00:00:00 ..\MbedTLS\library\ssl_tls.c:5606: expires on : 2021-05-26 23:59:59 ..\MbedTLS\library\ssl_tls.c:5606: signed using : RSA with SHA-256 ..\MbedTLS\library\ssl_tls.c:5606: RSA key size : 2048 bits ..\MbedTLS\library\ssl_tls.c:5606: basic constraints : CA=false ..\MbedTLS\library\ssl_tls.c:5606: subject alt name : *.xxxxxxxx.com, xxxxxxxx.com ..\MbedTLS\library\ssl_tls.c:5606: key usage : Digital Signature, Key Encipherment ..\MbedTLS\library\ssl_tls.c:5606: ext key usage : TLS Web Server Authentication, TLS Web Client Authentication ..\MbedTLS\library\ssl_tls.c:5606: value of 'crt->rsa.N' (2048 bits) is: ..\MbedTLS\library\ssl_tls.c:5606: af b7 73 1a f9 8a 2d 5e a2 e8 0f fd 89 5d 60 1d ..\MbedTLS\library\ssl_tls.c:5606: -------- omit some bits -------- ..\MbedTLS\library\ssl_tls.c:5606: e6 8e f8 3e ed ec 8e dd ec 46 48 85 9a b4 c8 71 ..\MbedTLS\library\ssl_tls.c:5606: value of 'crt->rsa.E' (17 bits) is: ..\MbedTLS\library\ssl_tls.c:5606: 01 00 01 ..\MbedTLS\library\ssl_tls.c:5757: x509_verify_cert() returned -9984 (-0x2700) ..\MbedTLS\library\ssl_tls.c:5851: ! Certificate verification flags 8 ..\MbedTLS\library\ssl_tls.c:5863: <= parse certificate At the client side, I download certificate of server, and get CA and root CA base on this certificate. Loading any one of these certificates into the client can't connect server. I did a test with another server. The different of the handshark is that the server issued two certificates, one is server's cert and another is CA cert. Loading CA or root CA into the client both can connect server successfully. problems: 1. Must the server send CA certificate in handshake phase? 2. The client holds CA certificate, dose MbedTLS client support downloading CA base on server's certificate? 3. In the source code, the certificate chain only contains the certificate issued by the server during handshake, not the CA certificate downloaded by the client according to the server certificate? Thank you very much for the answers. Best regards, berry chen

4 years, 5 months

1
0
0 0

Re: [mbed-tls] C/assembly option

by Gilles Peskine

Hi Raoul, Do I understand correctly that the problem with Mbed TLS as it is now is that you need MBEDTLS_HAVE_ASM enabled for AESNI and disabled for bignum? Would you want even more granularity? In principle, we could create a new compile-time option MBEDTLS_MPI_ASM, defaulting to what it does now (enabled if MBEDTLS_HAVE_ASM if the platform is one of the known ones) but overridable in either direction. However I don't like it much because we're trying to cut down on compilation options to reduce the maintenance burden: each compilation option adds complexity which makes it harder to understand all interactions between different parts of the library, and adds some testing burden. Symmetric and asymmetric crypto are mostly decoupled, so this one wouldn't be too bad, but it all adds up. In the long term, I expect that the different cryptographic algorithms will become more decoupled, with a possibility to treat each one as a black box that could be implemented by a hardware driver, and with a uniform mechanism to select drivers (or maybe they should be called engines). The evolution of the crypto part of the library to PSA is going in this direction. But we aren't there yet. Sorry that I don't have a more satisfying answer here. -- Gilles Peskine Mbed TLS developer On 31/03/2021 09:13, Raoul Strackx via mbed-tls wrote: > Hi all, > > We have a product that requires very strong security measures. When > compiling the mbedtls library, we face the following issue: Compiling C > code with LVI-mitigations is often much faster than relying on automatic > LVI mitigations on assembly code. The MPI functions are a good example > where we wish to rely on C source code. For other functions, we need to > rely on assembly code in order to mitigate other vulnerabilities (e.g., > we require AESNI assembly instructions over C implementations of AES). > Currently there isn't an option to choose between C/assembly per function. > > What would be an acceptable solution for this? > > greetings, > > Raoul > > >

4 years, 5 months

1
0
0 0

Minimum development environment: 2021 edition

by Gilles Peskine

Hello, In a nutshell: 1. Must Mbed TLS support Python 3.4 to configure and test, or can 3.6 be enough? 2. Must the supplied CMake scripts support 2.8.12.2, or can 3.5.2 be enough? This thread is about minimum tool versions to configure, build and test Mbed TLS (excluding TLS interoperability testing and some maintainer scripts) on Linux and similar (Unix-like) platforms. (This is not about the set of platforms where Mbed TLS will _run_, which is as close to “anything with CHAR_BIT==8 and sizeof(size_t) >= 4” as we can make it.) Our general guideline is that Mbed TLS should build out of the box on supported versions of major desktop and server operating systems. In practice, this has tended to mean supporting tool versions from RHEL/CentOS, SLES and Ubuntu LTS releases (but not necessarily extended security maintenance releases). Last year (https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/thread.html) we concluded that we should support the following minimum versions, which will remain supported in the Mbed TLS 2.16 long-time support (LTS) branch: clang 3.8 cmake 2.8.12.2 gcc 4.4 make 3.81 python 3.4 (in 2.16: only to build the unit tests, not to configure) Since then, RHEL 6 and Ubuntu 16.04 have reached their end of life, the CentOS world has changed considerably. Looking at maintained platforms after April 2021 (https://github.com/ARMmbed/mbedtls/issues/2896#issuecomment-603471273), our current goal for the upcoming Mbed TLS 2.x LTS (last release before 3.0) is: clang 6.0 cmake 2.8.12.2 (or 3.5.2? or 3.10.2?) gcc 4.8 make 3.82 python 3.6 (or 3.4.10?) Regarding Python: is there any demand for supporting Python versions older than 3.6? Python 3 is required to fine-tune the library configuration (it is not needed if you use the default config.h or a handwritten one) and build the unit tests. Regarding CMake: it is increasingly problematic for us to support CMake 2.8.12, which is only required for RHEL 7: other distributions under consideration have at least CMake 3.5. There is an ongoing effort to improve our CMake scripts to make it easier to integrate Mbed TLS into a larger project, but it is difficult to preserve backward compatibility with 2.8.12. Would it be acceptable to require CMake >= 3.5? CMake >= 3.10.2? If you have any constraints that are not captured here or if you have an opinion regarding Python and CMake versions, please let us know quickly. -- Gilles Peskine Mbed TLS developer

4 years, 5 months

1
0
0 0

C/assembly option

by Raoul Strackx

Hi all, We have a product that requires very strong security measures. When compiling the mbedtls library, we face the following issue: Compiling C code with LVI-mitigations is often much faster than relying on automatic LVI mitigations on assembly code. The MPI functions are a good example where we wish to rely on C source code. For other functions, we need to rely on assembly code in order to mitigate other vulnerabilities (e.g., we require AESNI assembly instructions over C implementations of AES). Currently there isn't an option to choose between C/assembly per function. What would be an acceptable solution for this? greetings, Raoul

4 years, 5 months

1
0
0 0

Mbed TLS releases: 2.26.0, 2.16.10 and 2.7.19

by Dave Rodgman

Hi Mbed TLS users, We have released Mbed TLS versions 2.7.19, 2.16.10 and 2.26.0. These releases of Mbed TLS address several security issues, provide bug fixes, and bring other minor changes. Full details are available in the release notes (https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.26.0, https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.10, https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.7.19). We recommend all users to consider whether they are impacted, and to upgrade appropriately. Please note that there will be no further releases on the 2.7 branch, as this is now out of the three year support period. Dave Rodgman

4 years, 6 months

1
0
0 0

OCSP

by Giuseppe Modugno

Is there any support for OCSP stapling in mbedTLS? Is there any roadmap for implementing it?

4 years, 6 months

1
0
0 0

Re: [mbed-tls] Use PKCS#11 and mbed TLS

by Gilles Peskine

Also, if you're looking for a hardware platform with PSA Crypto drivers, Silicon Labs has one available. They've been participating in Mbed TLS development recently and a large part of the driver support code added in the past few months comes from them. You can see the documentation of their development kit at https://docs.silabs.com/mbed-tls/latest/ . (If you want to know about getting sample hardware and driver code … I'm not the right person to ask.) -- Gilles Peskine On 24/02/2021 22:26, Gilles Peskine via mbed-tls wrote: > Hi Frank, > > I'm not sure what you're looking for. Do you mean open source projects > like Curl and Hiawatha that can use Mbed TLS as a cryptography provider? > Those are generally using the classic API, and so can't make generic use > of secure elements. I am aware of private projects using the limited > features available today (for example, TLS servers can use async private > key operations to put the key in an HSM — see > https://tls.mbed.org/kb/how-to/ssl_async). > > I've used SoftHSM in the past as a way to test portable PKCS#11 client > code without hardware. It did the job well. I can't speak for the > quality of its cryptography since I was only using it for testing. > > If you're looking for a generic interface between applications and > secure elements, then I would recommend PSA crypto over PKCS#11. We did > try to make PSA Crypto a better PKCS#11. Obviously I'm biased :) But of > course PKCS#11 is old and venerable, whereas PSA is new and the support > for hardware secure elements is still a work in progress. >

4 years, 6 months

1
0
0 0

Re: [mbed-tls] Use PKCS#11 and mbed TLS

by Gilles Peskine

Hi Frank, I'm not sure what you're looking for. Do you mean open source projects like Curl and Hiawatha that can use Mbed TLS as a cryptography provider? Those are generally using the classic API, and so can't make generic use of secure elements. I am aware of private projects using the limited features available today (for example, TLS servers can use async private key operations to put the key in an HSM — see https://tls.mbed.org/kb/how-to/ssl_async). I've used SoftHSM in the past as a way to test portable PKCS#11 client code without hardware. It did the job well. I can't speak for the quality of its cryptography since I was only using it for testing. If you're looking for a generic interface between applications and secure elements, then I would recommend PSA crypto over PKCS#11. We did try to make PSA Crypto a better PKCS#11. Obviously I'm biased :) But of course PKCS#11 is old and venerable, whereas PSA is new and the support for hardware secure elements is still a work in progress. -- Gilles Peskine Mbed TLS developer and PSA Crypto architect On 21/02/2021 17:11, Frank Bergmann via mbed-tls wrote: > Hi Gilles, > > thank you for your detailled answer. > Honestly I was in fear that your answer would look like this. ;-) > > Do you maybe know of any plans of any software project to use mbed TLS > together with a secure element? > > I asked SoftHSM because it looks much promising for our goals but they > answered that they don't have any plans to use different ssl libs. > > > cheers, > Frank > > > On 08.02.21 23:07, Gilles Peskine via mbed-tls wrote: >> Hi Frank, >> >> Support for HSM keys in Mbed TLS is a work in progress. The way it will >> work eventually is by plugging an HSM driver under the PSA crypto API, >> which supports both transparent and opaque keys. >> >> The TLS code can already use the PSA crypto API for some things, >> including client signature. Enable MBEDTLS_USE_PSA_CRYPTO, call >> mbedtls_pk_setup_opaque() to create a PK object for the key, and declare >> the key to the TLS code with mbedtls_ssl_conf_own_cert() as usual. >> >> To create the key, you will need to write a PKCS#11 secure element >> driver. ("Secure element" = "HSM" for this purpose.) I think it would >> make sense to have one in Mbed TLS, but I don't know when we might get >> around to writing one. >> >> There are two secure element driver interfaces in Mbed TLS right now: >> MBEDTLS_PSA_CRYPTO_SE_C (dynamic secure element interface) and >> MBEDTLS_PSA_CRYPTO_DRIVERS (unified driver interface). Both are still >> experimental: we can't guarantee API stability at this stage. >> MBEDTLS_PSA_CRYPTO_SE_C was the first proposal, and its development is >> currently frozen and may be abandonned, so I don't recommend investing >> any effort in it at the moment, but if you need something fast (e.g. for >> a demo/proof-of-concept), it's your best bet. MBEDTLS_PSA_CRYPTO_DRIVERS >> is the way of the future, but it's an active work in progress. >> >> If you're creating the key from your application, just call >> psa_generate_key. If the key was provisioned externally, it's >> unfortunately not so easy. With MBEDTLS_PSA_CRYPTO_SE_C, you can >> register a key that's already present in the secure element with >> mbedtls_psa_register_se_key(). The corresponding facility in the >> MBEDTLS_PSA_CRYPTO_DRIVERS interface is a "get_builtin_key" entry point, >> but this is not implemented yet. (There's a prototype at >> https://github.com/ARMmbed/mbedtls/pull/3822 but nobody is working on >> it. The specification is in docs/proposed/psa-driver-interface.md.) >> >> There's an example application with a MBEDTLS_PSA_CRYPTO_SE_C driver at >> https://github.com/ARMmbed/mbed-os-example-atecc608a . We don't have >> example code for MBEDTLS_PSA_CRYPTO_DRIVERS yet, or good documentation, >> or an easy-to-use build system — those are still a few months in the future. >> >> If you write a driver in the next few months, I recommend that you stay >> in touch with the Mbed TLS development team and follow the development >> branch of Mbed TLS closely, since it's a very active area of development >> at the moment. >>

4 years, 6 months

1
0
0 0

Re: [mbed-tls] PR-4161-merge TLS Testing — Failures: ABI-API-checking

by Janos Follath

Hi Gábor, Yes, it is ready for review, I have added the corresponding labels. Now there is nothing else to do just to wait for the reviews. Best regards, Janos From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Gábor Tóth via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Date: Tuesday, 23 February 2021 at 06:29 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] PR-4161-merge TLS Testing — Failures: ABI-API-checking Hello Guys! AFter a week of debugging yesterday I was able to solve the issues on my PR, but the ABI-API failure is still on. I was told that based on my changes it is OK, I should not worry. Does this mean that my PR is ready for review or it should have disappeared by now? In the second case could someone provide me the jenkins reports and some idea where should I start searching? This is my PR: https://github.com/ARMmbed/mbedtls/pull/4161 Thank you in advance! BR, Gábor

4 years, 6 months

1
0
0 0

PR-4161-merge TLS Testing — Failures: ABI-API-checking

by Gábor Tóth

Hello Guys! AFter a week of debugging yesterday I was able to solve the issues on my PR, but the ABI-API failure is still on. I was told that based on my changes it is OK, I should not worry. Does this mean that my PR is ready for review or it should have disappeared by now? In the second case could someone provide me the jenkins reports and some idea where should I start searching? This is my PR: https://github.com/ARMmbed/mbedtls/pull/4161 Thank you in advance! BR, Gábor

4 years, 6 months

1
0
0 0

Re: [mbed-tls] Failing signoff (DCO) on: https://github.com/ARMmbed/mbedtls/pull/4140

by Gábor Tóth

Helló János! Yes I tried that one (and plenty of other stuff). Finally I just reset the branch and recommited the changes solving this particular issue. Unfortunately I had to create a new PR, because git did not let me reopen it, but that is another topic. Thank you for the help! BR, Gábor Janos Follath <Janos.Follath(a)arm.com> ezt írta (időpont: 2021. febr. 22., H, 13:17): > Hi Gábor, > > > > Have you tried running `git commit --amend` (without --no-edit --signoff) > and adding the “Signed-off-by: toth92g <toth92g(a)gmail.com>" line by hand? > > > > Best regards, > > Janos > > > > *From: *Gábor Tóth <toth92g(a)gmail.com> > *Date: *Monday, 22 February 2021 at 11:44 > *To: *Janos Follath <Janos.Follath(a)arm.com> > *Subject: *Re: [mbed-tls] Failing signoff (DCO) on: > https://github.com/ARMmbed/mbedtls/pull/4140 > > Helló János! > > > > Yes, I know which one, but I do not know how to change the commit message > in git. I have used the provided commands (amend), but it did not correct > the error. > > > > Do you know how to change it manually? > > > > BR, > > Gábor > > > > Janos Follath <Janos.Follath(a)arm.com> ezt írta (időpont: 2021. febr. 22., > H, 12:38): > > Hi Gábor, > > > > If you click on the “details” link on the DCO check it will tell you which > commits are missing the sign-off: > > https://github.com/ARMmbed/mbedtls/pull/4140/checks?check_run_id=1950600200 > > > > In this case you have one commit that is not signed off: > > > https://github.com/ARMmbed/mbedtls/pull/4140/commits/fdd3c65ee47ab80f69cfa4… > > > > Best regards, > > Janos > > > > *From: *mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf > of Gábor Tóth via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> > *Date: *Monday, 22 February 2021 at 11:05 > *To: *mbed-tls(a)lists.trustedfirmware.org < > mbed-tls(a)lists.trustedfirmware.org> > *Subject: *[mbed-tls] Failing signoff (DCO) on: > https://github.com/ARMmbed/mbedtls/pull/4140 > > Hello Guys! > > > > I know it is a newbie question, but I am not able to pass this freaking > DCO test...I have used the provided commands to signoff all the commits and > as I see all of them has signoff, but it still failes on one. Do you have > any idea what's wrong or how could I correct it? > > > > Till now I was able to correct it, but now it seems to be bugged. > > > > Thank you! > > > > BR? > Gábor > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. >

4 years, 6 months

1
0
0 0

Re: [mbed-tls] Failing signoff (DCO) on: https://github.com/ARMmbed/mbedtls/pull/4140

by Janos Follath

Hi Gábor, If you click on the “details” link on the DCO check it will tell you which commits are missing the sign-off: https://github.com/ARMmbed/mbedtls/pull/4140/checks?check_run_id=1950600200 In this case you have one commit that is not signed off: https://github.com/ARMmbed/mbedtls/pull/4140/commits/fdd3c65ee47ab80f69cfa4… Best regards, Janos From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Gábor Tóth via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Date: Monday, 22 February 2021 at 11:05 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] Failing signoff (DCO) on: https://github.com/ARMmbed/mbedtls/pull/4140 Hello Guys! I know it is a newbie question, but I am not able to pass this freaking DCO test...I have used the provided commands to signoff all the commits and as I see all of them has signoff, but it still failes on one. Do you have any idea what's wrong or how could I correct it? Till now I was able to correct it, but now it seems to be bugged. Thank you! BR? Gábor

4 years, 6 months

1
0
0 0

Failing signoff (DCO) on: https://github.com/ARMmbed/mbedtls/pull/4140

by Gábor Tóth

Hello Guys! I know it is a newbie question, but I am not able to pass this freaking DCO test...I have used the provided commands to signoff all the commits and as I see all of them has signoff, but it still failes on one. Do you have any idea what's wrong or how could I correct it? Till now I was able to correct it, but now it seems to be bugged. Thank you! BR? Gábor

4 years, 6 months

1
0
0 0

Re: [mbed-tls] Use PKCS#11 and mbed TLS

by Frank Bergmann

Hi Gilles, thank you for your detailled answer. Honestly I was in fear that your answer would look like this. ;-) Do you maybe know of any plans of any software project to use mbed TLS together with a secure element? I asked SoftHSM because it looks much promising for our goals but they answered that they don't have any plans to use different ssl libs. cheers, Frank On 08.02.21 23:07, Gilles Peskine via mbed-tls wrote: > Hi Frank, > > Support for HSM keys in Mbed TLS is a work in progress. The way it will > work eventually is by plugging an HSM driver under the PSA crypto API, > which supports both transparent and opaque keys. > > The TLS code can already use the PSA crypto API for some things, > including client signature. Enable MBEDTLS_USE_PSA_CRYPTO, call > mbedtls_pk_setup_opaque() to create a PK object for the key, and declare > the key to the TLS code with mbedtls_ssl_conf_own_cert() as usual. > > To create the key, you will need to write a PKCS#11 secure element > driver. ("Secure element" = "HSM" for this purpose.) I think it would > make sense to have one in Mbed TLS, but I don't know when we might get > around to writing one. > > There are two secure element driver interfaces in Mbed TLS right now: > MBEDTLS_PSA_CRYPTO_SE_C (dynamic secure element interface) and > MBEDTLS_PSA_CRYPTO_DRIVERS (unified driver interface). Both are still > experimental: we can't guarantee API stability at this stage. > MBEDTLS_PSA_CRYPTO_SE_C was the first proposal, and its development is > currently frozen and may be abandonned, so I don't recommend investing > any effort in it at the moment, but if you need something fast (e.g. for > a demo/proof-of-concept), it's your best bet. MBEDTLS_PSA_CRYPTO_DRIVERS > is the way of the future, but it's an active work in progress. > > If you're creating the key from your application, just call > psa_generate_key. If the key was provisioned externally, it's > unfortunately not so easy. With MBEDTLS_PSA_CRYPTO_SE_C, you can > register a key that's already present in the secure element with > mbedtls_psa_register_se_key(). The corresponding facility in the > MBEDTLS_PSA_CRYPTO_DRIVERS interface is a "get_builtin_key" entry point, > but this is not implemented yet. (There's a prototype at > https://github.com/ARMmbed/mbedtls/pull/3822 but nobody is working on > it. The specification is in docs/proposed/psa-driver-interface.md.) > > There's an example application with a MBEDTLS_PSA_CRYPTO_SE_C driver at > https://github.com/ARMmbed/mbed-os-example-atecc608a . We don't have > example code for MBEDTLS_PSA_CRYPTO_DRIVERS yet, or good documentation, > or an easy-to-use build system — those are still a few months in the future. > > If you write a driver in the next few months, I recommend that you stay > in touch with the Mbed TLS development team and follow the development > branch of Mbed TLS closely, since it's a very active area of development > at the moment. > -- Frank Bergmann, Pödinghauser Str. 5, D-32051 Herford, Tel. +49-5221-9249753 SAP Hybris & Linux LPIC-3, E-Mail tx2014(a)tuxad.de, USt-IdNr DE237314606 http://tdyn.de/freel -- Redirect to profile at freelancermap http://www.gulp.de/freiberufler/2HNKY2YHW.html -- Profile at GULP

4 years, 6 months

1
0
0 0

Re: [mbed-tls] Failures: all_sh-ubuntu-16.04-test_memory_buffer_allocator

by Gilles Peskine

Hi Gábor, To reproduce locally, the correct invocation would be tests/scripts/all.sh test_memory_buffer_allocator Specifically, the failing tests are SSL tests. To reproduce those tests, build the right configuration and run tests/ssl-opt.sh -f 'DTLS fragmenting: proxy MTU, * renego' I've posted the relevant logs on the GitHub issue. It's unusual for the memory_buffer tests to fail when memory sanitizers are passing, so I don't know what's going on. -- Gilles Peskine Mbed TLS developer On 16/02/2021 11:13, Gábor Tóth via mbed-tls wrote: > Hello Guys! > > I have an error related to test_memory_buffer_allocator on the server > in my PR (https://github.com/ARMmbed/mbedtls/pull/4140). Tried to find > the issue locally on both the latest Ubuntu and on version 16.04 (same > as on the server), but without success. > All the tests pass if I run "make test" command (of course I changed > config.h based on the component in all.sh).. > I have also tried: > "./tests/scripts/all.sh component_test_memory_buffer_allocator", but > it does not do anything, just lists some tools. Maybe I am not using > it right... > > The memory allocation/freeing mechanism was not touched by my changes > except that in the function that frees a CRT I added a small part to > free the new dynamic field. > > Do you have any idea what's wrong with my PR, how could I solve it or > find out the cause? > > Thank you guys! > > BR, > Gábor >

4 years, 6 months

1
0
0 0

Failures: all_sh-ubuntu-16.04-test_memory_buffer_allocator

by Gábor Tóth

Hello Guys! I have an error related to test_memory_buffer_allocator on the server in my PR (https://github.com/ARMmbed/mbedtls/pull/4140). Tried to find the issue locally on both the latest Ubuntu and on version 16.04 (same as on the server), but without success. All the tests pass if I run "make test" command (of course I changed config.h based on the component in all.sh).. I have also tried: "./tests/scripts/all.sh component_test_memory_buffer_allocator", but it does not do anything, just lists some tools. Maybe I am not using it right... The memory allocation/freeing mechanism was not touched by my changes except that in the function that frees a CRT I added a small part to free the new dynamic field. Do you have any idea what's wrong with my PR, how could I solve it or find out the cause? Thank you guys! BR, Gábor

4 years, 6 months

1
0
0 0

Requesting a sample code: adding two numbers using mbedtls_mpi_add_int?

by Shariful Alam

Hello, Sorry to bother with a noob question. I am trying to understand how bignum.c works. For that, I'm trying to write a program to add two numbers. Here is what I have https://pastebin.com/mbRaE5i5, I'm not sure if this is the correct approach. I use the following to compile the code, * gcc -o mpi_example mpi_example.c bignum.c* But get the following error, /tmp/ccMo7DMW.o: In function `main': mpi_example.c:(.text+0x2d): undefined reference to `mbedtls_mpi_init' mpi_example.c:(.text+0x39): undefined reference to `mbedtls_mpi_init' mpi_example.c:(.text+0x45): undefined reference to `mbedtls_mpi_init' mpi_example.c:(.text+0x6c): undefined reference to `mbedtls_mpi_add_int' mpi_example.c:(.text+0x9a): undefined reference to `mbedtls_mpi_free' mpi_example.c:(.text+0xa6): undefined reference to `mbedtls_mpi_free' mpi_example.c:(.text+0xb2): undefined reference to `mbedtls_mpi_free' collect2: error: ld returned 1 exit status Any help what I'm doing wrong here? Or any sample code and how to compile it? Thanks, ~ Shariful

4 years, 6 months

1
0
0 0

Overring bignum, aka MBEDTLS_BIGNUM_ALT?

by Fabio Utzig

Hi, I am working on adding HW acceleration to a NXP Kinetis MCU, but the HW accelerator happens to implement many operations which are defined in bignum.c, like "mbedtls_mpi_exp_mod", "mbedtls_mpi_gcd", "mbedtls_mpi_inv_mod" and so on. The bignum clients for me would be ecp.c and ecp_curves.c (as well as ecdh and ecdsa), and while I can override some of those using _ALT macros, for bignum it seems not possible to do so, short of not defining MBEDLTS_BIGNUM_C and all associated dependency issues. Also bignum itself also has other call paths that happen to use the functions I am trying to accelerate, which are themselves called by other files. Since I am using an open-source OSS and can't just override stuff in a fork, so I would like to know if there is some technical reason for an option like "MBEDTLS_BIGNUM_ALT" not being available and if such change would be acceptable? Fabio

4 years, 7 months

1
0
0 0

Re: [mbed-tls] MBEDTLS_ENTROPY_HARDWARE_ALT, mbedtls_ctr_drbg_seed() freezes ?

by Gilles Peskine

Hi Manu, f_entropy is the argument passed to mbedtls_ctr_drbg_seed, which is mbedtls_entropy_func. This function obtains entropy from all configured sources, which depends on the library configuration. Check if it might be calling other sources (see what sources are added in mbedtls_entropy_init in library/entropy.c). I think there's a bug in your mbedtls_hardware_poll implementation. It's receiving a buffer ent_buf with room for count BYTES, but you're filling it with count WORDS. You need to pass the exact number of bytes. In practice, unless the library is configured in a weird way, count will be a multiple of 4, which can make your code a bit simpler. -- Gilles Peskine Mbed TLS developer On 17/08/2020 19:16, Manu Abraham via mbed-tls wrote: > Greetings, > > I am new to the list, please do excuse me, in case of any list > specific etiquette issues. > > Trying to use a 1.6.1 release with a Cortex M7 port, specifically a STM32H7. > > After enabling MBEDTLS_ENTROPY_HARDWARE_ALT, did implement > mbedtls_hardware_poll() > > It looks thus, and it does appear to work from a hardware perspective: > > /** > * mbedtls_hardware_poll() > * Read random data from the Hardware RNG for entropy applications > */ > int mbedtls_hardware_poll(void *arg, > unsigned char *ent_buf, > size_t count, > size_t *ent_len) > { > register uint8_t i = 0; > uint32_t rand; > > if (!LL_RNG_IsEnabled(RNG)) > LL_RNG_Enable(RNG); /* Enable Random Number Generator */ > > for (i = 0; i < count; i++) { > while (!LL_RNG_IsActiveFlag_DRDY(RNG)) { } /* Wait for DRDY > flag to be raised */ > if ((LL_RNG_IsActiveFlag_CECS(RNG)) || > (LL_RNG_IsActiveFlag_SECS(RNG))) { /* Check error, if any */ > > /* Clock or Seed Error detected. Set Error */ > printf(" (%d) %s: Clock/Seed Error!\r\n", __LINE__, __FUNCTION__); > } > rand = LL_RNG_ReadRandData32(RNG); /* Read RNG data */ > memcpy(&(ent_buf[i * 4]), &rand, 4); /* *ent_len += 4 */ > } > LL_RNG_Disable(RNG); /* Stop random numbers generation */ > *ent_len = ((i + 1) * 4); > printf(" (%d) %s: Random Words: %d Word: %04d\r\n", > __LINE__, > __FUNCTION__, > count, > rand); > > return 0; > } > > The code which causes the problem is this, in my tls_init() > > int tls_init(void) > { > int ret; > > /* inspired by https://tls.mbed.org/kb/how-to/mbedtls-tutorial */ > const char *pers = "SYS-LWH7"; > > printf(" (%d) %s: Initializing\r\n", __LINE__, __FUNCTION__); > /* initialize descriptors */ > > mbedtls_ssl_init(&ssl); > printf(" (%d) %s: SSL initialize\r\n", __LINE__, __FUNCTION__); > > mbedtls_ssl_config_init(&conf); > printf(" (%d) %s: SSL Config initialized\r\n", __LINE__, __FUNCTION__); > > mbedtls_x509_crt_init(&cacert);work > printf(" (%d) %s: x509 CRT initialized\r\n", __LINE__, __FUNCTION__); > > mbedtls_ctr_drbg_init(&ctr_drbg); > printf(" (%d) %s: DRBG initialized\r\n", __LINE__, __FUNCTION__); > > mbedtls_entropy_init(&entropy); > printf(" (%d) %s: Entropy initialized\r\n", __LINE__, __FUNCTION__); > > > ret = mbedtls_ctr_drbg_seed(&ctr_drbg, > mbedtls_entropy_func, > &entropy, > (const unsigned char *) pers, > strlen(pers)); > if (ret) { > > LWIP_DEBUGF(MQTT_APP_DEBUG_TRACE, > ("failed !\n mbedtls_ctr_drbg_seed returned %d\n", > ret)); > > printf(" (%d) %s: DRBG seed failed, ret=%d\r\n", __LINE__, > __FUNCTION__, ret); > return -1; > } > printf(" (%d) %s: DRBG seed returned:%d\r\n", __LINE__, __FUNCTION__, ret); > > /** > * The transport type determines if we are using > * TLS (MBEDTLS_SSL_TRANSPORT_STREAM) or > * DTLS (MBEDTLS_SSL_TRANSPORT_DATAGRAM). > */ > ret = mbedtls_ssl_config_defaults(&conf, > MBEDTLS_SSL_IS_CLIENT, > MBEDTLS_SSL_TRANSPORT_STREAM, > MBEDTLS_SSL_PRESET_DEFAULT); > if (ret) { > LWIP_DEBUGF(MQTT_APP_DEBUG_TRACE, > ("failed !\n mbedtls_ssl_config_defaults returned %d\n\n", > ret)); > > printf("(%d) %s: SSL config defaults failed, ret=%d\r\n", > __LINE__, __FUNCTION__, ret); > return -1; > } > printf("(%d) %s: SSL config defaults returned:%d\r\n", __LINE__, > __FUNCTION__, ret); > > ret = mbedtls_x509_crt_parse(&cacert, > (const unsigned char *)test_ca_crt, > test_ca_crt_len); > if (ret) > printf(" (%d) %s: failed!\n mbedtls_x509_crt_parse returned > %d\r\n", __LINE__, __FUNCTION__, ret); > else > printf(" (%d) %s: mbedtls_x509_crt_parse returned %d\r\n", > __LINE__, __FUNCTION__, ret); > > mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); > mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); > > /** > * The library needs to know which random engine > * to use and which debug function to use as callback. > */ > mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); > mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); > mbedtls_ssl_setup(&ssl, &conf); > } > > > The output of which looks thus, in a serial terminal: > > (1217) print_dhcp_state: Try connect to Broker > (174) tls_init: Initializing > (178) tls_init: SSL initialize > (181) tls_init: SSL Config initialized > (184) tls_init: x509 CRT initialized > (187) tls_init: DRBG initialized > (190) tls_init: Entropy initialized > (1027) mbedtls_hardware_poll: Random Words: 128 Word: -558876895 > > > Any thoughts/ideas, what could be wrong ? > Any kind soul in here ? > > Thanks, > Manu

4 years, 7 months

1
0
0 0

Re: [mbed-tls] Failing CI tests, Generating coverage report

by Manuel Pegourie-Gonnard

Hi Gábor, Congrats on fixing the previous issues and getting Travis to pass. Unfortunately, the complete logs of the Jenkins part of the CI can only be accessed by Arm employees so far. We have plans to move to a fully-public CI system, but this won't happen before the second half of this year. In the meantime I'm afraid you'll have to ask a team member to get you the results. > continuous-integration/jenkins/pr-head — This commit cannot be built > continuous-integration/jenkins/pr-merge — This commit cannot be buil Note: this can be ignore, these are the results of the parent jobs that spawn the other jobs. > PR-4117-head TLS Testing — Failures: all_sh-ubuntu-16.04-test_m32_o1 all_sh-ubuntu-16.04-test_memory_buffer_allocator > PR-4117-merge TLS Testing — Failures: ABI-API-checking all_sh-ubuntu-16.04-test_memory_buffer_allocator Note: this is a partial list of failed components (truncated due to limits in the Github notifications API). Most of them as components of tests/scripts/all.sh - if you have access to a Linux/Unix machine with the proper dependencies, you can run them locally, for example here the first one would be tests/scripts/all.sh test_m32_o1, the second one tests/scripts/all.sh test_memory_buffer_allocator. Regarding your question about coverage: I _think_ it should work on Windows if you exclude ssl-opt.sh and compat.sh. As your work is related to X.509, excluding those SSL-related scripts should not affect coverage of the areas of interest. I'm not sure if lcov (the programs that turns gcov's raw data to human-readable form) works on Windows, I'm sure your favourite search engine will have more information than me about this 🙂 Note however that most of the development/testing tools are made with Linux in mind, so you might have an easier time running a Linux VM to use them. As a last resort, one of the reviewers of the PRs can measure coverage on their machine - that's something I often do for PRs adding features, especially when some form of parsing is involved. Thanks for paying attention to coverage, by the way, that's really appreciated! Best regards, Manuel. ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Gábor Tóth via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Sent: 11 February 2021 11:39 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] Failing CI tests, Generating coverage report Hello Guys! I have a branch that has been successfully built, but 4/10 tests are failing. Unfortunately I am not even able to read a log, because if I click on the details button I am redirected to a "This site can't be reached" page. Could you help me how to check the logs regarding the Jenkins CI builds? This is the pull request https://github.com/ARMmbed/mbedtls/pull/4117 These are the failing tests: continuous-integration/jenkins/pr-head — This commit cannot be built continuous-integration/jenkins/pr-merge — This commit cannot be buil PR-4117-head TLS Testing — Failures: all_sh-ubuntu-16.04-test_m32_o1 all_sh-ubuntu-16.04-test_memory_buffer_allocator PR-4117-merge TLS Testing — Failures: ABI-API-checking all_sh-ubuntu-16.04-test_memory_buffer_allocator I am also working on tests to cover the new functionality, but can not run coverage report. In the makefile of the base directory of mbedtls I have found this part: ifndef WINDOWS # note: for coverage testing, build with: # make CFLAGS='--coverage -g3 -O0' covtest: $(MAKE) check programs/test/selftest tests/compat.sh tests/ssl-opt.sh So am I right, that coverage check is only supported ot linux platform? Do I need to use that one or are there any solutions on windows? Thank you in advance! BR, Gábor

4 years, 7 months

2
2
0 0

Failing CI tests, Generating coverage report

by Gábor Tóth

Hello Guys! I have a branch that has been successfully built, but 4/10 tests are failing. Unfortunately I am not even able to read a log, because if I click on the details button I am redirected to a "This site can't be reached" page. Could you help me how to check the logs regarding the Jenkins CI builds? This is the pull request https://github.com/ARMmbed/mbedtls/pull/4117 These are the failing tests: *continuous-integration/jenkins/pr-head *— This commit cannot be built *continuous-integration/jenkins/pr-merge *— This commit cannot be buil *PR-4117-head TLS Testing *— Failures: all_sh-ubuntu-16.04-test_m32_o1 all_sh-ubuntu-16.04-test_memory_buffer_allocator *PR-4117-merge TLS Testing *— Failures: ABI-API-checking all_sh-ubuntu-16.04-test_memory_buffer_allocator I am also working on tests to cover the new functionality, but can not run coverage report. In the makefile of the base directory of mbedtls I have found this part: ifndef WINDOWS # note: for coverage testing, build with: # make CFLAGS='--coverage -g3 -O0' covtest: $(MAKE) check programs/test/selftest tests/compat.sh tests/ssl-opt.sh So am I right, that coverage check is only supported ot linux platform? Do I need to use that one or are there any solutions on windows? Thank you in advance! BR, Gábor

4 years, 7 months

1
0
0 0

Re: [mbed-tls] X509 V3 - AuthorityKeyId extraction (pull-4117)

by Gábor Tóth

Hello Gilles! Thank you for your helpful answer! Unfortunately this solution to find memory leakage problems is not working under windows (as I read), but fortunately I was able to locate the source and now my changes are green on the server. Thank you, again :) BR, Gábor Gilles Peskine via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> ezt írta (időpont: 2021. febr. 10., Sze, 12:03): > Hi Gábor, > > Thank you for contributing to Mbed TLS! > > For the memory leaks, compile with ASan(+UBSan): > export ASAN_OPTIONS='symbolize=1' > # also export ASAN_SYMBOLIZER_PATH=/path/to/llvm-symbolizer if it's not > found automatically > export ASAN_FLAGS='-O2 -fsanitize=address,undefined > -fno-sanitize-recover=all' > make CFLAGS="$ASAN_FLAGS" LDFLAGS="$ASAN_FLAGS" > > The SSL test scripts depend on precise versions of OpenSSL and GnuTLS. > Versions that are too old are missing some features and recent versions > have removed some features. Even some versions from Linux distributions > have removed obsolete algorithms that we're still testing. If you want > to pass all the tests on your machine, I recommend that you install them > from source. There's a list of the versions we use on our CI at > https://developer.trustedfirmware.org/w/mbed-tls/testing/ci/ . > > When you're debugging, it's useful to run a single test case or a small > number of test cases with ssl-opt -f 'regexp' . The logs are in > tests/o-cli-<number>.log and tests/o-srv-<number>.log . > > Hope this helps. > > -- > Gilles Peskine > Mbed TLS developer > > On 10/02/2021 10:17, Gábor Tóth via mbed-tls wrote: > > Hello Guys! > > > > I am working on an update of MBEDTLS that will support AuthorityKeyId > > and SubjetKeyId V3 extensions of X509. I have created a pull request, > > but I have not been able to solve the issues on Travis: > > https://github.com/ARMmbed/mbedtls/pull/4117 > > > > As I see the problems are: memory leakage and the failure of two tests > > suites. > > I tried to run these suites and a memory leakage check on my host > > machine, but the .sh scripts are just flashing once and disappearing > > in a few seconds after catching some kind of exception. > > > > I have Python2, Perl, Mingw64 (with gcc) installed and added to the > > Path. These commands are working: > > - make CC=gcc > > - make tests > > All the 87 tests pass. > > > > Tried running ssl-opt.sh without arguments and with "-m", but it exits > > after a few lines. > > > > Do you have any idea what I am missing? It would make the work much > > easier if I could run the testsuites reproducing the error and if I > > could find the memory leaks. > > > > Thank you in advance! > > > > BR, > > Gábor > > > > > -- > mbed-tls mailing list > mbed-tls(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls >

4 years, 7 months

1
0
0 0

Re: [mbed-tls] X509 V3 - AuthorityKeyId extraction (pull-4117)

by Gilles Peskine

Hi Gábor, Thank you for contributing to Mbed TLS! For the memory leaks, compile with ASan(+UBSan): export ASAN_OPTIONS='symbolize=1' # also export ASAN_SYMBOLIZER_PATH=/path/to/llvm-symbolizer if it's not found automatically export ASAN_FLAGS='-O2 -fsanitize=address,undefined -fno-sanitize-recover=all' make CFLAGS="$ASAN_FLAGS" LDFLAGS="$ASAN_FLAGS" The SSL test scripts depend on precise versions of OpenSSL and GnuTLS. Versions that are too old are missing some features and recent versions have removed some features. Even some versions from Linux distributions have removed obsolete algorithms that we're still testing. If you want to pass all the tests on your machine, I recommend that you install them from source. There's a list of the versions we use on our CI at https://developer.trustedfirmware.org/w/mbed-tls/testing/ci/ . When you're debugging, it's useful to run a single test case or a small number of test cases with ssl-opt -f 'regexp' . The logs are in tests/o-cli-<number>.log and tests/o-srv-<number>.log . Hope this helps. -- Gilles Peskine Mbed TLS developer On 10/02/2021 10:17, Gábor Tóth via mbed-tls wrote: > Hello Guys! > > I am working on an update of MBEDTLS that will support AuthorityKeyId > and SubjetKeyId V3 extensions of X509. I have created a pull request, > but I have not been able to solve the issues on Travis: > https://github.com/ARMmbed/mbedtls/pull/4117 > > As I see the problems are: memory leakage and the failure of two tests > suites. > I tried to run these suites and a memory leakage check on my host > machine, but the .sh scripts are just flashing once and disappearing > in a few seconds after catching some kind of exception. > > I have Python2, Perl, Mingw64 (with gcc) installed and added to the > Path. These commands are working: > - make CC=gcc > - make tests > All the 87 tests pass. > > Tried running ssl-opt.sh without arguments and with "-m", but it exits > after a few lines. > > Do you have any idea what I am missing? It would make the work much > easier if I could run the testsuites reproducing the error and if I > could find the memory leaks. > > Thank you in advance! > > BR, > Gábor >

4 years, 7 months

1
0
0 0

X509 V3 - AuthorityKeyId extraction (pull-4117)

by Gábor Tóth

Hello Guys! I am working on an update of MBEDTLS that will support AuthorityKeyId and SubjetKeyId V3 extensions of X509. I have created a pull request, but I have not been able to solve the issues on Travis: https://github.com/ARMmbed/mbedtls/pull/4117 As I see the problems are: memory leakage and the failure of two tests suites. I tried to run these suites and a memory leakage check on my host machine, but the .sh scripts are just flashing once and disappearing in a few seconds after catching some kind of exception. I have Python2, Perl, Mingw64 (with gcc) installed and added to the Path. These commands are working: - make CC=gcc - make tests All the 87 tests pass. Tried running ssl-opt.sh without arguments and with "-m", but it exits after a few lines. Do you have any idea what I am missing? It would make the work much easier if I could run the testsuites reproducing the error and if I could find the memory leaks. Thank you in advance! BR, Gábor

4 years, 7 months

1
0
0 0

mbedtls_rsa_private execution time on stm32f417

by Dmitry X

Hi, im using mbedtls 2.7.17 in my project on stm32f417 (168Mhz) with config similar to config-mini-tls1_1.h for server HTTPS support (Keil). mbedtls_rsa_private is executed ~19seconds on key_exchange phase on browser connection. I’m use default embedded test RSA ca, cert and pkey. Compilation with speed optimization and without not signaficantly reduces this time. Is it normal time of caclulation or something wrong with my platform? I’m expected about 1-2s, not 19..How can i reduce execution time as an expected? Thanks. #ifndef MBEDTLS_CONFIG_H #define MBEDTLS_CONFIG_H /* System support */ #define MBEDTLS_HAVE_ASM #define MBEDTLS_HAVE_TIME /* mbed TLS feature support */ #define MBEDTLS_CIPHER_MODE_CBC #define MBEDTLS_PKCS1_V15 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_SSL_PROTO_TLS1_1 /* mbed TLS modules */ #define MBEDTLS_AES_C #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_DES_C #define MBEDTLS_ENTROPY_C #define MBEDTLS_MD_C #define MBEDTLS_MD5_C //#define MBEDTLS_NET_C #define MBEDTLS_OID_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C #define MBEDTLS_RSA_C #define MBEDTLS_SHA1_C #define MBEDTLS_SHA256_C //#define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_SRV_C #define MBEDTLS_SSL_TLS_C #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_X509_USE_C /* For test certificates */ #define MBEDTLS_BASE64_C #define MBEDTLS_CERTS_C #define MBEDTLS_PEM_PARSE_C /* For testing with compat.sh */ //#define MBEDTLS_FS_IO #define MBEDTLS_NO_PLATFORM_ENTROPY #include "mbedtls/check_config.h" #endif /* MBEDTLS_CONFIG_H */ -- Dmitry X

4 years, 7 months

1
0
0 0

3.0 plans: remove the RSA key mutex

by Gilles Peskine

Hello, RSA key objects include a mutex. `mbedtls_rsa_private` locks the mutex because it caches some auxiliary values used for blinding in the key object. (`mbedtls_rsa_public` also locks the mutex but it seems pointless.) This allows applications to create a key (this must be done in a single-threaded way), then use that key concurrently. This feature has a number of downsides. From a high-level architectural perspective, the RSA module is a low-level part of the code dedicated to peforming calculations; managing concurrency is outside its scope. The presence of the mutex complicates the lifecycle of RSA contexts, leading to unmet expectations (https://github.com/ARMmbed/mbedtls/issues/2621) and bugs on certain platforms (https://github.com/ARMmbed/mbedtls/pull/4104). ECC contexts do not have a mutex, even though they would need one, so a multithreaded application that works with RSA keys can't easily be changed to ECC keys. As a consequence, I propose to remove mutexes from RSA keys in Mbed TLS 3.0. Applications that currently rely on the mutex should either migrate to the PSA API or wrap an RSA object (or a pk object, which would allow algorithm agility) in a mutex. This proposal is also recorded with more details at https://github.com/ARMmbed/mbedtls/issues/4124 . -- Gilles Peskine Mbed TLS developer

4 years, 7 months

1
0
0 0

Re: [mbed-tls] Use PKCS#11 and mbed TLS

by Gilles Peskine

Hi Frank, Support for HSM keys in Mbed TLS is a work in progress. The way it will work eventually is by plugging an HSM driver under the PSA crypto API, which supports both transparent and opaque keys. The TLS code can already use the PSA crypto API for some things, including client signature. Enable MBEDTLS_USE_PSA_CRYPTO, call mbedtls_pk_setup_opaque() to create a PK object for the key, and declare the key to the TLS code with mbedtls_ssl_conf_own_cert() as usual. To create the key, you will need to write a PKCS#11 secure element driver. ("Secure element" = "HSM" for this purpose.) I think it would make sense to have one in Mbed TLS, but I don't know when we might get around to writing one. There are two secure element driver interfaces in Mbed TLS right now: MBEDTLS_PSA_CRYPTO_SE_C (dynamic secure element interface) and MBEDTLS_PSA_CRYPTO_DRIVERS (unified driver interface). Both are still experimental: we can't guarantee API stability at this stage. MBEDTLS_PSA_CRYPTO_SE_C was the first proposal, and its development is currently frozen and may be abandonned, so I don't recommend investing any effort in it at the moment, but if you need something fast (e.g. for a demo/proof-of-concept), it's your best bet. MBEDTLS_PSA_CRYPTO_DRIVERS is the way of the future, but it's an active work in progress. If you're creating the key from your application, just call psa_generate_key. If the key was provisioned externally, it's unfortunately not so easy. With MBEDTLS_PSA_CRYPTO_SE_C, you can register a key that's already present in the secure element with mbedtls_psa_register_se_key(). The corresponding facility in the MBEDTLS_PSA_CRYPTO_DRIVERS interface is a "get_builtin_key" entry point, but this is not implemented yet. (There's a prototype at https://github.com/ARMmbed/mbedtls/pull/3822 but nobody is working on it. The specification is in docs/proposed/psa-driver-interface.md.) There's an example application with a MBEDTLS_PSA_CRYPTO_SE_C driver at https://github.com/ARMmbed/mbed-os-example-atecc608a . We don't have example code for MBEDTLS_PSA_CRYPTO_DRIVERS yet, or good documentation, or an easy-to-use build system — those are still a few months in the future. If you write a driver in the next few months, I recommend that you stay in touch with the Mbed TLS development team and follow the development branch of Mbed TLS closely, since it's a very active area of development at the moment. -- Gilles Peskine Mbed TLS developer On 06/02/2021 16:59, Frank Bergmann via mbed-tls wrote: > Hi, > > I want to use PKCS#11 with mbed TLS... > > - cross platform: Windows, mobile device (e.g. Android), *nix > - on *client* side > - to create keys (for certs) and store private keys in an HSM (could also be e.g. softhsm as fallback) > > How to "integrate" PKCS#11 with mbed TLS and achieve those requirements? > > > cheers, > Frank >

4 years, 7 months

1
0
0 0

Re: [mbed-tls] DTLS Mutual authentication

by Manuel Pegourie-Gonnard

Dear Farhad, Sure, the thing you need to do is to call mbedtls_ssl_conf_authmode( conf, MBEDTLS_SSL_VERIFY_REQUIRED ) where conf is the ssl_config of the server. For more details, see that function's documentation (in ssl.h). For an example, see the command-line option auth_mode in programs/ssl/ssl_server2.c. Hope this helps! Best regards, Manuel ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of saghili via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Sent: 05 February 2021 17:34 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] DTLS Mutual authentication Dear, I would like to have mutual authentication using dtls_client.c and dtls_server.c examples. In the current version of the example, the client does not send his own certificate and the server does not verify the certificate of the client. Could you please provide me the changes that I need to make in both dtls_client.c and dtls_server.c examples? Best regards, Farhad -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls

4 years, 7 months

1
0
0 0

Use PKCS#11 and mbed TLS

by Frank Bergmann

Hi, I want to use PKCS#11 with mbed TLS... - cross platform: Windows, mobile device (e.g. Android), *nix - on *client* side - to create keys (for certs) and store private keys in an HSM (could also be e.g. softhsm as fallback) How to "integrate" PKCS#11 with mbed TLS and achieve those requirements? cheers, Frank

4 years, 7 months

1
0
0 0

DTLS Mutual authentication

by saghili

Dear, I would like to have mutual authentication using dtls_client.c and dtls_server.c examples. In the current version of the example, the client does not send his own certificate and the server does not verify the certificate of the client. Could you please provide me the changes that I need to make in both dtls_client.c and dtls_server.c examples? Best regards, Farhad

4 years, 7 months

1
0
0 0

Re: [mbed-tls] [Mbed-tls-announce] Mbed TLS 3.0 plans

by Dave Rodgman

Hello, We've now created the branch to allow Mbed TLS 3.0 development to begin. Mbed TLS 3.0 development will take place on development_3.0 in the short term. Mbed TLS 2.x development will continue on development. We'll regularly merge changes to development into development_3.0 so that they stay aligned. At the point of the release of Mbed TLS 2.26, we will rename development to become mbedtls-2.26 and rename development_3.0 to become development, so that the focus for new work becomes the upcoming Mbed TLS 3.0 release. Regards, Dave Rodgman On 17/12/2020, 10:04, "Mbed-tls-announce on behalf of Dave Rodgman via Mbed-tls-announce" <mbed-tls-announce-bounces(a)lists.trustedfirmware.org on behalf of Mbed-tls-announce(a)lists.trustedfirmware.org> wrote: Hello, We are planning to release Mbed TLS 3.0 around June 2021, alongside an LTS release of Mbed TLS 2.x. Our major version numbers indicate API breaking changes, and this is no exception: Mbed TLS 3.0 will have changes that make it incompatible with 2.x (as an obvious example, functions that are deprecated in 2.x will be removed). In setting a near-term release date, we have chosen some key areas that we want to focus on for 3.0. Some other API-breaking items (i.e., those requiring significant design time) won't make the cut and we will hold those back for a future major version, in order to have time to get them right. The main focus for 3.0 will be reduction in API surface, and changes that are low-impact for almost everyone. Work towards 3.0 will start in late January, on the development branch which will contain a public work-in-progress view of Mbed TLS 3.0. Any work for 2.x in this timeframe will take place on a separate branch (provisionally named like "mbedtls-2.x"). During the 3.0 development period, bug fixes and security fixes will continue to be a priority, but we will have slightly less capacity for other features. While 3.0 is in development, any new features will by default be landed in 3.0 only, unless there is a strong case for back-porting to 2.x. The 2.x LTS branches will still be supported with bug fixes and security fixes for the normal three year lifetime (i.e., the final LTS release of 2.x in mid-2021 will be supported until mid-2024). In terms of content, we are taking a cautious approach to what we plan for 3.0. In the past we've been ambitious here and as a result, have slipped on the release date; by being cautious on feature set we can be confident about hitting the mid-year release date. We won't try to make all of the changes that would be nice-to-have; instead, we will focus on tasks that reduce maintenance, unlock other improvements in a 3.x timeframe, are still valuable if only partially completed, and can fit within this time frame. Currently we're looking at the following areas for 3.0: * Reduce the public surface of the API * Clean-up existing APIs * Changes to default options Regards Dave Rodgman -- Mbed-tls-announce mailing list Mbed-tls-announce(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls-announce

4 years, 7 months

1
0
0 0

Re: [mbed-tls] mbed-tls Digest, Vol 11, Issue 7 ENTROPY_SOURCE_FAILED :0x0034

by T V LIJIN (EXT)

Hi, As suggested by @Gilles Peskine , I did try enabling MBEDTLS_ENTROPY_FORCE_SHA256 , but even after enabling this mbedtls_ctr_drbg_seed was still returning 0X0034 (MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED ), please note that I'm using NVRAM for Seeding. I'm attaching my config.h file along with this mail for you reference. PFA -----Original Message----- From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> On Behalf Of mbed-tls-request(a)lists.trustedfirmware.org Sent: Thursday, January 28, 2021 1:19 AM To: mbed-tls(a)lists.trustedfirmware.org Subject: mbed-tls Digest, Vol 11, Issue 7 This message is from an external sender. Be cautious, especially with links and attachments. Send mbed-tls mailing list submissions to mbed-tls(a)lists.trustedfirmware.org To subscribe or unsubscribe via the World Wide Web, visit https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… or, via email, send a message with subject or body 'help' to mbed-tls-request(a)lists.trustedfirmware.org You can reach the person managing the list at mbed-tls-owner(a)lists.trustedfirmware.org When replying, please edit your Subject line so it is more specific than "Re: Contents of mbed-tls digest..." Today's Topics: 1. Re: ENTROPY_SOURCE_FAILED :0x0034 (Gilles Peskine) 2. Re: Reduce mbedTLS memory and storage footprint (Gilles Peskine) ---------------------------------------------------------------------- Message: 1 Date: Wed, 27 Jan 2021 20:36:18 +0100 From: Gilles Peskine <gilles.peskine(a)arm.com> To: mbed-tls(a)lists.trustedfirmware.org Subject: Re: [mbed-tls] ENTROPY_SOURCE_FAILED :0x0034 Message-ID: <9fcd3d55-ad54-05cf-63f9-7f3d09f3ee0d(a)arm.com> Content-Type: text/plain; charset=windows-1252 Hello, The entropy module uses a hash to mix the entropy. It uses SHA-512 if present and SHA-256 otherwise. Depending on the hash function, the entropy module can return either up to 64 bytes (SHA-512) or 32 bytes (SHA-256). The CTR_DRBG module knows about this and requests only 32 bytes at a time if the entropy module only delivers 32 bytes at a time. It looks like something goes wrong when CTR_DRBG tries to request 64 bytes. This could be, for example, because a buffer is too small somewhere, or because of a limitation of the entropy source. You would need to debug the call to mbedtls_entropy_func to know more. As a workaround, you can enable MBEDTLS_ENTROPY_FORCE_SHA256. Then the entropy module will use SHA-256 (even if MBEDTLS_SHA512_C is enabled) and only return 32 bytes at a time, and CTR_DRBG understands this and will only request 32 bytes. -- Gilles Peskine Mbed TLS developer On 27/01/2021 06:08, T V LIJIN (EXT) via mbed-tls wrote: > Hi, > After enabling *MBEDTLS_NO_PLATFORM_ENTROPY* and*MBEDTLS_SHA512_C* , > /mbedtls_ctr_drbg_seed/ is returning *0x0034 > */(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED)/ > But if I just enable *MBEDTLS_NO_PLATFORM_ENTROPY* and keep > *MBEDTLS_SHA512_C* disabled, it does not return any error for > /mbedtls_ctr_drbg_seed./ / / My project uses certificates with SHA384 > signature, so it requires***MBEDTLS_SHA512_C *to be enabled. > /*MBEDTLS_NO_PLATFORM_ENTROPY* and*MBEDTLS_SHA512_C* /both needs to be > enabled in my project , but Iam facing issue with > mbedtls_ctr_drbg_seed returning 0x0034. Please guide me on this. What > might be the reason for mbedtls_ctr_drbg_seed to fail while > enabling/////*MBEDTLS_SHA512_C.*///// > How to overcome this issue? > > > Thanks, > LIJIN T V > ------------------------------ Message: 2 Date: Wed, 27 Jan 2021 20:48:27 +0100 From: Gilles Peskine <gilles.peskine(a)arm.com> To: mbed-tls(a)lists.trustedfirmware.org Subject: Re: [mbed-tls] Reduce mbedTLS memory and storage footprint Message-ID: <b59f3e91-ae60-fae6-5fca-402894b0a890(a)arm.com> Content-Type: text/plain; charset=windows-1252 Hello, The most important thing is to make sure you've disabled all the features you don't need in config.h. The default configuration enables most cryptographic mechanisms, but typical constrained systems usually only need a few. If your toolchain supports it, use link-time optimization (e.g. gcc -Os -flto or clang -Oz -flto). I've seen that this makes a significant improvement for Mbed TLS (I got -30% on one build, obviously the numbers depend heavily on the configuration and the compiler). (In contrast LTO when optimizing for performance doesn't seem to improve anything.) MBEDTLS_MPI_WINDOW_SIZE, MBEDTLS_MPI_MAX_SIZE and MBEDTLS_ECP_MAX_BITS only impact memory usage (stack and heap), not code size. -- Gilles Peskine Mbed TLS developer On 27/01/2021 05:36, T V LIJIN (EXT) via mbed-tls wrote: > Hi, > I'm trying to optimize the size of my binary file by making the > following changes in "*mbedtls/config.h*" > > #define MBEDTLS_MPI_WINDOW_SIZE 1 > #define MBEDTLS_MPI_MAX_SIZE 32 > #define MBEDTLS_ECP_MAX_BITS 256 > #define MBEDTLS_SHA256_SMALLER > > Even after making the above changes I couldn't see any change in the > binary size. > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls. > mbed.org%2Fkb%2Fhow-to%2Freduce-mbedtls-memory-and-storage-footprint&a > mp;data=04%7C01%7Clijin.tv%40kone.com%7C1a138332ca084342827b08d8c2fc9d > b9%7C2bb82c642eb143f78862fdc1d2333b50%7C0%7C0%7C637473737538267015%7CU > nknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1ha > WwiLCJXVCI6Mn0%3D%7C1000&sdata=ql17fsSC0eX7Hq5ofrsWAe%2BEenOc2piLq > 4jBix%2Bjr20%3D&reserved=0 > - This is the link I referred to follow the above-mentioned steps. > Is there anything else I can try to reduce my final binary file size > (ROM size) ? > > > Thanks, > LIJIN T V > ------------------------------ Subject: Digest Footer mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… ------------------------------ End of mbed-tls Digest, Vol 11, Issue 7 ***************************************

4 years, 7 months

1
0
0 0

Re: [mbed-tls] Reduce mbedTLS memory and storage footprint

by Gilles Peskine

Hello, The most important thing is to make sure you've disabled all the features you don't need in config.h. The default configuration enables most cryptographic mechanisms, but typical constrained systems usually only need a few. If your toolchain supports it, use link-time optimization (e.g. gcc -Os -flto or clang -Oz -flto). I've seen that this makes a significant improvement for Mbed TLS (I got -30% on one build, obviously the numbers depend heavily on the configuration and the compiler). (In contrast LTO when optimizing for performance doesn't seem to improve anything.) MBEDTLS_MPI_WINDOW_SIZE, MBEDTLS_MPI_MAX_SIZE and MBEDTLS_ECP_MAX_BITS only impact memory usage (stack and heap), not code size. -- Gilles Peskine Mbed TLS developer On 27/01/2021 05:36, T V LIJIN (EXT) via mbed-tls wrote: > Hi, > I'm trying to optimize the size of my binary file by making the > following changes in "*mbedtls/config.h*" > > #define MBEDTLS_MPI_WINDOW_SIZE 1 > #define MBEDTLS_MPI_MAX_SIZE 32 > #define MBEDTLS_ECP_MAX_BITS 256 > #define MBEDTLS_SHA256_SMALLER > > Even after making the above changes I couldn't see any change in the > binary size. > https://tls.mbed.org/kb/how-to/reduce-mbedtls-memory-and-storage-footprint > - This is the link I referred to follow the above-mentioned steps. > Is there anything else I can try to reduce my final binary file size > (ROM size) ? > > > Thanks, > LIJIN T V >

4 years, 7 months

1
0
0 0

Re: [mbed-tls] ENTROPY_SOURCE_FAILED :0x0034

by Gilles Peskine

Hello, The entropy module uses a hash to mix the entropy. It uses SHA-512 if present and SHA-256 otherwise. Depending on the hash function, the entropy module can return either up to 64 bytes (SHA-512) or 32 bytes (SHA-256). The CTR_DRBG module knows about this and requests only 32 bytes at a time if the entropy module only delivers 32 bytes at a time. It looks like something goes wrong when CTR_DRBG tries to request 64 bytes. This could be, for example, because a buffer is too small somewhere, or because of a limitation of the entropy source. You would need to debug the call to mbedtls_entropy_func to know more. As a workaround, you can enable MBEDTLS_ENTROPY_FORCE_SHA256. Then the entropy module will use SHA-256 (even if MBEDTLS_SHA512_C is enabled) and only return 32 bytes at a time, and CTR_DRBG understands this and will only request 32 bytes. -- Gilles Peskine Mbed TLS developer On 27/01/2021 06:08, T V LIJIN (EXT) via mbed-tls wrote: > Hi, > After enabling *MBEDTLS_NO_PLATFORM_ENTROPY* and*MBEDTLS_SHA512_C* , > /mbedtls_ctr_drbg_seed/ is returning *0x0034 > */(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED)/ > But if I just enable *MBEDTLS_NO_PLATFORM_ENTROPY* and keep > *MBEDTLS_SHA512_C* disabled, it does not return any error for > /mbedtls_ctr_drbg_seed./ > / > / > My project uses certificates with SHA384 signature, so it > requires***MBEDTLS_SHA512_C *to be enabled. > /*MBEDTLS_NO_PLATFORM_ENTROPY* and*MBEDTLS_SHA512_C* /both needs to be > enabled in my project , but Iam facing issue with > mbedtls_ctr_drbg_seed returning 0x0034. Please guide me on this. What > might be the reason for mbedtls_ctr_drbg_seed to fail while > enabling/////*MBEDTLS_SHA512_C.*///// > How to overcome this issue? > > > Thanks, > LIJIN T V >

4 years, 7 months

1
0
0 0

ENTROPY_SOURCE_FAILED :0x0034

by T V LIJIN (EXT)

Hi, After enabling MBEDTLS_NO_PLATFORM_ENTROPY and MBEDTLS_SHA512_C , mbedtls_ctr_drbg_seed is returning 0x0034 (MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) But if I just enable MBEDTLS_NO_PLATFORM_ENTROPY and keep MBEDTLS_SHA512_C disabled, it does not return any error for mbedtls_ctr_drbg_seed. My project uses certificates with SHA384 signature, so it requires MBEDTLS_SHA512_C to be enabled. MBEDTLS_NO_PLATFORM_ENTROPY and MBEDTLS_SHA512_C both needs to be enabled in my project , but Iam facing issue with mbedtls_ctr_drbg_seed returning 0x0034. Please guide me on this. What might be the reason for mbedtls_ctr_drbg_seed to fail while enabling MBEDTLS_SHA512_C. How to overcome this issue? Thanks, LIJIN T V

4 years, 7 months

1
1
0 0

Reduce mbedTLS memory and storage footprint

by T V LIJIN (EXT)

Hi, I'm trying to optimize the size of my binary file by making the following changes in "mbedtls/config.h" #define MBEDTLS_MPI_WINDOW_SIZE 1 #define MBEDTLS_MPI_MAX_SIZE 32 #define MBEDTLS_ECP_MAX_BITS 256 #define MBEDTLS_SHA256_SMALLER Even after making the above changes I couldn't see any change in the binary size. https://tls.mbed.org/kb/how-to/reduce-mbedtls-memory-and-storage-footprint - This is the link I referred to follow the above-mentioned steps. Is there anything else I can try to reduce my final binary file size (ROM size) ? Thanks, LIJIN T V

4 years, 7 months

1
0
0 0

Devices acting as Both Client and Server

by saghili

Dear, In our project, our device should act as both client and server. Is it possible for both TLS and DTLS? If yes, how about the certificate? Do we need only 2 certs for this divice (one for the server role and one for the client role)? Best regards, Farhad

4 years, 7 months

1
0
0 0

Re: [mbed-tls] PKCS#7

by Gilles Peskine

Hello, There is work in progress by community members to implement PKCS#7 SignedData parsing and generation. https://github.com/ARMmbed/mbedtls/pull/3970 https://github.com/ARMmbed/mbedtls/pull/3431 Arm has no particular plans in this area, but if you need other parts of PKCS#7, we'd be happy to accept more contributions. We'll can't commit to doing any development, but we'll assist with submissions and review code as usual. -- Gilles Peskine Mbed TLS developer On 13/01/2021 07:31, Subramanian Gopi Krishnan via mbed-tls wrote: > > Hi, > > > > Is there a plan to support PKCS#7 Certificate in > future? We are work with rfc7030 service, which issues certificate in > PKCS#7 format. > > > > Thanks, > > Gopi Krishnan > >

4 years, 8 months

1
0
0 0

PKCS#7

by Subramanian Gopi Krishnan

Hi, Is there a plan to support PKCS#7 Certificate in future? We are work with rfc7030 service, which issues certificate in PKCS#7 format. Thanks, Gopi Krishnan

4 years, 8 months

1
0
0 0

Mbed TLS 2.7 end of support

by Dave Rodgman

This is a notice that Mbed TLS 2.7 will no longer be supported or maintained after February 5th 2021. Mbed TLS 2.7.0 was released on February 5th 2018 with a three year support period. The current version of Mbed TLS 2.7 is 2.7.18, which was released on December 11th 2020. There are no pending bug or security fixes, so unless new issues arise during the next month, there will not be another release of 2.7. We do not plan to merge any non-critical backports to 2.7 in the next month. We recommend that where practical, users upgrade to either 2.16, which will be supported until the end of 2021, or to the development branch, which will be released as an LTS in mid 2021, with an expected support period until mid 2024. Dave Rodgman

4 years, 8 months

1
0
0 0

Add support to delegate cert verification to application

by Junqi Wang

Hi, Hanno suggested me to post our discussion here: We use mbedtls in Facebook family apps. One of missing features is the ability to delegate cert verification to application. Hanno has pointed us to a similar ask in https://github.com/ARMmbed/mbedtls/pull/2091 We implemented cert verification process in Android/java and iOS/objective-C. Having this feature enables us to use the OS module for cert verification. The motivation is reduced maintenance cost. Some mobile APPs use OS TLS stack (rather than bundle mbedtls or openssl in the binary), so we have to maintain our OS-specific cert verification modules anyways. It’ll be ideal if we only keep the Android and iOS implementations as source of truth. Any thoughts on supporting this? Thanks, Junqi

4 years, 8 months

1
0
0 0

DTLS Connection-ID update - potential issue for large-scale deployments

by Manuel Pegourie-Gonnard

Hi all, Back in June 2019, we added support for the experimental DTLS Connection ID extension in Mbed TLS 2.18.0. This extension makes it possible to keep a connection alive even when the client's connectivity changes (eg new IP address). Since this was based on a draft rather than an established standard, it is disabled in the default config, and the option to enable it comes with a warning about us not being able to make any stability promises. As it turns out, a couple of months ago an extension number was assigned by IANA for this extension, which is different from the one we picked up when implementing the draft, so we'll have to change that in a future version of Mbed TLS. This change is trivial to do but would break compatibility in the following sense: and old client and a new server (or a new client and a new server) would no longer be able to negotiate this extension; only old-old and new-new would work. (Thanks to Achim Kraus for bringing that to our attention by the way: https://github.com/ARMmbed/mbedtls/issues/3892 ) One obvious solution to that issue would be to make sure all users upgrade all the clients and the servers at the same time. This can probably be managed in a development/testing environment as well as some tightly controlled production environments, but is probably less suitable for large-scale deployments where clients and servers might not even be manged by the same party. So, before we plan this changed, we'll like to know if anyone already has a production deployment relying on Connection ID where updating all the clients and servers at the same time would not be an option. If that is the case, we may consider implementing a compatibility mode that would allow a server to negotiate use of the extension with both old and new clients. However, such compatibility code would be non-standard and a testing burden (not to mention, significantly more work that just updating the relevant #define), so that's something we'd like to avoid doing unless we know that there is an actual need for it. Please let us know what you think by replying to this email either on-list, or privately if you'd rather not share deployment information publicly (in that case, please mention it explicitly so that we know you didn't just forget to Cc the list). Thanks, Manuel

4 years, 8 months

1
0
0 0

Re: [mbed-tls] MBEDTLS issue I found

by Manuel Pegourie-Gonnard

Dear Xiao Nian Jun, Thanks for your response! Knowing the practical impact of the issue will help us prioritize it. Best regards, Manuel ________________________________ From: Xiao, Nian Jun <nianjun.xiao(a)siemens.com> Sent: 29 December 2020 02:43 To: Manuel Pegourie-Gonnard <Manuel.Pegourie-Gonnard(a)arm.com> Cc: He, Shu Shan <shushan.he(a)siemens.com>; Xia, Juan <juan.xia(a)siemens.com> Subject: RE: MBEDTLS issue I found Dear Manuel, Really appreciate for your quick and detail feedback. We think this is more like an interoperability issue, we found this issue during we developing webserver feature using MBEDTLS. Google Chrome treat such certificate as invalid. Follow below steps will reproduce this issue. 1. Generate a self-signed root certificate with ECC256 key.(using genKey and certWrite program of MBEDTLS) 2. Using above root certificate to sign a device certificate which also using ECC256 as its private key. (using genKey and certWrite program of MBEDTLS) 3. Install root certificate so Chrome can see it. 4. using Nginx or some other opensource web server, modify its configuration so it will use the device certificate and corresponding private key as the ciphers to setup TLS communication. 5. Open Chrome and visit default Nginx web page(or some other web server tools’ default web page), you can see Chrome won’t let user to continue because it treat the device certificate as invalid. 6. According to our test, Chrome has this issue, fire fox, IE, etc. doesn’t have this issue. 7. If I modify function mbedtls_asn1_write_algorithm_identifier like I said yesterday, Chrome will accept it and other browser also will accept it, happy life back again. Have a good day and looking for your feedback again! B.R. Xiao Nian Jun. From: Manuel Pegourie-Gonnard <Manuel.Pegourie-Gonnard(a)arm.com> Sent: Monday, December 28, 2020 9:23 PM To: mbed-tls(a)lists.trustedfirmware.org; Xiao, Nian Jun (RC-CN DI FA BL CTR-SL PRC2) <nianjun.xiao(a)siemens.com> Cc: He, Shu Shan (RC-CN DI FA BL CTR-SL PRC2) <shushan.he(a)siemens.com> Subject: Re: MBEDTLS issue I found Dear Xiao Nian Jun, Thanks for your kind words and for reporting this issue you found. I checked RFC 7427 and indeed while parameters must be present and NULL for all RSA algorithms, appendix A.3 is clear that they must be absent for ECDSA. Since RFC 7427 is about IKEv2 rather than about X.509 certificates, I also checked RFC 5480 (updating RFC 3279 which defines the X.509 profile used by the IETF), and it concurs: for ECDSA, parameters are absent (appendix A). Our behaviour is not conformant, and this should be fixed. Just to help us evaluate the severity of the issue, I'd like to know if this is something you found by inspecting the generated certificate yourself, or if it caused the generate certificate to be rejected by some other X.509 implementation or verification tool. Said otherwise, is this only a compliance issue, or also an interoperability issue? Regarding your fix, I think it works as long as you are only generating ECC-signed X.509 certificates, but as you suggest, I'm afraid it only fixes the problem by creating another one: it would suppress the NULL parameters for RSA as well, but unfortunately, they're mandatory there (I wish the standards were more consistent). So, we'll probably have to do something similar, but only for ECDSA. I was going to create a ticket for that in our bug tracker when I noticed we already have a ticket tracking that: https://github.com/ARMmbed/mbedtls/issues/2924 - Ill add a link to your message in the ticket. Thanks again for your report. Best regards, Manuel ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org<mailto:mbed-tls-bounces@lists.trustedfirmware.org>> on behalf of Xiao, Nian Jun via mbed-tls <mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org>> Sent: 28 December 2020 03:24 To: mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org> <mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org>> Cc: He, Shu Shan <shushan.he(a)siemens.com<mailto:shushan.he@siemens.com>> Subject: [mbed-tls] MBEDTLS issue I found Dear MBEDTLS team, I’m a developer at SIEMENS, my name is Xiao Nian Jun. Please accept my sincere gratitude for your excellent work and to spend extra time to read my email. We are using MBEDTLS to generate ECC key and certificates, we found an issue regarding algorithm identifier in the final ASN.1 certificate. For certificate signed by ECC key, the algorithm identifier is “NULL” which doesn’t conforms to RFC7427 specification. [cid:image001.png@01D6DDC1.DCE8CFC0] You can see the “NULL” string in the certificate, Chrome will treat this kind of certificate as invalid. This issue has blocked us for a while, and after some investigation, we found an easy fix –- probably immature fix --- to make it works right--- we just commented out this line of code “MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_null( p, start ) )" in function mbedtls_asn1_write_algorithm_identifier. To be honesty, we’ve been using MBEDTLS for very short time, probably this is not an issue, probably our fix will end up break up something…currently, it’s just looks correct. Please check if my fix works or not, if not, please do not hesitate to correct me. B.R. Xiao Nian Jun.

4 years, 8 months

2
1
0 0

Re: [mbed-tls] MBEDTLS issue I found

by Manuel Pegourie-Gonnard

Dear Xiao Nian Jun, Thanks for your kind words and for reporting this issue you found. I checked RFC 7427 and indeed while parameters must be present and NULL for all RSA algorithms, appendix A.3 is clear that they must be absent for ECDSA. Since RFC 7427 is about IKEv2 rather than about X.509 certificates, I also checked RFC 5480 (updating RFC 3279 which defines the X.509 profile used by the IETF), and it concurs: for ECDSA, parameters are absent (appendix A). Our behaviour is not conformant, and this should be fixed. Just to help us evaluate the severity of the issue, I'd like to know if this is something you found by inspecting the generated certificate yourself, or if it caused the generate certificate to be rejected by some other X.509 implementation or verification tool. Said otherwise, is this only a compliance issue, or also an interoperability issue? Regarding your fix, I think it works as long as you are only generating ECC-signed X.509 certificates, but as you suggest, I'm afraid it only fixes the problem by creating another one: it would suppress the NULL parameters for RSA as well, but unfortunately, they're mandatory there (I wish the standards were more consistent). So, we'll probably have to do something similar, but only for ECDSA. I was going to create a ticket for that in our bug tracker when I noticed we already have a ticket tracking that: https://github.com/ARMmbed/mbedtls/issues/2924 - Ill add a link to your message in the ticket. Thanks again for your report. Best regards, Manuel ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Xiao, Nian Jun via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Sent: 28 December 2020 03:24 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Cc: He, Shu Shan <shushan.he(a)siemens.com> Subject: [mbed-tls] MBEDTLS issue I found Dear MBEDTLS team, I’m a developer at SIEMENS, my name is Xiao Nian Jun. Please accept my sincere gratitude for your excellent work and to spend extra time to read my email. We are using MBEDTLS to generate ECC key and certificates, we found an issue regarding algorithm identifier in the final ASN.1 certificate. For certificate signed by ECC key, the algorithm identifier is “NULL” which doesn’t conforms to RFC7427 specification. [cid:image001.png@01D6DD01.C51C7290] You can see the “NULL” string in the certificate, Chrome will treat this kind of certificate as invalid. This issue has blocked us for a while, and after some investigation, we found an easy fix –- probably immature fix --- to make it works right--- we just commented out this line of code “MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_null( p, start ) )" in function mbedtls_asn1_write_algorithm_identifier. To be honesty, we’ve been using MBEDTLS for very short time, probably this is not an issue, probably our fix will end up break up something…currently, it’s just looks correct. Please check if my fix works or not, if not, please do not hesitate to correct me. B.R. Xiao Nian Jun.

4 years, 8 months

1
0
0 0

MBEDTLS issue I found

by Xiao, Nian Jun

Dear MBEDTLS team, I’m a developer at SIEMENS, my name is Xiao Nian Jun. Please accept my sincere gratitude for your excellent work and to spend extra time to read my email. We are using MBEDTLS to generate ECC key and certificates, we found an issue regarding algorithm identifier in the final ASN.1 certificate. For certificate signed by ECC key, the algorithm identifier is “NULL” which doesn’t conforms to RFC7427 specification. [cid:image001.png@01D6DD01.C51C7290] You can see the “NULL” string in the certificate, Chrome will treat this kind of certificate as invalid. This issue has blocked us for a while, and after some investigation, we found an easy fix –- probably immature fix --- to make it works right--- we just commented out this line of code “MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_null( p, start ) )" in function mbedtls_asn1_write_algorithm_identifier. To be honesty, we’ve been using MBEDTLS for very short time, probably this is not an issue, probably our fix will end up break up something…currently, it’s just looks correct. Please check if my fix works or not, if not, please do not hesitate to correct me. B.R. Xiao Nian Jun.

4 years, 8 months

1
0
0 0

Mbed TLS 3.0 plans

by Dave Rodgman

Hello, We are planning to release Mbed TLS 3.0 around June 2021, alongside an LTS release of Mbed TLS 2.x. Our major version numbers indicate API breaking changes, and this is no exception: Mbed TLS 3.0 will have changes that make it incompatible with 2.x (as an obvious example, functions that are deprecated in 2.x will be removed). In setting a near-term release date, we have chosen some key areas that we want to focus on for 3.0. Some other API-breaking items (i.e., those requiring significant design time) won't make the cut and we will hold those back for a future major version, in order to have time to get them right. The main focus for 3.0 will be reduction in API surface, and changes that are low-impact for almost everyone. Work towards 3.0 will start in late January, on the development branch which will contain a public work-in-progress view of Mbed TLS 3.0. Any work for 2.x in this timeframe will take place on a separate branch (provisionally named like "mbedtls-2.x"). During the 3.0 development period, bug fixes and security fixes will continue to be a priority, but we will have slightly less capacity for other features. While 3.0 is in development, any new features will by default be landed in 3.0 only, unless there is a strong case for back-porting to 2.x. The 2.x LTS branches will still be supported with bug fixes and security fixes for the normal three year lifetime (i.e., the final LTS release of 2.x in mid-2021 will be supported until mid-2024). In terms of content, we are taking a cautious approach to what we plan for 3.0. In the past we've been ambitious here and as a result, have slipped on the release date; by being cautious on feature set we can be confident about hitting the mid-year release date. We won't try to make all of the changes that would be nice-to-have; instead, we will focus on tasks that reduce maintenance, unlock other improvements in a 3.x timeframe, are still valuable if only partially completed, and can fit within this time frame. Currently we're looking at the following areas for 3.0: * Reduce the public surface of the API * Clean-up existing APIs * Changes to default options Regards Dave Rodgman

4 years, 8 months

1
0
0 0

Re: [mbed-tls] "Reordering" in DTLS

by Manuel Pegourie-Gonnard

Hi Farhad, I think for this question as well as the "packets lost" question, it's important to distinguish two phases of a DTLS connection: initially there's a handshake (to negotiate and establish security parameters and session keys), and then application data can be exchanged. Application data is what's passed to `mbedtls_ssl_write()` or written by `mbedtls_ssl_read()` (depending on whether you're the sender or receiver) - this can only happen once the handshake is completed. During the handshake, there are indeed mechanisms to re-order packets that were received out of order and also retransmit packets that were lost. But that's only during the handshake (because it's a lockstep process where everything needs to happen in order), and only for data that's purely internal to the DTLS protocol and never seen by the application. Once the handshake is completed and application data starts to be exchanged, there is no longer any kind of re-ordering or retransmission mechanism. The reason is, as you guessed, DTLS aims to provide similar properties to UDP - with cryptographic security in addition. So, if you send something with `mbedtls_ssl_write()` and the record gets lost, the DTLS protocol won't even know about it, and no retransmission will happen. If record N+1 arrives before record N, the DTLS protocol will know but do nothing, and just deliver the records in the order they arrived. Again, as you said, doing otherwise would introduce latency and be contrary to the goals of DTLS - people who want reliability at the expense of latency should use TLS. The main exception to that principle that you can expect DTLS to behave like UDP is duplicated records: the DTLS protocol provide optional replay protection (that is, if record N arrives twice, the second occurrence is dropped). In Mbed TLS, this mechanism is enabled by default but can be disabled at compile-time by not defining MBEDTLS_SSL_DTLS_ANTI_REPLAY in config.h, or at runtime by calling mbedtls_ssl_conf_dtls_anti_replay(). I hope this answers your questions. Regards, Manuel. ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of saghili via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Sent: 10 December 2020 18:31 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] "Reordering" in DTLS Hello, I have a question about DTLS. One thing that is not entirely clear to me from the RFC is this: suppose 2 records are received within a "short" period, e.g. seq# N+1 followed by seq# N. In this case, what does DTLS do? My understanding is that it will pass on packets in the order it was received (i.e. out of order). But it can (should?) re-order at the DTLS layer and pass them on to the upper layer in the right order. HOWEVER, this implies that the DTLS "wait" for a certain window to see if the seq#=N packet arrives or not. But doing so introduces additional delay at DTLS layer and also contradicts with the UDP principle (i.e. no concept of order). Could you please give me a hint regarding this issue? Best regards, Farhad -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls

4 years, 9 months

2
2
0 0

[Mbed-tls-announce] Mbed TLS: Release of Mbed TLS 2.25.0, 2.16.9 and 2.7.18

by Janos Follath via Mbed-tls-announce

Mbed TLS versions 2.25.0, 2.16.9 and 2.7.18 have just been released. These releases of Mbed TLS address several security issues, provide bug fixes, and bring other minor changes. Full details are available in the release notes (https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0, https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9, https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.18 ). We recommend all users to consider whether they are impacted, and to upgrade appropriately. -- Mbed-tls-announce mailing list Mbed-tls-announce(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls-announce

4 years, 9 months

1
0
0 0

"Reordering" in DTLS

by saghili

Hello, I have a question about DTLS. One thing that is not entirely clear to me from the RFC is this: suppose 2 records are received within a "short" period, e.g. seq# N+1 followed by seq# N. In this case, what does DTLS do? My understanding is that it will pass on packets in the order it was received (i.e. out of order). But it can (should?) re-order at the DTLS layer and pass them on to the upper layer in the right order. HOWEVER, this implies that the DTLS "wait" for a certain window to see if the seq#=N packet arrives or not. But doing so introduces additional delay at DTLS layer and also contradicts with the UDP principle (i.e. no concept of order). Could you please give me a hint regarding this issue? Best regards, Farhad

4 years, 9 months

1
0
0 0

"packets lost" in DTLS in "Record" layer

by saghili

Hello, I have a question about DTLS. Because of the latency, I need to disable the "packets lost" feature. Does MbedTLS provide the flag that we can disable resending the packet in case of the packet lost? For instance, if I have 3 packets 42, 43, and 44, is it possible to decrypt packet 44 without receiving packets 42 and 43? It will be in the "Record" layer. Thank you. Best regards, Farhad

4 years, 9 months

1
0
0 0

Re: [mbed-tls] mbedtls undefined behaviour

by Сысоев Андрей

Thank you for quick response. > Are you using blocking or non-blocking I/O? Non-blocking IO I've preset bio_send/recv callbacks I have pair of buffers, transport buffer and application buffer, for reading and writing (4 buffers total). Application buffers are protected by mutexes. Transport buffers are written/read in bio_send/recv (if no async op pending, otherwise WANT_READ/WRITE). mbedtls_ssl_xxx work with application buffers. > Are you using TLS or DTLS? What protocol version, what cipher suite and what extensions are negotiated? TLS (over tcp, no lossy channel involved) version 1.2 > Does your application call mbedtls_ssl_write() and mbedtls_ssl_read() again with the same buffer if they return MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE? Well, actually, no. AND it's quite possible, that application outgoing buffer (std::vector) has been relocated between mbedtls_ssl_write calls, because app could push data several times while async op was pending and bio_send returned WANT_WRITE, causing these buffers to resize. So buf.data() will not be equal to that from previous mbedtls_ssl_write call. Is this what causes trouble? It's somehow connected to partial sends? I do call ssl_write inside while-loop, counting sent and unsent bytes - thought this was enough. But if mbedtls somehow remembers addresses from previos calls - that might cause problems. > Do you close the TLS connection if mbedtls_ssl_xxx() returns an error other than WANT_XXX (or XXX_IN_PROGRESS if you use these features)? Yes, but that never happens (from handshake to until problem appears) > What is the value of MBEDTLS_SSL_MAX_CONTENT_LEN (or MBEDTLS_SSL_OUT_CONTENT_LEN if it's defined)? Not defined in config, looks like both 16834 >What operating system are you using? Ubuntu 20, Kali 20 > Is this a client or a server? What TLS stack does the other side run? Both are written same way, both using same library. I'll try to prepare test-case code, that reproduces the problem, and logs, but that will require some time. 10.12.2020 1:07, Gilles Peskine via mbed-tls пишет: > Hi Андрей, > > The behavior you describe is a bug. But there isn't enough information > to tell whether the bug is in Mbed TLS, in asio-standalone, in some > other third-party code, or in your application. > > Some things to consider: > > * Are you using blocking or non-blocking I/O? > * Are you using TLS or DTLS? What protocol version, what cipher suite > and what extensions are negotiated? > * Does your application call mbedtls_ssl_write() and mbedtls_ssl_read() > again with the same buffer if they return MBEDTLS_ERR_SSL_WANT_READ or > MBEDTLS_ERR_SSL_WANT_WRITE? > * Do you close the TLS connection if mbedtls_ssl_xxx() returns an error > other than WANT_XXX (or XXX_IN_PROGRESS if you use these features)? > * What is the value of MBEDTLS_SSL_MAX_CONTENT_LEN (or > MBEDTLS_SSL_OUT_CONTENT_LEN if it's defined)? > * What operating system are you using? > * Is this a client or a server? What TLS stack does the other side run? > > You'll give others the most chance to help you if you post small, > complete code to reproduce the problem. I realize this may be difficult. > A good intermediate way to see what is going on would be to post debug > logs. To get debug logs, make sure that MBEDTLS_DEBUG_C is enabled and > call these functions before opening the TLS connection: > > mbedtls_ssl_conf_dbg(&ssl_conf, my_debug, stdout); > mbedtls_debug_set_threshold(2); > > See https://tls.mbed.org/kb/how-to/mbedtls-tutorial for a sample version > of my_debug(). > > Calls to bio_send() are shown in the logs as > > => flush output > message length: %d, out_left: %d > ssl->f_send() returned %d > <= flush output > > If they don't show expected numbers, the rest of the logs should give a > clue as to why. > > Hope this helps, >

4 years, 9 months

1
0
0 0

Re: [mbed-tls] mbedtls undefined behaviour

by Gilles Peskine

By the way, I notice you're using Mbed TLS 2.16.3. This version has known bugs, including security issues. Please upgrade to the latest Mbed TLS 2.16.x (currently 2.16.8, very soon 2.16.9) which is a security and bugfix update, or to the latest release (2.24.0, soon 2.25.0) which has all the latest bugfixes and features. Looking at the changelog, I don't see any mention of a bug that could explain your problem, but I might have missed something. -- Gilles Peskine Mbed TLS developer On 09/12/2020 22:17, Сысоев Андрей via mbed-tls wrote: > Hello. > > I need a little help with mbedtls 2.16.3. > I'm using it under x86-64 with asio-standalone. > > Here's a standard situation: > - I call mbedtls_ssl_write() to write let's say 8192 bytes of payload > - it calls my own bio_send() with (8192+21) bytes as len parameter > - bio_send() returns len=(8192+21), indicating transport data > correctly written > - mbedtls_ssl_write() returns 8192, indicating payload send > GOOD: next I use this value to shift application buffer (erase first > 8192 bytes), then send next chunk > > BUT after some time of running this situation happens: > - once again, a call to mbedtls_ssl_write() to write let's say 8192 > bytes of payload > - it calls bio_send() with smaller number, about 5500 bytes as len > parameter (?? but OK) > - bio_send() returns len=5500, indicating transport data correctly > written > - mbedtls_ssl_write() returns 8192 (??? why not 5500 ???), indicating > payload send > BAD: next I use this value to shift application buffer (erase first > 8192 bytes), this leads to data loss of (8192-5500)=2692 bytes and > ruins protocol > > As you can see, mbedtls_ssl_write() incorrectly reports about sent > application data (8192 instead of 5500) - is this a bug? How can such > situation happen under normal operation? > > Thanks in advance. >

4 years, 9 months

1
0
0 0

Re: [mbed-tls] mbedtls undefined behaviour

by Gilles Peskine

Hi Андрей, The behavior you describe is a bug. But there isn't enough information to tell whether the bug is in Mbed TLS, in asio-standalone, in some other third-party code, or in your application. Some things to consider: * Are you using blocking or non-blocking I/O? * Are you using TLS or DTLS? What protocol version, what cipher suite and what extensions are negotiated? * Does your application call mbedtls_ssl_write() and mbedtls_ssl_read() again with the same buffer if they return MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE? * Do you close the TLS connection if mbedtls_ssl_xxx() returns an error other than WANT_XXX (or XXX_IN_PROGRESS if you use these features)? * What is the value of MBEDTLS_SSL_MAX_CONTENT_LEN (or MBEDTLS_SSL_OUT_CONTENT_LEN if it's defined)? * What operating system are you using? * Is this a client or a server? What TLS stack does the other side run? You'll give others the most chance to help you if you post small, complete code to reproduce the problem. I realize this may be difficult. A good intermediate way to see what is going on would be to post debug logs. To get debug logs, make sure that MBEDTLS_DEBUG_C is enabled and call these functions before opening the TLS connection: mbedtls_ssl_conf_dbg(&ssl_conf, my_debug, stdout); mbedtls_debug_set_threshold(2); See https://tls.mbed.org/kb/how-to/mbedtls-tutorial for a sample version of my_debug(). Calls to bio_send() are shown in the logs as => flush output message length: %d, out_left: %d ssl->f_send() returned %d <= flush output If they don't show expected numbers, the rest of the logs should give a clue as to why. Hope this helps, -- Gilles Peskine Mbed TLS developer On 09/12/2020 22:17, Сысоев Андрей via mbed-tls wrote: > Hello. > > I need a little help with mbedtls 2.16.3. > I'm using it under x86-64 with asio-standalone. > > Here's a standard situation: > - I call mbedtls_ssl_write() to write let's say 8192 bytes of payload > - it calls my own bio_send() with (8192+21) bytes as len parameter > - bio_send() returns len=(8192+21), indicating transport data > correctly written > - mbedtls_ssl_write() returns 8192, indicating payload send > GOOD: next I use this value to shift application buffer (erase first > 8192 bytes), then send next chunk > > BUT after some time of running this situation happens: > - once again, a call to mbedtls_ssl_write() to write let's say 8192 > bytes of payload > - it calls bio_send() with smaller number, about 5500 bytes as len > parameter (?? but OK) > - bio_send() returns len=5500, indicating transport data correctly > written > - mbedtls_ssl_write() returns 8192 (??? why not 5500 ???), indicating > payload send > BAD: next I use this value to shift application buffer (erase first > 8192 bytes), this leads to data loss of (8192-5500)=2692 bytes and > ruins protocol > > As you can see, mbedtls_ssl_write() incorrectly reports about sent > application data (8192 instead of 5500) - is this a bug? How can such > situation happen under normal operation? > > Thanks in advance. >

4 years, 9 months

1
0
0 0

mbedtls undefined behaviour

by Сысоев Андрей

Hello. I need a little help with mbedtls 2.16.3. I'm using it under x86-64 with asio-standalone. Here's a standard situation: - I call mbedtls_ssl_write() to write let's say 8192 bytes of payload - it calls my own bio_send() with (8192+21) bytes as len parameter - bio_send() returns len=(8192+21), indicating transport data correctly written - mbedtls_ssl_write() returns 8192, indicating payload send GOOD: next I use this value to shift application buffer (erase first 8192 bytes), then send next chunk BUT after some time of running this situation happens: - once again, a call to mbedtls_ssl_write() to write let's say 8192 bytes of payload - it calls bio_send() with smaller number, about 5500 bytes as len parameter (?? but OK) - bio_send() returns len=5500, indicating transport data correctly written - mbedtls_ssl_write() returns 8192 (??? why not 5500 ???), indicating payload send BAD: next I use this value to shift application buffer (erase first 8192 bytes), this leads to data loss of (8192-5500)=2692 bytes and ruins protocol As you can see, mbedtls_ssl_write() incorrectly reports about sent application data (8192 instead of 5500) - is this a bug? How can such situation happen under normal operation? Thanks in advance.

4 years, 9 months

1
0
0 0

Re: [mbed-tls] Implementing MbedTLS on "xilinx zu7 zynq ultrascale+soc"

by Gilles Peskine

Hi Farhad, Mbed TLS currently supports hardware acceleration through alternative implementations of the corresponding modules or functions. See https://tls.mbed.org/kb/development/hw_acc_guidelines . This mechanism is available for symmetric cryptography and partially for RSA and ECC. There is some work in progress on a new mechanism for hardware acceleration through the psa_xxx() API, which will be available for all algorithms. You can follow the work in progress on the “Unified driver interface: API design and prototype” epic at https://github.com/ARMmbed/mbedtls/projects/2#column-8543266 . Hope this helps, -- Gilles Peskine Mbed TLS developer On 04/12/2020 11:20, saghili via mbed-tls wrote: > Dear Sir/Madam, > > Our platform is a quad core Cortex A53 running PetaLinux. > In our hardware, "AF_ALG" module has performance accelerations > available through the Linux crypto drivers. > Is it possible that we have "AF_ALG" for offloading crypto operations? > > Best regards, > Farhad

4 years, 9 months

1
0
0 0

Implementing MbedTLS on "xilinx zu7 zynq ultrascale+soc"

by saghili

Dear Sir/Madam, Our platform is a quad core Cortex A53 running PetaLinux. In our hardware, "AF_ALG" module has performance accelerations available through the Linux crypto drivers. Is it possible that we have "AF_ALG" for offloading crypto operations? Best regards, Farhad

4 years, 9 months

1
0
0 0

Mbed TLS on ESP32

by Radim Kohout

Hello, I am using ESP32 Dev Module, which supports MbedTLS. I have two questions, but I can't find the answer on the forum: 1.Is there any way to import RSA keys from string(ideally from PEM format) to mbedtls_pk context? 2.How to encrypt with RSA private key and decrypt with RSA public key? Thanks Radim Kohout

4 years, 9 months

1
0
0 0

Re: [mbed-tls] Invalid ECDSA signature created

by ROSHINI DEVI

Thanks Gilles. I have use mbedtls_ecdsa_sign and got the raw buffer output of R & S values. On Sun, Nov 22, 2020, 9:26 PM Gilles Peskine via mbed-tls < mbed-tls(a)lists.trustedfirmware.org> wrote: > Hi Roshini, > > Mathematically, an ES256 (ECDSA over the curve P256R1) signature is a > pair of numbers (r,s) between 1 and an upper bound which is very > slightly less than 2^256. There are two common representations for this > signature. JWA uses the “raw” representation: two big-endian numbers > represented each with exactly 32 bytes, concatenated together. > mbedtls_ecdsa_write_signature uses the ASN.1 DER representation, which > as you noticed represents each number in a type+length+value format. > > The DER format removes leading zeros from the number, then adds a > leading 0 bit to each number which is a sign bit (the numbers in an > ECDSA signature are always positive, but DER can also represent negative > numbers). Therefore each number has a roughly 1/2 chance of using 33 > value bytes with a leading 0 byte (1 sign bit + 7 value bits, all 0), a > 63/128 chance of using 32 value bytes, and a 1/128 chance of using 31 > value bytes or less because the 7 most significant bits of the number > were 0. A shorter number in an ECDSA signature is not invalid, it's a > 1/128 chance (independently for each of r and s). > > To get the signature in raw format with Mbed TLS, the easiest way is to > use the PSA API, where the output of psa_sign_hash() for ECDSA is the > raw format. With the classic Mbed TLS API, the easiest way is to call > mbedtls_ecdsa_sign() or mbedtls_ecdsa_sign_det_ext() to get r and s as > bignums, then use mbedtls_mpi_write_binary() to write r and s with their > exact size into the output buffer. You can find an example in the > internal function psa_ecdsa_sign(): > > https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.24.0/library/psa_crypto.c… > > Hope this helps, > > -- > Gilles Peskine > Mbed TLS developer > > On 22/11/2020 10:12, ROSHINI DEVI via mbed-tls wrote: > > Hello all, > > > > I need to sign the message using ES256 algorithm. After doing > > necessary initializations, I called API > > - mbedtls_ecdsa_write_signature() API and it gave me signature in ASN1 > > encoded form and there was no error generated by this API. > > After getting the signature, I need the r & s values to create JWT > > Token. So, I wrote my custom function to parse the signature buffer > > and get the R & S values of it. > > It was working fine. Sometimes, I am getting an invalid signature as > > shown below signature DER buffer - > > > > 30 43 02 1f 31 92 8d 22 10 41 86 25 68 7f 42 81 26 0f 37 bc 7f 38 b7 > > d5 1a 6b 69 31 07 34 11 a6 04 e5 90 02 20 23 26 f8 b9 80 cf 2c 25 c8 > > 04 b4 ac 43 51 6a 04 a6 af 8f 94 36 f8 cf 35 c2 94 cc df de db 92 b2 > > > > The reason for invalid is - > > 1st byte represents ASN1 sequence, followed by length and 3rd byter > > indicates it is an integer. > > Ideally, 4th byte indicates length of r-value, it should have been 32 > > or 33 bytes ( in case of padding with 00 ). You can see in the above > > buffer it is 0x1F ( 31 bytes ). It is really weird how it is possible > > to get the signature length of 31 bytes. > > > > It is blocking me for generation of JWT token, where in RFC 7518 > > - https://tools.ietf.org/html/rfc7518#page-9 , it says R & S must be > > 32 bytes long. And, the generation is failing. > > > > It is of high priority for me. If anyone can provide your suggestions > > on this issue, it would be really great. Thanks in advance > > > > Thanks, > > Roshini > > > > > -- > mbed-tls mailing list > mbed-tls(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls >

4 years, 9 months

1
0
0 0

-0x7180 - SSL - Verification of the message MAC failed

by Михаил Азанов

The SSL server is the one from the examples https://github.com/ARMmbed/mbedtls/blob/development/programs/ssl/ssl_server… It is configured on port 8080. The server runs on the linux operating system Linux commands give the following: uname -a Linux termv7 4.15.0-91-generic #92-Ubuntu SMP Fri Feb 28 11:09:48 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux On the client side, the sim800 module is used. Log files attached to the email. File contents TermV-terminals-server.key: subject=/C=RU/ST=Sample/L=Sample/O=Sample/OU=Sample/CN=localhost issuer=/C=RU/ST=Sample/L=Sample/O=Sample/OU=Sample/CN=Sample -----BEGIN CERTIFICATE----- MIIDTjCCAjYCFBhhDBE3BeiTMD0dzFYOGILO8yq0MA0GCSqGSIb3DQEBCwUAMGIx CzAJBgNVBAYTAlJVMQ8wDQYDVQQIDAZTYW1wbGUxDzANBgNVBAcMBlNhbXBsZTEP MA0GA1UECgwGU2FtcGxlMQ8wDQYDVQQLDAZTYW1wbGUxDzANBgNVBAMMBlNhbXBs ZTAeFw0yMDAxMTgxODA5MDlaFw0yNDAxMTcxODA5MDlaMGUxCzAJBgNVBAYTAlJV MQ8wDQYDVQQIDAZTYW1wbGUxDzANBgNVBAcMBlNhbXBsZTEPMA0GA1UECgwGU2Ft cGxlMQ8wDQYDVQQLDAZTYW1wbGUxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBALQSjObDf16fv02qH+3FtI4eX2tPfj+u XsSF8KK6OpcNNfHv17LB9NRUGbZdeikvL5mjB1qd8Qt5YBzSYvvNmuQqn/ZZhEhg 9zqDd+j6dsl03OSW42qSP59M22plqhHZv1ZpkbpHSnEbbwbIVhgx1GuJvMHbQKxw et3UobG9M7q0/6Z2hlvbiuQgZWpc6+vnGGFUzVFjJhsUMgewU1UwTtfahOVegv9v ocuj+AOHzzH2+l72ybpKIFKZ6eXjr3sVp1lIPXm+gUNLqkReNV2QVk4H/j2ow3xu hdHjiPQ+6o6dgbCHeCvbf7Qs35S8YlQH/Mn2bik2NIMKucdq7S35AEsCAwEAATAN BgkqhkiG9w0BAQsFAAOCAQEAhANjStGtYfPJ2Ibkbn6ct4bWLPe6sFBvbwYow3Fd lBz0oxBukhJDOrPa4OqJDpnWenXkEcUrulI2JG5sIylOg3QlwlmgPoJU9fkpmr+u xNVlTxBSh1BVp0sccC+LxNRyDMl4C89R1TjPpPjoRU4cciY9N0oygPjTj0c26qBU iqwtyJTeeJYJUdplCMvXFOt8deqi/NBpBGnEfo8P/IeM/iCWLD5VtloHX/R0C+au q6803qd1/Gd0pIdsELQKrR6mBz6sWukg2f25GheLQVV7Wz/elZD8MwYwjYLoCtIP 65Ae3Eb6S2KlsVPzMj09u6kQ+KPfZtKu8tiUSc+11hurRw== -----END CERTIFICATE----- File contents TermV-terminals-server.crt: -----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC0Eozmw39en79N qh/txbSOHl9rT34/rl7EhfCiujqXDTXx79eywfTUVBm2XXopLy+ZowdanfELeWAc 0mL7zZrkKp/2WYRIYPc6g3fo+nbJdNzkluNqkj+fTNtqZaoR2b9WaZG6R0pxG28G yFYYMdRribzB20CscHrd1KGxvTO6tP+mdoZb24rkIGVqXOvr5xhhVM1RYyYbFDIH sFNVME7X2oTlXoL/b6HLo/gDh88x9vpe9sm6SiBSmenl4697FadZSD15voFDS6pE XjVdkFZOB/49qMN8boXR44j0PuqOnYGwh3gr23+0LN+UvGJUB/zJ9m4pNjSDCrnH au0t+QBLAgMBAAECggEBAKWbKdpQkSME53sVqqeR26uYY0jdos4OHzm9tMDzZE7m 52XJniXYGsHrVnpRHbginTQ+qtS7zKMwzSO0mTPas0iDqvl0+iNWighWQEETl4tO 3peb7Spltf1bQa9oMDCagU2HaW5Xgi7jfAhQ1l0J9sGvutjOO3xbNaQtmUdNKfXa VRaof94/YKcbTPIn588orxfumgeiYwQ8exhA7yg1WLl2iSy9jj+8WrxaKvy4vR45 nXrb2tXletRoZZY/FC/NZNMgXsGTmYHl6blTEZVz7Zu0XPHKJo42tHnKHW46/ccJ vkXQNjUsu0JN95+lWBA5Yne8xddhiLNKv3DZ3iwXRAECgYEA17YaIbtlgSLd5hJJ OuS9n9XNUCEx1YLhDRzhHggPNTZkVxSnxnWVGpbubtWN/OggRtJyk+mLFV+aHLCa R224ofSPWWE1HtoSdtLcL5oLgp6RDoM61h1p1glFS7BpbYzBegAcbMJa1IvAMspx 5lsYowBUJLNHAEcqUrXzQ88gu2ECgYEA1bRugqLGXqz1E0z6o/MuGXfmJaGQEmJg 833As5jzsyd6pyznsB0TKUAJkcf0RmZrr1EDVigA9aLcwq4qThjGEL2FpGkOvXPC bY0c2pLnsZJetNmXnky/w+W127V+LbDjjQaYl/7c9Fp4hoomoykt7d1YW7lRZ2Le wo8muiGF5ysCgYEAlYHahMysop926tJ7vPzzTMfT4JjRQGnQ79S3VqhBWiFT1GM1 kcDHUkGQCnOrUMHWNSABV/FDe9HiL8Zbd+xdTqsBe/J67eI5b+/fuoJrPeIHKebc rbB/PWD5jWc8+zfWlWdkTCE88RnXYZyc6wryfW9p4nH7YP7yH5eKftIdnqECgYBl aWY33/661uDF8/XM742k0F0K5oxz7PONGNPlZmPfVJDD3G9mB6YcISNpZrXo4pmf bJZkwD8UUeDpEbVJsj/rmcRdrO0twk01p41Vu/jvL0J6F/f3SvyFffC6/nmOPS7+ sW6gUnWQD466abzEGLqO8kcH3/1dTnHfagc6tMXSWQKBgQCZjWzyLtEUxvWI2PSe B6/osxlYDyCkXrJDIT1LuepM/54Kre9YMUy2UZBVC42DR6paEbkAAqHdTsLNlKhV s+6/JGnEDR1e/L7ks0dBY8jow04r0mKG1M91SMLr5OeBTk6SRMnR7GAKewjeLmJD ULgsqyHSTh/4r6tDQ7Gayci2vQ== -----END PRIVATE KEY----- Server sources: #include <stdio.h> /* * SSL server demonstration program * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else #include MBEDTLS_CONFIG_FILE #endif #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #include <stdio.h> #include <stdlib.h> #define mbedtls_time time #define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf #define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \ !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ !defined(MBEDTLS_PEM_PARSE_C) int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C " "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or " "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " "and/or MBEDTLS_PEM_PARSE_C not defined.\n"); mbedtls_exit( 0 ); } #else #include <stdlib.h> #include <string.h> #if defined(_WIN32) #include <windows.h> #endif #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/certs.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/net_sockets.h" #include "mbedtls/error.h" #include "mbedtls/debug.h" #if defined(MBEDTLS_SSL_CACHE_C) #include "mbedtls/ssl_cache.h" #endif #define HTTP_RESPONSE \ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ "<h2>mbed TLS Test Server</h2>\r\n" \ "<p>Successful connection using: %s</p>\r\n" #define DEBUG_LEVEL 5 static void my_debug( void *ctx, int level, const char *file, int line, const char *str ) { ((void) level); mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str ); fflush( (FILE *) ctx ); } int main( void ) { int ret, len; mbedtls_net_context listen_fd, client_fd; unsigned char buf[1024]; const char *pers = "ssl_server"; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; mbedtls_pk_context pkey; #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_context cache; #endif mbedtls_net_init( &listen_fd ); mbedtls_net_init( &client_fd ); mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_init( &cache ); #endif mbedtls_x509_crt_init( &srvcert ); mbedtls_pk_init( &pkey ); mbedtls_entropy_init( &entropy ); mbedtls_ctr_drbg_init( &ctr_drbg ); #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold( DEBUG_LEVEL ); #endif /* * 1. Load the certificates and private RSA key */ mbedtls_printf( "\n . Loading the server cert. and key..." ); fflush( stdout ); /* * This demonstration program uses embedded test certificates. * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the * server and CA certificates, as well as mbedtls_pk_parse_keyfile(). */ ret = mbedtls_x509_crt_parse_file( &srvcert,"/etc/minpay/cert/TermV-terminals-server.crt"); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret ); goto exit; } ret = mbedtls_pk_parse_keyfile( &pkey,"/etc/minpay/cert/TermV-terminals-server.key", NULL ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret ); goto exit; } mbedtls_printf( " ok\n" ); /* * 2. Setup the listening TCP socket */ mbedtls_printf( " . Bind on https://localhost:8080/ ..." ); fflush( stdout ); if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "8080", MBEDTLS_NET_PROTO_TCP ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret ); goto exit; } mbedtls_printf( " ok\n" ); /* * 3. Seed the RNG */ mbedtls_printf( " . Seeding the random number generator..." ); fflush( stdout ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); goto exit; } mbedtls_printf( " ok\n" ); /* * 4. Setup stuff */ mbedtls_printf( " . Setting up the SSL data...." ); fflush( stdout ); if( ( ret = mbedtls_ssl_config_defaults( &conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); goto exit; } mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_conf_session_cache( &conf, &cache, mbedtls_ssl_cache_get, mbedtls_ssl_cache_set ); #endif mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); goto exit; } if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; } mbedtls_printf( " ok\n" ); reset: #ifdef MBEDTLS_ERROR_C if( ret != 0 ) { char error_buf[100]; mbedtls_strerror( ret, error_buf, 100 ); mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf ); } #endif mbedtls_net_free( &client_fd ); mbedtls_ssl_session_reset( &ssl ); /* * 3. Wait until a client connects */ mbedtls_printf( " . Waiting for a remote connection ..." ); fflush( stdout ); if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd, NULL, 0, NULL ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret ); goto exit; } mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); mbedtls_printf( " ok\n" ); /* * 5. Handshake */ mbedtls_printf( " . Performing the SSL/TLS handshake..." ); fflush( stdout ); while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret ); goto reset; } } mbedtls_printf( " ok\n" ); /* * 6. Read the HTTP Request */ mbedtls_printf( " < Read from client:" ); fflush( stdout ); do { len = sizeof( buf ) - 1; memset( buf, 0, sizeof( buf ) ); ret = mbedtls_ssl_read( &ssl, buf, len ); if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE ) continue; if( ret <= 0 ) { switch( ret ) { case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: mbedtls_printf( " connection was closed gracefully\n" ); break; case MBEDTLS_ERR_NET_CONN_RESET: mbedtls_printf( " connection was reset by peer\n" ); break; default: mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret ); break; } break; } len = ret; mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf ); if( ret > 0 ) break; } while( 1 ); /* * 7. Write the 200 Response */ mbedtls_printf( " > Write to client:" ); fflush( stdout ); len = sprintf( (char *) buf, HTTP_RESPONSE, mbedtls_ssl_get_ciphersuite( &ssl ) ); while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 ) { if( ret == MBEDTLS_ERR_NET_CONN_RESET ) { mbedtls_printf( " failed\n ! peer closed the connection\n\n" ); goto reset; } if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); goto exit; } } len = ret; mbedtls_printf( " %d bytes written\n\n%s\n", len, (char *) buf ); mbedtls_printf( " . Closing the connection..." ); while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { mbedtls_printf( " failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret ); goto reset; } } mbedtls_printf( " ok\n" ); ret = 0; goto reset; exit: #ifdef MBEDTLS_ERROR_C if( ret != 0 ) { char error_buf[100]; mbedtls_strerror( ret, error_buf, 100 ); mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf ); } #endif mbedtls_net_free( &client_fd ); mbedtls_net_free( &listen_fd ); mbedtls_x509_crt_free( &srvcert ); mbedtls_pk_free( &pkey ); mbedtls_ssl_free( &ssl ); mbedtls_ssl_config_free( &conf ); #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free( &cache ); #endif mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); #if defined(_WIN32) mbedtls_printf( " Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); #endif mbedtls_exit( ret ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_PEM_PARSE_C */ Regards, Michael.

4 years, 9 months

1
0
0 0

Re: [mbed-tls] -0x7180 - SSL - Verification of the message MAC failed

by Manuel Pegourie-Gonnard

Hi Michael, I'm not sure I understand what library/program you're using on each side: you posted the source code of a server based on Mbed TLS, and an invocation of openssl as a server - 2 servers and no client, surely that's not your entire setup. Also, even with the full details, this is a considerable amount of things to go over, so instead of trying to pinpoint the issue, I'd like to suggest a strategy that would help you debug things. For the side of the connection that's based on Mbed TLS, I suggest you start with one of the example programs located in programs/ssl? in our source tree. Hopefully those should work. If they don't, please come back to us with details on how you're invoking them and what's on the other side. If they work, I suggest you gradually modify them to adapt them to your needs, and after each change check if things still work. That way, if things break at one point, it should be easier to pinpoint the source of the issue. Hope that will help! Regards, Manuel. PS: I had a quick look at the logs, and I'm not sure what software is on the client side, but its ClientHello.random doesn't look random. Also, the location of the errors suggests the the client and server didn't compute the same session keys - so something probably went wrong computing the pre-master secret or deriving the master secret and session keys from it. ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Михаил Азанов via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Sent: 21 November 2020 05:17 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] -0x7180 - SSL - Verification of the message MAC failed Clients connect to my server over SSL and an error "-0x7180 - SSL - Verification of the message MAC failed" occurs when creating a secure connection. Linux commands give the following: uname -a Linux termv7 4.15.0-91-generic #92-Ubuntu SMP Fri Feb 28 11:09:48 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux openssl s_server -key /etc/minpay/cert/TermV-terminals-server.key -cert /etc/minpay/cert/TermV-terminals-server.crt -accept 8080 -state Using default temp DH parameters ACCEPT SSL_accept:before SSL initialization SSL_accept:before SSL initialization SSL_accept:SSLv3/TLS read client hello SSL_accept:SSLv3/TLS write server hello SSL_accept:SSLv3/TLS write certificate SSL_accept:SSLv3/TLS write server done SSL_accept:SSLv3/TLS write server done SSL_accept:SSLv3/TLS read client key exchange SSL_accept:SSLv3/TLS read change cipher spec SSL_accept:SSLv3/TLS read finished SSL_accept:SSLv3/TLS write change cipher spec SSL_accept:SSLv3/TLS write finished -----BEGIN SSL SESSION PARAMETERS----- MHUCAQECAgMBBAIALwQgNbcRsh26hMujwXcoa5ZlBGihMY+GFhkTscR4Ds8fppwE MHAJs/h2ldK+C7Sm2fpNGbzYMycfUPGq4Ydg9PtnHPt1Mn9eH68tnQsT2nuTwGRq zqEGAgRftlMXogQCAhwgpAYEBAEAAAA= -----END SSL SESSION PARAMETERS----- Shared ciphers:AES128-SHA --- No server certificate CA names sent CIPHER is AES128-SHA Secure Renegotiation IS NOT supported Source content: File contents TermV-terminals-server.key: subject=/C=RU/ST=Sample/L=Sample/O=Sample/OU=Sample/CN=localhost issuer=/C=RU/ST=Sample/L=Sample/O=Sample/OU=Sample/CN=Sample -----BEGIN CERTIFICATE----- MIIDTjCCAjYCFBhhDBE3BeiTMD0dzFYOGILO8yq0MA0GCSqGSIb3DQEBCwUAMGIx CzAJBgNVBAYTAlJVMQ8wDQYDVQQIDAZTYW1wbGUxDzANBgNVBAcMBlNhbXBsZTEP MA0GA1UECgwGU2FtcGxlMQ8wDQYDVQQLDAZTYW1wbGUxDzANBgNVBAMMBlNhbXBs ZTAeFw0yMDAxMTgxODA5MDlaFw0yNDAxMTcxODA5MDlaMGUxCzAJBgNVBAYTAlJV MQ8wDQYDVQQIDAZTYW1wbGUxDzANBgNVBAcMBlNhbXBsZTEPMA0GA1UECgwGU2Ft cGxlMQ8wDQYDVQQLDAZTYW1wbGUxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBALQSjObDf16fv02qH+3FtI4eX2tPfj+u XsSF8KK6OpcNNfHv17LB9NRUGbZdeikvL5mjB1qd8Qt5YBzSYvvNmuQqn/ZZhEhg 9zqDd+j6dsl03OSW42qSP59M22plqhHZv1ZpkbpHSnEbbwbIVhgx1GuJvMHbQKxw et3UobG9M7q0/6Z2hlvbiuQgZWpc6+vnGGFUzVFjJhsUMgewU1UwTtfahOVegv9v ocuj+AOHzzH2+l72ybpKIFKZ6eXjr3sVp1lIPXm+gUNLqkReNV2QVk4H/j2ow3xu hdHjiPQ+6o6dgbCHeCvbf7Qs35S8YlQH/Mn2bik2NIMKucdq7S35AEsCAwEAATAN BgkqhkiG9w0BAQsFAAOCAQEAhANjStGtYfPJ2Ibkbn6ct4bWLPe6sFBvbwYow3Fd lBz0oxBukhJDOrPa4OqJDpnWenXkEcUrulI2JG5sIylOg3QlwlmgPoJU9fkpmr+u xNVlTxBSh1BVp0sccC+LxNRyDMl4C89R1TjPpPjoRU4cciY9N0oygPjTj0c26qBU iqwtyJTeeJYJUdplCMvXFOt8deqi/NBpBGnEfo8P/IeM/iCWLD5VtloHX/R0C+au q6803qd1/Gd0pIdsELQKrR6mBz6sWukg2f25GheLQVV7Wz/elZD8MwYwjYLoCtIP 65Ae3Eb6S2KlsVPzMj09u6kQ+KPfZtKu8tiUSc+11hurRw== -----END CERTIFICATE----- File contents TermV-terminals-server.crt: -----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC0Eozmw39en79N qh/txbSOHl9rT34/rl7EhfCiujqXDTXx79eywfTUVBm2XXopLy+ZowdanfELeWAc 0mL7zZrkKp/2WYRIYPc6g3fo+nbJdNzkluNqkj+fTNtqZaoR2b9WaZG6R0pxG28G yFYYMdRribzB20CscHrd1KGxvTO6tP+mdoZb24rkIGVqXOvr5xhhVM1RYyYbFDIH sFNVME7X2oTlXoL/b6HLo/gDh88x9vpe9sm6SiBSmenl4697FadZSD15voFDS6pE XjVdkFZOB/49qMN8boXR44j0PuqOnYGwh3gr23+0LN+UvGJUB/zJ9m4pNjSDCrnH au0t+QBLAgMBAAECggEBAKWbKdpQkSME53sVqqeR26uYY0jdos4OHzm9tMDzZE7m 52XJniXYGsHrVnpRHbginTQ+qtS7zKMwzSO0mTPas0iDqvl0+iNWighWQEETl4tO 3peb7Spltf1bQa9oMDCagU2HaW5Xgi7jfAhQ1l0J9sGvutjOO3xbNaQtmUdNKfXa VRaof94/YKcbTPIn588orxfumgeiYwQ8exhA7yg1WLl2iSy9jj+8WrxaKvy4vR45 nXrb2tXletRoZZY/FC/NZNMgXsGTmYHl6blTEZVz7Zu0XPHKJo42tHnKHW46/ccJ vkXQNjUsu0JN95+lWBA5Yne8xddhiLNKv3DZ3iwXRAECgYEA17YaIbtlgSLd5hJJ OuS9n9XNUCEx1YLhDRzhHggPNTZkVxSnxnWVGpbubtWN/OggRtJyk+mLFV+aHLCa R224ofSPWWE1HtoSdtLcL5oLgp6RDoM61h1p1glFS7BpbYzBegAcbMJa1IvAMspx 5lsYowBUJLNHAEcqUrXzQ88gu2ECgYEA1bRugqLGXqz1E0z6o/MuGXfmJaGQEmJg 833As5jzsyd6pyznsB0TKUAJkcf0RmZrr1EDVigA9aLcwq4qThjGEL2FpGkOvXPC bY0c2pLnsZJetNmXnky/w+W127V+LbDjjQaYl/7c9Fp4hoomoykt7d1YW7lRZ2Le wo8muiGF5ysCgYEAlYHahMysop926tJ7vPzzTMfT4JjRQGnQ79S3VqhBWiFT1GM1 kcDHUkGQCnOrUMHWNSABV/FDe9HiL8Zbd+xdTqsBe/J67eI5b+/fuoJrPeIHKebc rbB/PWD5jWc8+zfWlWdkTCE88RnXYZyc6wryfW9p4nH7YP7yH5eKftIdnqECgYBl aWY33/661uDF8/XM742k0F0K5oxz7PONGNPlZmPfVJDD3G9mB6YcISNpZrXo4pmf bJZkwD8UUeDpEbVJsj/rmcRdrO0twk01p41Vu/jvL0J6F/f3SvyFffC6/nmOPS7+ sW6gUnWQD466abzEGLqO8kcH3/1dTnHfagc6tMXSWQKBgQCZjWzyLtEUxvWI2PSe B6/osxlYDyCkXrJDIT1LuepM/54Kre9YMUy2UZBVC42DR6paEbkAAqHdTsLNlKhV s+6/JGnEDR1e/L7ks0dBY8jow04r0mKG1M91SMLr5OeBTk6SRMnR7GAKewjeLmJD ULgsqyHSTh/4r6tDQ7Gayci2vQ== -----END PRIVATE KEY----- File contents ssl_server.h: #ifndef SSL_SERVER_H #define SSL_SERVER_H #define DEBUG_LEVEL 5 #if DEBUG_LEVEL > 0 #include "mbedtls/debug.h" #endif //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/certs.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/net_sockets.h" #include "mbedtls/error.h" #include "mbedtls/ssl_cache.h" #include "packet_handler/packet_handler.h" #include "thread_pool_ssl.h" #include "queue_ssl.h" extern pthread_mutex_t listen_fd1_mutex; extern mbedtls_net_context listen_fd1; extern void* runSSLServer(void *arg); #endif // SSL_SERVER_H File contents ssl_server.c: #include "ssl_server.h" mbedtls_net_context listen_fd1; pthread_mutex_t listen_fd1_mutex=PTHREAD_MUTEX_INITIALIZER; static mbedtls_ssl_config *config; #if DEBUG_LEVEL > 0 static void my_debug( void *ctx, int level, const char *file, int line, const char *str ) { ((void) level); char s[1000]; snprintf(s,sizeof(s),"%s:%04d: %s", file, line, str ); trace(s); } #endif void * runSSLServer(void *arg) { (void)(arg); int ret; char s[100]; int n = atoi(config_list[SSL_SERVER_NUM_THREADS].value); createThreadPoolSSLArray(n); mbedtls_net_context listen_fd, client_socket_ssl; const char pers[] = "ssl_pthread_server"; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; mbedtls_x509_crt cachain; mbedtls_pk_context pkey; mbedtls_ssl_cache_context cache; mbedtls_ssl_cache_init( &cache ); mbedtls_x509_crt_init( &srvcert ); mbedtls_x509_crt_init( &cachain ); mbedtls_ssl_config_init( &conf ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_net_init( &listen_fd ); mbedtls_net_init( &client_socket_ssl ); config = &conf; /* * We use only a single entropy source that is used in all the threads. */ mbedtls_entropy_init( &entropy ); #if DEBUG_LEVEL > 0 mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif /* * 1. Load the certificates and private RSA key */ trace( "[SSL Server] Loading the server cert. and key..." ); ret = mbedtls_x509_crt_parse_file( &srvcert,"/etc/minpay/cert/TermV-terminals-server.crt"); if( ret != 0 ) { snprintf(s,sizeof(s), "[SSL Server] failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret ); trace(s); goto thread_exit; } mbedtls_pk_init( &pkey ); ret = mbedtls_pk_parse_keyfile( &pkey,"/etc/minpay/cert/TermV-terminals-server.key" , NULL ); if( ret != 0 ) { snprintf(s,sizeof(s), "[SSL Server] failed\n ! mbedtls_pk_parse_keyfile returned %d\n\n", ret ); trace(s); goto thread_exit; } trace( "[SSL Server] ok\n" ); /* * 1b. Seed the random number generator */ trace( "Seeding the random number generator..." ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { snprintf(s,sizeof(s),"[SSL Server] failed: mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret ); trace(s); goto thread_exit; } trace( "[SSL Server] ok\n" ); /* * 1c. Prepare SSL configuration */ trace( "[SSL Server] Setting up the SSL data...." ); if( ( ret = mbedtls_ssl_config_defaults( &conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) { snprintf(s,sizeof(s),"[SSL Server] failed: mbedtls_ssl_config_defaults returned -0x%04x\n", -ret ); trace(s); goto thread_exit; } mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); #if DEBUG_LEVEL > 0 mbedtls_ssl_conf_dbg( &conf, my_debug, NULL ); #endif /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if * MBEDTLS_THREADING_C is set. */ mbedtls_ssl_conf_session_cache( &conf, &cache, mbedtls_ssl_cache_get, mbedtls_ssl_cache_set ); mbedtls_ssl_conf_ca_chain( &conf, &cachain, NULL ); if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) { snprintf(s,sizeof(s),"[SSL Server] failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); trace(s); goto thread_exit; } trace( "[SSL Server] ok\n" ); /* * 2. Setup the listening TCP socket */ snprintf(s,sizeof(s),"[SSL Server] Bind on localhost: %s ...","8080"); trace(s); fflush( stdout ); if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "8080", MBEDTLS_NET_PROTO_TCP ) ) != 0 ) { snprintf(s,sizeof(s),"[SSL Server] failed\n ! mbedtls_net_bind returned %d\n\n", ret ); trace(s); goto thread_exit; } trace( "[SSL Server] ok\n" ); pthread_mutex_lock(&listen_fd1_mutex); listen_fd1 = listen_fd; pthread_mutex_unlock(&listen_fd1_mutex); while(true) { //reset: if(ret!=0) { char error_buf[100]; mbedtls_strerror( ret, error_buf, 100 ); snprintf(s,sizeof(s),"[SSL Server] Last error was: -0x%04x - %s\n", -ret, error_buf ); trace(s); } /* * 3. Wait until a client connects */ trace( "[SSL Server] Waiting for a remote connection\n" ); int ret =mbedtls_net_accept(&listen_fd,&client_socket_ssl,NULL,0,NULL); if(ret != 0) { snprintf(s,sizeof(s), "[SSL Server] failed: mbedtls_net_accept returned -0x%04x\n", ret); trace(s); break; } trace( "[SSL Server] ok\n" ); //do whatever we do with connections. //put the connection somewhere so that an available thread //can find it. mbedtls_net_context *pclient = malloc(sizeof(mbedtls_net_context)); *pclient = client_socket_ssl; pthread_mutex_lock(&client_socket_ssl_mutex); enqueue_ssl(pclient); pthread_cond_signal(&condition_var_ssl); pthread_mutex_unlock(&client_socket_ssl_mutex); ret = 0; } thread_exit: mbedtls_x509_crt_free( &srvcert ); mbedtls_pk_free( &pkey ); mbedtls_ssl_cache_free( &cache ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); mbedtls_ssl_config_free( &conf ); mbedtls_net_free( &listen_fd ); deleteThreadPoolSSLArray(); return NULL; } static void *handleConnectionSSL(mbedtls_net_context *p_net_context) { int ret, len; char s[100]; struct packet_handler handler={}; handler.net_context = *p_net_context; free(p_net_context);// we really don't need this anymore unsigned char buf[1024]; /* Make sure memory references are valid */ mbedtls_ssl_init( &handler.ssl ); snprintf(s,sizeof(s),"[SSL client_socket=%d] Setting up SSL/TLS data\n", handler.net_context.fd ); trace(s); /* * 4. Get the SSL context ready */ if( ( ret = mbedtls_ssl_setup( &handler.ssl, config ) ) != 0 ) { snprintf(s,sizeof(s),"[SSL client_socket=%d] failed: mbedtls_ssl_setup returned -0x%04x\n",handler.net_context.fd, -ret ); trace(s); goto thread_exit; } mbedtls_ssl_set_bio( &handler.ssl, (mbedtls_net_context*)&handler.net_context, mbedtls_net_send, mbedtls_net_recv, NULL ); /* * 5. Handshake */ snprintf(s,sizeof(s),"[SSL client_socket=%d] Performing the SSL/TLS handshake\n", handler.net_context.fd); trace(s); while( ( ret = mbedtls_ssl_handshake( &handler.ssl ) ) != 0 ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { snprintf(s,sizeof(s),"[SSL client_socket=%d] failed: mbedtls_ssl_handshake returned -0x%04x\n", handler.net_context.fd, -ret ); trace(s); goto thread_exit; } } snprintf(s,sizeof(s),"[SSL client_socket=%d] ok\n", handler.net_context.fd ); trace(s); ret = runPacketHandler(&handler); snprintf(s,sizeof(s), "[SSL client_socket=%d] . Closing the connection...", handler.net_context.fd ); trace(s); while( ( ret = mbedtls_ssl_close_notify( &handler.ssl ) ) < 0 ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { snprintf(s,sizeof(s), "[SSL client_socket=%d] failed: mbedtls_ssl_close_notify returned -0x%04x\n", handler.net_context.fd, ret); trace(s); goto thread_exit; } } trace( " ok\n" ); ret = 0; thread_exit: if( ret != 0 ) { char error_buf[100]; mbedtls_strerror( ret, error_buf, 100 ); snprintf(s,sizeof(s), "[SSL client_socket=%d] Last error was: -0x%04x - %s\n\n", handler.net_context.fd, -ret, error_buf ); trace(s); } mbedtls_net_free((mbedtls_net_context*)&handler.net_context); mbedtls_ssl_free(&handler.ssl); return NULL; } void *threadFunctionSSL(void *arg) { (void)(arg); while(true) { mbedtls_net_context *pclient; pthread_mutex_lock(&client_socket_ssl_mutex); if((pclient=dequeue_ssl())==NULL) { pthread_cond_wait((pthread_cond_t *)&pclient,&client_socket_ssl_mutex); //try again pclient = dequeue_ssl(); } pthread_mutex_unlock(&client_socket_ssl_mutex); if(pclient!=NULL) { //we have a connection handleConnectionSSL(pclient); } } } File contents thread_pool_ssl.h: #ifndef SSL_THREAD_POOL_H #define SSL_THREAD_POOL_H #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <stdbool.h> #include <pthread.h> #include "mbedtls/net_sockets.h" extern pthread_t *thread_pool_ssl; extern pthread_mutex_t client_socket_ssl_mutex; extern pthread_cond_t condition_var_ssl; void createThreadPoolSSLArray(int n); void deleteThreadPoolSSLArray(); extern void *handleSSLConnection(int* p_client_socket); extern void *threadFunctionSSL(void *arg); #endif // SSL_THREAD_POOL_H File contents thread_pool_ssl.c: #include "thread_pool_ssl.h" pthread_t *thread_pool_ssl=NULL; pthread_mutex_t client_socket_ssl_mutex = PTHREAD_MUTEX_INITIALIZER; pthread_cond_t condition_var_ssl = PTHREAD_COND_INITIALIZER; void *threadFunctionSSL(void *arg); void createThreadPoolSSLArray(int n) { thread_pool_ssl = (pthread_t*)malloc(n); //first off create a bunch of threads to handle future connections for(int i=0; i<n;i++) { pthread_create(&thread_pool_ssl[i],NULL,threadFunctionSSL,NULL); } } void deleteThreadPoolSSLArray() { free(thread_pool_ssl); } File contents main.c: #include <stdio.h> #include "log.h" #include "ssl_server.h" #include <signal.h> void catchSigterm(); void catchSigint(); void runPortListening(); int main() { catchSigterm(); catchSigint(); runPortListening(); return 0; } void runPortListening() { trace("Starting port listening..."); pthread_t handleID; pthread_create(&handleID,NULL,runSSLServer,NULL); trace("Port listening started."); pthread_join(handleID,NULL); trace("Port listening complete."); } void closeServer() { trace("Shutdown SSL Server..."); pthread_mutex_lock(&listen_fd1_mutex); mbedtls_net_free(&listen_fd1); pthread_mutex_unlock(&listen_fd1_mutex); } void sigTermHandler(int signum, siginfo_t *info, void *ptr) { (void)signum; (void)info; (void)ptr; closeServer(); } void catchSigterm() { static struct sigaction _sigact; memset(&_sigact, 0, sizeof(_sigact)); _sigact.sa_sigaction = sigTermHandler; _sigact.sa_flags = SA_SIGINFO; sigaction(SIGTERM, &_sigact, NULL); } void sigIntHandler(int signum, siginfo_t *info, void *ptr) { (void)signum; (void)info; (void)ptr; closeServer(); } void catchSigint() { static struct sigaction _sigact; memset(&_sigact, 0, sizeof(_sigact)); _sigact.sa_sigaction = sigIntHandler; _sigact.sa_flags = SA_SIGINFO; sigaction(SIGINT, &_sigact, NULL); } Log files attached to the email. Regards, Michael.

4 years, 9 months

1
0
0 0

Re: [mbed-tls] Provide a crypto utility to verify mbedtls quickly

by Sawyer Liu

Hello everyone, Due to the pic link, cannot download the tool. I attach the link again. http://esctech.cn/wp-content/uploads/2020/04/Crypto%20UtilityV2.0.zip Best Regards Sawyer Liu

4 years, 9 months

1
0
0 0

Provide a crypto utility to verify mbedtls quickly

by Sawyer Liu

Hello everyone, I found many people need to verify the result of mbedtls, so I can provide a tool to help more people to verify their own code quickly. See http://esctech.cn/wp-content/uploads/2020/04/Crypto%20UtilityV2.0.zip<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fesctech.cn…>. [cid:image001.jpg@01D6C1C0.7C525360] Best Regards Sawyer Liu

4 years, 9 months

1
0
0 0

Re: [mbed-tls] Invalid ECDSA signature created

by Gilles Peskine

Hi Roshini, Mathematically, an ES256 (ECDSA over the curve P256R1) signature is a pair of numbers (r,s) between 1 and an upper bound which is very slightly less than 2^256. There are two common representations for this signature. JWA uses the “raw” representation: two big-endian numbers represented each with exactly 32 bytes, concatenated together. mbedtls_ecdsa_write_signature uses the ASN.1 DER representation, which as you noticed represents each number in a type+length+value format. The DER format removes leading zeros from the number, then adds a leading 0 bit to each number which is a sign bit (the numbers in an ECDSA signature are always positive, but DER can also represent negative numbers). Therefore each number has a roughly 1/2 chance of using 33 value bytes with a leading 0 byte (1 sign bit + 7 value bits, all 0), a 63/128 chance of using 32 value bytes, and a 1/128 chance of using 31 value bytes or less because the 7 most significant bits of the number were 0. A shorter number in an ECDSA signature is not invalid, it's a 1/128 chance (independently for each of r and s). To get the signature in raw format with Mbed TLS, the easiest way is to use the PSA API, where the output of psa_sign_hash() for ECDSA is the raw format. With the classic Mbed TLS API, the easiest way is to call mbedtls_ecdsa_sign() or mbedtls_ecdsa_sign_det_ext() to get r and s as bignums, then use mbedtls_mpi_write_binary() to write r and s with their exact size into the output buffer. You can find an example in the internal function psa_ecdsa_sign(): https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.24.0/library/psa_crypto.c… Hope this helps, -- Gilles Peskine Mbed TLS developer On 22/11/2020 10:12, ROSHINI DEVI via mbed-tls wrote: > Hello all, > > I need to sign the message using ES256 algorithm. After doing > necessary initializations, I called API > - mbedtls_ecdsa_write_signature() API and it gave me signature in ASN1 > encoded form and there was no error generated by this API. > After getting the signature, I need the r & s values to create JWT > Token. So, I wrote my custom function to parse the signature buffer > and get the R & S values of it. > It was working fine. Sometimes, I am getting an invalid signature as > shown below signature DER buffer - > > 30 43 02 1f 31 92 8d 22 10 41 86 25 68 7f 42 81 26 0f 37 bc 7f 38 b7 > d5 1a 6b 69 31 07 34 11 a6 04 e5 90 02 20 23 26 f8 b9 80 cf 2c 25 c8 > 04 b4 ac 43 51 6a 04 a6 af 8f 94 36 f8 cf 35 c2 94 cc df de db 92 b2 > > The reason for invalid is - > 1st byte represents ASN1 sequence, followed by length and 3rd byter > indicates it is an integer. > Ideally, 4th byte indicates length of r-value, it should have been 32 > or 33 bytes ( in case of padding with 00 ). You can see in the above > buffer it is 0x1F ( 31 bytes ). It is really weird how it is possible > to get the signature length of 31 bytes. > > It is blocking me for generation of JWT token, where in RFC 7518 > - https://tools.ietf.org/html/rfc7518#page-9 , it says R & S must be > 32 bytes long. And, the generation is failing. > > It is of high priority for me. If anyone can provide your suggestions > on this issue, it would be really great. Thanks in advance > > Thanks, > Roshini >

4 years, 9 months

1
0
0 0

Invalid ECDSA signature created

by ROSHINI DEVI

Hello all, I need to sign the message using ES256 algorithm. After doing necessary initializations, I called API - mbedtls_ecdsa_write_signature() API and it gave me signature in ASN1 encoded form and there was no error generated by this API. After getting the signature, I need the r & s values to create JWT Token. So, I wrote my custom function to parse the signature buffer and get the R & S values of it. It was working fine. Sometimes, I am getting an invalid signature as shown below signature DER buffer - 30 43 02 1f 31 92 8d 22 10 41 86 25 68 7f 42 81 26 0f 37 bc 7f 38 b7 d5 1a 6b 69 31 07 34 11 a6 04 e5 90 02 20 23 26 f8 b9 80 cf 2c 25 c8 04 b4 ac 43 51 6a 04 a6 af 8f 94 36 f8 cf 35 c2 94 cc df de db 92 b2 The reason for invalid is - 1st byte represents ASN1 sequence, followed by length and 3rd byter indicates it is an integer. Ideally, 4th byte indicates length of r-value, it should have been 32 or 33 bytes ( in case of padding with 00 ). You can see in the above buffer it is 0x1F ( 31 bytes ). It is really weird how it is possible to get the signature length of 31 bytes. It is blocking me for generation of JWT token, where in RFC 7518 - https://tools.ietf.org/html/rfc7518#page-9 , it says R & S must be 32 bytes long. And, the generation is failing. It is of high priority for me. If anyone can provide your suggestions on this issue, it would be really great. Thanks in advance Thanks, Roshini

4 years, 9 months

1
0
0 0

-0x7180 - SSL - Verification of the message MAC failed

by Михаил Азанов

Clients connect to my server over SSL and an error "-0x7180 - SSL - Verification of the message MAC failed" occurs when creating a secure connection. Linux commands give the following: uname -a Linux termv7 4.15.0-91-generic #92-Ubuntu SMP Fri Feb 28 11:09:48 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux openssl s_server -key /etc/minpay/cert/TermV-terminals-server.key -cert /etc/minpay/cert/TermV-terminals-server.crt -accept 8080 -state Using default temp DH parameters ACCEPT SSL_accept:before SSL initialization SSL_accept:before SSL initialization SSL_accept:SSLv3/TLS read client hello SSL_accept:SSLv3/TLS write server hello SSL_accept:SSLv3/TLS write certificate SSL_accept:SSLv3/TLS write server done SSL_accept:SSLv3/TLS write server done SSL_accept:SSLv3/TLS read client key exchange SSL_accept:SSLv3/TLS read change cipher spec SSL_accept:SSLv3/TLS read finished SSL_accept:SSLv3/TLS write change cipher spec SSL_accept:SSLv3/TLS write finished -----BEGIN SSL SESSION PARAMETERS----- MHUCAQECAgMBBAIALwQgNbcRsh26hMujwXcoa5ZlBGihMY+GFhkTscR4Ds8fppwE MHAJs/h2ldK+C7Sm2fpNGbzYMycfUPGq4Ydg9PtnHPt1Mn9eH68tnQsT2nuTwGRq zqEGAgRftlMXogQCAhwgpAYEBAEAAAA= -----END SSL SESSION PARAMETERS----- Shared ciphers:AES128-SHA --- No server certificate CA names sent CIPHER is AES128-SHA Secure Renegotiation IS NOT supported Source content: File contents TermV-terminals-server.key: subject=/C=RU/ST=Sample/L=Sample/O=Sample/OU=Sample/CN=localhost issuer=/C=RU/ST=Sample/L=Sample/O=Sample/OU=Sample/CN=Sample -----BEGIN CERTIFICATE----- MIIDTjCCAjYCFBhhDBE3BeiTMD0dzFYOGILO8yq0MA0GCSqGSIb3DQEBCwUAMGIx CzAJBgNVBAYTAlJVMQ8wDQYDVQQIDAZTYW1wbGUxDzANBgNVBAcMBlNhbXBsZTEP MA0GA1UECgwGU2FtcGxlMQ8wDQYDVQQLDAZTYW1wbGUxDzANBgNVBAMMBlNhbXBs ZTAeFw0yMDAxMTgxODA5MDlaFw0yNDAxMTcxODA5MDlaMGUxCzAJBgNVBAYTAlJV MQ8wDQYDVQQIDAZTYW1wbGUxDzANBgNVBAcMBlNhbXBsZTEPMA0GA1UECgwGU2Ft cGxlMQ8wDQYDVQQLDAZTYW1wbGUxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBALQSjObDf16fv02qH+3FtI4eX2tPfj+u XsSF8KK6OpcNNfHv17LB9NRUGbZdeikvL5mjB1qd8Qt5YBzSYvvNmuQqn/ZZhEhg 9zqDd+j6dsl03OSW42qSP59M22plqhHZv1ZpkbpHSnEbbwbIVhgx1GuJvMHbQKxw et3UobG9M7q0/6Z2hlvbiuQgZWpc6+vnGGFUzVFjJhsUMgewU1UwTtfahOVegv9v ocuj+AOHzzH2+l72ybpKIFKZ6eXjr3sVp1lIPXm+gUNLqkReNV2QVk4H/j2ow3xu hdHjiPQ+6o6dgbCHeCvbf7Qs35S8YlQH/Mn2bik2NIMKucdq7S35AEsCAwEAATAN BgkqhkiG9w0BAQsFAAOCAQEAhANjStGtYfPJ2Ibkbn6ct4bWLPe6sFBvbwYow3Fd lBz0oxBukhJDOrPa4OqJDpnWenXkEcUrulI2JG5sIylOg3QlwlmgPoJU9fkpmr+u xNVlTxBSh1BVp0sccC+LxNRyDMl4C89R1TjPpPjoRU4cciY9N0oygPjTj0c26qBU iqwtyJTeeJYJUdplCMvXFOt8deqi/NBpBGnEfo8P/IeM/iCWLD5VtloHX/R0C+au q6803qd1/Gd0pIdsELQKrR6mBz6sWukg2f25GheLQVV7Wz/elZD8MwYwjYLoCtIP 65Ae3Eb6S2KlsVPzMj09u6kQ+KPfZtKu8tiUSc+11hurRw== -----END CERTIFICATE----- File contents TermV-terminals-server.crt: -----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC0Eozmw39en79N qh/txbSOHl9rT34/rl7EhfCiujqXDTXx79eywfTUVBm2XXopLy+ZowdanfELeWAc 0mL7zZrkKp/2WYRIYPc6g3fo+nbJdNzkluNqkj+fTNtqZaoR2b9WaZG6R0pxG28G yFYYMdRribzB20CscHrd1KGxvTO6tP+mdoZb24rkIGVqXOvr5xhhVM1RYyYbFDIH sFNVME7X2oTlXoL/b6HLo/gDh88x9vpe9sm6SiBSmenl4697FadZSD15voFDS6pE XjVdkFZOB/49qMN8boXR44j0PuqOnYGwh3gr23+0LN+UvGJUB/zJ9m4pNjSDCrnH au0t+QBLAgMBAAECggEBAKWbKdpQkSME53sVqqeR26uYY0jdos4OHzm9tMDzZE7m 52XJniXYGsHrVnpRHbginTQ+qtS7zKMwzSO0mTPas0iDqvl0+iNWighWQEETl4tO 3peb7Spltf1bQa9oMDCagU2HaW5Xgi7jfAhQ1l0J9sGvutjOO3xbNaQtmUdNKfXa VRaof94/YKcbTPIn588orxfumgeiYwQ8exhA7yg1WLl2iSy9jj+8WrxaKvy4vR45 nXrb2tXletRoZZY/FC/NZNMgXsGTmYHl6blTEZVz7Zu0XPHKJo42tHnKHW46/ccJ vkXQNjUsu0JN95+lWBA5Yne8xddhiLNKv3DZ3iwXRAECgYEA17YaIbtlgSLd5hJJ OuS9n9XNUCEx1YLhDRzhHggPNTZkVxSnxnWVGpbubtWN/OggRtJyk+mLFV+aHLCa R224ofSPWWE1HtoSdtLcL5oLgp6RDoM61h1p1glFS7BpbYzBegAcbMJa1IvAMspx 5lsYowBUJLNHAEcqUrXzQ88gu2ECgYEA1bRugqLGXqz1E0z6o/MuGXfmJaGQEmJg 833As5jzsyd6pyznsB0TKUAJkcf0RmZrr1EDVigA9aLcwq4qThjGEL2FpGkOvXPC bY0c2pLnsZJetNmXnky/w+W127V+LbDjjQaYl/7c9Fp4hoomoykt7d1YW7lRZ2Le wo8muiGF5ysCgYEAlYHahMysop926tJ7vPzzTMfT4JjRQGnQ79S3VqhBWiFT1GM1 kcDHUkGQCnOrUMHWNSABV/FDe9HiL8Zbd+xdTqsBe/J67eI5b+/fuoJrPeIHKebc rbB/PWD5jWc8+zfWlWdkTCE88RnXYZyc6wryfW9p4nH7YP7yH5eKftIdnqECgYBl aWY33/661uDF8/XM742k0F0K5oxz7PONGNPlZmPfVJDD3G9mB6YcISNpZrXo4pmf bJZkwD8UUeDpEbVJsj/rmcRdrO0twk01p41Vu/jvL0J6F/f3SvyFffC6/nmOPS7+ sW6gUnWQD466abzEGLqO8kcH3/1dTnHfagc6tMXSWQKBgQCZjWzyLtEUxvWI2PSe B6/osxlYDyCkXrJDIT1LuepM/54Kre9YMUy2UZBVC42DR6paEbkAAqHdTsLNlKhV s+6/JGnEDR1e/L7ks0dBY8jow04r0mKG1M91SMLr5OeBTk6SRMnR7GAKewjeLmJD ULgsqyHSTh/4r6tDQ7Gayci2vQ== -----END PRIVATE KEY----- File contents ssl_server.h: #ifndef SSL_SERVER_H #define SSL_SERVER_H #define DEBUG_LEVEL 5 #if DEBUG_LEVEL > 0 #include "mbedtls/debug.h" #endif //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/certs.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/net_sockets.h" #include "mbedtls/error.h" #include "mbedtls/ssl_cache.h" #include "packet_handler/packet_handler.h" #include "thread_pool_ssl.h" #include "queue_ssl.h" extern pthread_mutex_t listen_fd1_mutex; extern mbedtls_net_context listen_fd1; extern void* runSSLServer(void *arg); #endif // SSL_SERVER_H File contents ssl_server.c: #include "ssl_server.h" mbedtls_net_context listen_fd1; pthread_mutex_t listen_fd1_mutex=PTHREAD_MUTEX_INITIALIZER; static mbedtls_ssl_config *config; #if DEBUG_LEVEL > 0 static void my_debug( void *ctx, int level, const char *file, int line, const char *str ) { ((void) level); char s[1000]; snprintf(s,sizeof(s),"%s:%04d: %s", file, line, str ); trace(s); } #endif void * runSSLServer(void *arg) { (void)(arg); int ret; char s[100]; int n = atoi(config_list[SSL_SERVER_NUM_THREADS].value); createThreadPoolSSLArray(n); mbedtls_net_context listen_fd, client_socket_ssl; const char pers[] = "ssl_pthread_server"; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; mbedtls_x509_crt cachain; mbedtls_pk_context pkey; mbedtls_ssl_cache_context cache; mbedtls_ssl_cache_init( &cache ); mbedtls_x509_crt_init( &srvcert ); mbedtls_x509_crt_init( &cachain ); mbedtls_ssl_config_init( &conf ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_net_init( &listen_fd ); mbedtls_net_init( &client_socket_ssl ); config = &conf; /* * We use only a single entropy source that is used in all the threads. */ mbedtls_entropy_init( &entropy ); #if DEBUG_LEVEL > 0 mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif /* * 1. Load the certificates and private RSA key */ trace( "[SSL Server] Loading the server cert. and key..." ); ret = mbedtls_x509_crt_parse_file( &srvcert,"/etc/minpay/cert/TermV-terminals-server.crt"); if( ret != 0 ) { snprintf(s,sizeof(s), "[SSL Server] failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret ); trace(s); goto thread_exit; } mbedtls_pk_init( &pkey ); ret = mbedtls_pk_parse_keyfile( &pkey,"/etc/minpay/cert/TermV-terminals-server.key" , NULL ); if( ret != 0 ) { snprintf(s,sizeof(s), "[SSL Server] failed\n ! mbedtls_pk_parse_keyfile returned %d\n\n", ret ); trace(s); goto thread_exit; } trace( "[SSL Server] ok\n" ); /* * 1b. Seed the random number generator */ trace( "Seeding the random number generator..." ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { snprintf(s,sizeof(s),"[SSL Server] failed: mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret ); trace(s); goto thread_exit; } trace( "[SSL Server] ok\n" ); /* * 1c. Prepare SSL configuration */ trace( "[SSL Server] Setting up the SSL data...." ); if( ( ret = mbedtls_ssl_config_defaults( &conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) { snprintf(s,sizeof(s),"[SSL Server] failed: mbedtls_ssl_config_defaults returned -0x%04x\n", -ret ); trace(s); goto thread_exit; } mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); #if DEBUG_LEVEL > 0 mbedtls_ssl_conf_dbg( &conf, my_debug, NULL ); #endif /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if * MBEDTLS_THREADING_C is set. */ mbedtls_ssl_conf_session_cache( &conf, &cache, mbedtls_ssl_cache_get, mbedtls_ssl_cache_set ); mbedtls_ssl_conf_ca_chain( &conf, &cachain, NULL ); if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) { snprintf(s,sizeof(s),"[SSL Server] failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); trace(s); goto thread_exit; } trace( "[SSL Server] ok\n" ); /* * 2. Setup the listening TCP socket */ snprintf(s,sizeof(s),"[SSL Server] Bind on localhost: %s ...","8080"); trace(s); fflush( stdout ); if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "8080", MBEDTLS_NET_PROTO_TCP ) ) != 0 ) { snprintf(s,sizeof(s),"[SSL Server] failed\n ! mbedtls_net_bind returned %d\n\n", ret ); trace(s); goto thread_exit; } trace( "[SSL Server] ok\n" ); pthread_mutex_lock(&listen_fd1_mutex); listen_fd1 = listen_fd; pthread_mutex_unlock(&listen_fd1_mutex); while(true) { //reset: if(ret!=0) { char error_buf[100]; mbedtls_strerror( ret, error_buf, 100 ); snprintf(s,sizeof(s),"[SSL Server] Last error was: -0x%04x - %s\n", -ret, error_buf ); trace(s); } /* * 3. Wait until a client connects */ trace( "[SSL Server] Waiting for a remote connection\n" ); int ret =mbedtls_net_accept(&listen_fd,&client_socket_ssl,NULL,0,NULL); if(ret != 0) { snprintf(s,sizeof(s), "[SSL Server] failed: mbedtls_net_accept returned -0x%04x\n", ret); trace(s); break; } trace( "[SSL Server] ok\n" ); //do whatever we do with connections. //put the connection somewhere so that an available thread //can find it. mbedtls_net_context *pclient = malloc(sizeof(mbedtls_net_context)); *pclient = client_socket_ssl; pthread_mutex_lock(&client_socket_ssl_mutex); enqueue_ssl(pclient); pthread_cond_signal(&condition_var_ssl); pthread_mutex_unlock(&client_socket_ssl_mutex); ret = 0; } thread_exit: mbedtls_x509_crt_free( &srvcert ); mbedtls_pk_free( &pkey ); mbedtls_ssl_cache_free( &cache ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); mbedtls_ssl_config_free( &conf ); mbedtls_net_free( &listen_fd ); deleteThreadPoolSSLArray(); return NULL; } static void *handleConnectionSSL(mbedtls_net_context *p_net_context) { int ret, len; char s[100]; struct packet_handler handler={}; handler.net_context = *p_net_context; free(p_net_context);// we really don't need this anymore unsigned char buf[1024]; /* Make sure memory references are valid */ mbedtls_ssl_init( &handler.ssl ); snprintf(s,sizeof(s),"[SSL client_socket=%d] Setting up SSL/TLS data\n", handler.net_context.fd ); trace(s); /* * 4. Get the SSL context ready */ if( ( ret = mbedtls_ssl_setup( &handler.ssl, config ) ) != 0 ) { snprintf(s,sizeof(s),"[SSL client_socket=%d] failed: mbedtls_ssl_setup returned -0x%04x\n",handler.net_context.fd, -ret ); trace(s); goto thread_exit; } mbedtls_ssl_set_bio( &handler.ssl, (mbedtls_net_context*)&handler.net_context, mbedtls_net_send, mbedtls_net_recv, NULL ); /* * 5. Handshake */ snprintf(s,sizeof(s),"[SSL client_socket=%d] Performing the SSL/TLS handshake\n", handler.net_context.fd); trace(s); while( ( ret = mbedtls_ssl_handshake( &handler.ssl ) ) != 0 ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { snprintf(s,sizeof(s),"[SSL client_socket=%d] failed: mbedtls_ssl_handshake returned -0x%04x\n", handler.net_context.fd, -ret ); trace(s); goto thread_exit; } } snprintf(s,sizeof(s),"[SSL client_socket=%d] ok\n", handler.net_context.fd ); trace(s); ret = runPacketHandler(&handler); snprintf(s,sizeof(s), "[SSL client_socket=%d] . Closing the connection...", handler.net_context.fd ); trace(s); while( ( ret = mbedtls_ssl_close_notify( &handler.ssl ) ) < 0 ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { snprintf(s,sizeof(s), "[SSL client_socket=%d] failed: mbedtls_ssl_close_notify returned -0x%04x\n", handler.net_context.fd, ret); trace(s); goto thread_exit; } } trace( " ok\n" ); ret = 0; thread_exit: if( ret != 0 ) { char error_buf[100]; mbedtls_strerror( ret, error_buf, 100 ); snprintf(s,sizeof(s), "[SSL client_socket=%d] Last error was: -0x%04x - %s\n\n", handler.net_context.fd, -ret, error_buf ); trace(s); } mbedtls_net_free((mbedtls_net_context*)&handler.net_context); mbedtls_ssl_free(&handler.ssl); return NULL; } void *threadFunctionSSL(void *arg) { (void)(arg); while(true) { mbedtls_net_context *pclient; pthread_mutex_lock(&client_socket_ssl_mutex); if((pclient=dequeue_ssl())==NULL) { pthread_cond_wait((pthread_cond_t *)&pclient,&client_socket_ssl_mutex); //try again pclient = dequeue_ssl(); } pthread_mutex_unlock(&client_socket_ssl_mutex); if(pclient!=NULL) { //we have a connection handleConnectionSSL(pclient); } } } File contents thread_pool_ssl.h: #ifndef SSL_THREAD_POOL_H #define SSL_THREAD_POOL_H #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <stdbool.h> #include <pthread.h> #include "mbedtls/net_sockets.h" extern pthread_t *thread_pool_ssl; extern pthread_mutex_t client_socket_ssl_mutex; extern pthread_cond_t condition_var_ssl; void createThreadPoolSSLArray(int n); void deleteThreadPoolSSLArray(); extern void *handleSSLConnection(int* p_client_socket); extern void *threadFunctionSSL(void *arg); #endif // SSL_THREAD_POOL_H File contents thread_pool_ssl.c: #include "thread_pool_ssl.h" pthread_t *thread_pool_ssl=NULL; pthread_mutex_t client_socket_ssl_mutex = PTHREAD_MUTEX_INITIALIZER; pthread_cond_t condition_var_ssl = PTHREAD_COND_INITIALIZER; void *threadFunctionSSL(void *arg); void createThreadPoolSSLArray(int n) { thread_pool_ssl = (pthread_t*)malloc(n); //first off create a bunch of threads to handle future connections for(int i=0; i<n;i++) { pthread_create(&thread_pool_ssl[i],NULL,threadFunctionSSL,NULL); } } void deleteThreadPoolSSLArray() { free(thread_pool_ssl); } File contents main.c: #include <stdio.h> #include "log.h" #include "ssl_server.h" #include <signal.h> void catchSigterm(); void catchSigint(); void runPortListening(); int main() { catchSigterm(); catchSigint(); runPortListening(); return 0; } void runPortListening() { trace("Starting port listening..."); pthread_t handleID; pthread_create(&handleID,NULL,runSSLServer,NULL); trace("Port listening started."); pthread_join(handleID,NULL); trace("Port listening complete."); } void closeServer() { trace("Shutdown SSL Server..."); pthread_mutex_lock(&listen_fd1_mutex); mbedtls_net_free(&listen_fd1); pthread_mutex_unlock(&listen_fd1_mutex); } void sigTermHandler(int signum, siginfo_t *info, void *ptr) { (void)signum; (void)info; (void)ptr; closeServer(); } void catchSigterm() { static struct sigaction _sigact; memset(&_sigact, 0, sizeof(_sigact)); _sigact.sa_sigaction = sigTermHandler; _sigact.sa_flags = SA_SIGINFO; sigaction(SIGTERM, &_sigact, NULL); } void sigIntHandler(int signum, siginfo_t *info, void *ptr) { (void)signum; (void)info; (void)ptr; closeServer(); } void catchSigint() { static struct sigaction _sigact; memset(&_sigact, 0, sizeof(_sigact)); _sigact.sa_sigaction = sigIntHandler; _sigact.sa_flags = SA_SIGINFO; sigaction(SIGINT, &_sigact, NULL); } Log files attached to the email. Regards, Michael.

4 years, 9 months

1
0
0 0

Info regarding Mbedtls architecture

by Eikansh Gupta

Hi everyone, I am a Mtech student from Indian Institute of Science, Bangalore(India). Currently, I am crediting computer security course. As the course project, the professor has asked us to rewrite Mbedtls using Rust language. The entire class will work on the single project with each person working on a single module. I am having trouble finding information regarding Mbedtls architecture, its modules and their working. I don't even know all the right resources I need to work on the project. It would save a lot of time if someone could point me to the right resources regarding Mbedtls needed for this project. Sincerely, Eikansh Gupta

4 years, 10 months

1
0
0 0

Re: [mbed-tls] PKCS7 compliance

by Gilles Peskine

I forgot to mention that there is a work in progress to add PKCS#7 parsing: https://github.com/ARMmbed/mbedtls/pull/3431 This is an external contribution so its addition to Mbed TLS depends not only on us maintainers' review bandwidth, but also on the availability of the kind contributor. I'm not familiar with .p7* formats so I don't know whether the support added by this pull request is sufficient to cover all of those. -- Gilles Peskine Mbed TLS developer On 06/11/2020 13:50, Alvaro Gonzalez via mbed-tls wrote: > > Hello mbed-tls mailing list. > > ï¿½ > > Does mbed-tls comply PKCS7? Can handle .p7, .p7b and/or .p7a extension > files? > > ï¿½ > > Best Regards. > > ï¿½ > >

4 years, 10 months

1
0
0 0

Re: [mbed-tls] PKCS7 Generation Contribution

by Gilles Peskine

Hi Nick, It would be great to have even partial support of PKCS#7 in Mbed TLS and we would welcome your contribution! You can find some guidance in CONTRIBUTING.md (https://github.com/ARMmbed/mbedtls/blob/development/CONTRIBUTING.md). Feel free to ask on the mailing list if anything is unclear. Note that there is a work in progress for adding PKCS#7 parsing: https://github.com/ARMmbed/mbedtls/pull/3431 . It may help to see what it does, but also note the review comments that point out some remaining issues. If you and naynajain work on parsing and generation at the same time, you'll need to synchronize since both sides will need to create pkcs7.[hc]. -- Gilles Peskine Mbed TLS developer On 10/11/2020 17:28, Nick Child via mbed-tls wrote: > Hello, > > For one of my projects, I had to create a PKCS7 generation/builder. I > noticed mbedtls currently has no support for PKCS7. After much trial > and error, I was able to use mbedtls functions to create a PKCS7 > structure for Signed Data. I was wondering if this something that > might be useful in later versions of mbedtls? The code currently has a > long way to go until it meets mbedtls coding standards, but I figured > I would ask if it is even possible and worth the efforts before > getting into it. I am also a rookie when it comes to open source > contributions, so I was hoping for some guidance regarding merging > upstream. > > Thanks for your time, > > Nick Child >

4 years, 10 months

1
0
0 0

PKCS7 Generation Contribution

by Nick Child

Hello, For one of my projects, I had to create a PKCS7 generation/builder. I noticed mbedtls currently has no support for PKCS7. After much trial and error, I was able to use mbedtls functions to create a PKCS7 structure for Signed Data. I was wondering if this something that might be useful in later versions of mbedtls? The code currently has a long way to go until it meets mbedtls coding standards, but I figured I would ask if it is even possible and worth the efforts before getting into it. I am also a rookie when it comes to open source contributions, so I was hoping for some guidance regarding merging upstream. Thanks for your time, Nick Child

4 years, 10 months

1
0
0 0

Re: [mbed-tls] PKCS7 compliance

by Gilles Peskine

Hello, No, unfortunately Mbed TLS does not support the PKCS#7 CMS format. Contributions would be welcome. -- Gilles Peskine Mbed TLS developer On 06/11/2020 13:50, Alvaro Gonzalez via mbed-tls wrote: > > Hello mbed-tls mailing list. > > ï¿½ > > Does mbed-tls comply PKCS7? Can handle .p7, .p7b and/or .p7a extension > files? > > ï¿½ > > Best Regards. > > ï¿½ > >

4 years, 10 months

1
0
0 0

Re: [mbed-tls] TLS-SRP Support

by Gilles Peskine

Hello, Mbed TLS does not currently support SRP and it is not on our roadmap (https://developer.trustedfirmware.org/w/mbed-tls/roadmap/). Arm does not intend to work on it, but support can be added if someone else contributes it. If you are interested in contributing SRP support, please discuss it on this list first to settle some potential issues: conflicts with other work (in particular TLS 1.3 preparation, which involves some refactoring of existing TLS code), review bandwidth schedule, test plan. -- Gilles Peskine Mbed TLS developer On 09/11/2020 14:01, Gijs Peskens via mbed-tls wrote: > > For an Open Source project we started using Mbed-TLS to do AES > encryption and, in a future version, will use Mbed-TLS for DTLS. > Part of the protocol we support requires TLS-SRP (either via DTLS or > via EAP), I’m unable to find anything relating to TLS-SRP support. > > Does Mbed-TLS support TLS-SRP currently? And if not is there intention > to add it in a future release? > > Br, > > Gijs Peskens > >

4 years, 10 months

1
0
0 0

Re: [mbed-tls] TLS-SRP Support

by Janos Follath

Hi Gijs, I am not sure what TLS-SRP support is, could you please point me to the standard defining it? Best regards, Janos From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Gijs Peskens via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Reply to: Gijs Peskens <gijsje(a)heteigenwijsje.nl> Date: Monday, 9 November 2020 at 13:02 To: "mbed-tls(a)lists.trustedfirmware.org" <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] TLS-SRP Support For an Open Source project we started using Mbed-TLS to do AES encryption and, in a future version, will use Mbed-TLS for DTLS. Part of the protocol we support requires TLS-SRP (either via DTLS or via EAP), I’m unable to find anything relating to TLS-SRP support. Does Mbed-TLS support TLS-SRP currently? And if not is there intention to add it in a future release? Br, Gijs Peskens

4 years, 10 months

2
1
0 0

TLS-SRP Support

by Gijs Peskens

For an Open Source project we started using Mbed-TLS to do AES encryption and, in a future version, will use Mbed-TLS for DTLS. Part of the protocol we support requires TLS-SRP (either via DTLS or via EAP), I’m unable to find anything relating to TLS-SRP support. Does Mbed-TLS support TLS-SRP currently? And if not is there intention to add it in a future release? Br, Gijs Peskens

4 years, 10 months

1
0
0 0

PKCS7 compliance

by Alvaro Gonzalez

Hello mbed-tls mailing list. Does mbed-tls comply PKCS7? Can handle .p7, .p7b and/or .p7a extension files? Best Regards.

4 years, 10 months

1
0
0 0

Re: [mbed-tls] Chinese characters garbled after calling mbedtls_x509_crt_info() or mbedtls_x509_dn_gets()

by Janos Follath

Hi Newt, This is normal and happens not just to Chinese characters, but to all non-ASCII characters. This supposed to be a feature of Mbed TLS, to ensure that we return something printable whether the platform can handle the original encoding or not. Of course we can consider providing a way to add an option to disable this feature: if you would like to submit a PR, please let us discuss first what can be done. If you wouldn't like to submit a PR, then please raise an issue on github for this feature request. Until this feature is implemented, you can access the original encoding in the `val` field of the `mbedtls_x509_name` parameter you would be passing to `mbedtls_x509_dn_gets()`. Regards, Janos On 06/11/2020, 03:54, "mbed-tls on behalf of 马瑞宜 via mbed-tls" <mbed-tls-bounces(a)lists.trustedfirmware.org on behalf of mbed-tls(a)lists.trustedfirmware.org> wrote: Hello everyone, I have this certificate blob and I'm using mbedtls to read this, but after called mbedtls_x509_crt_info() or mbedtls_x509_dn_gets(), the chinese characters got garbled. I have googled this, read the mbedtls knowledge base and searched the issues and got no luck. The field i want to parse is the subject field and the issuer field. and currently I cannot provide the certificate blob due to security reasons. Any help would be much appreciated. Sincerely, Newt Ma -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls

4 years, 10 months

2
1
0 0

Chinese characters garbled after calling mbedtls_x509_crt_info() or mbedtls_x509_dn_gets()

by 马瑞宜

Hello everyone, I have this certificate blob and I'm using mbedtls to read this, but after called mbedtls_x509_crt_info() or mbedtls_x509_dn_gets(), the chinese characters got garbled. I have googled this, read the mbedtls knowledge base and searched the issues and got no luck. The field i want to parse is the subject field and the issuer field. and currently I cannot provide the certificate blob due to security reasons. Any help would be much appreciated. Sincerely, Newt Ma

4 years, 10 months

1
0
0 0

Re: [mbed-tls] About mbedtls CVE

by Janos Follath

Hi Sawyer, After looking at the issues in more detail I would like to be more precise about CVE-2018-1000520: * It is not a security issue in the context of TLS 1.2 * It can be a security issue if TLS 1.0 or TLS 1.1 is used * The severity is so low that we decided not fixing it ourselves, but to open it up for community contributions * The corresponding issue has been closed down by mistake, I am reopening it now: https://github.com/ARMmbed/mbedtls/issues/1561 (Many thanks to Simon Butcher for noticing this and pointing it out.) Please let me know if I you would like to know more about this issue. Best regards, Janos (Mbed TLS developer) From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Janos Follath via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Reply to: Janos Follath <Janos.Follath(a)arm.com> Date: Wednesday, 28 October 2020 at 09:42 To: Sawyer Liu <sawyer.liu(a)nxp.com> Cc: "mbed-tls(a)lists.trustedfirmware.org" <mbed-tls(a)lists.trustedfirmware.org> Subject: Re: [mbed-tls] About mbedtls CVE Hi Sawyer, Thank you for your interest in Mbed TLS. Currently the status of these CVE’s is: - CVE-2020-16150 has been fixed in the latest Mbed TLS release - CVE-2018-1000520 is not a security issue, it had been studied and rejected - CVE-2016-3739 is a vulnerability in an application using Mbed TLS but not in Mbed TLS itself, also it too had been fixed. Does this answer your question? (Also, I would like to make a minor clarification: we are not Arm Support. As far as I know Arm does not offer official support for Mbed TLS. Arm only contributes engineers to the Mbed TLS project, and at the moment these engineers are the maintainers of Mbed TLS. We are on this mailing list and try to answer questions, but we are not doing that as official support provided by Arm, but as members of the community. Mbed TLS is supported by the community and this mailing list is indeed the right place to get that support. I apologise for the nitpick, I just wanted to make sure that we are not giving the wrong impressions.) Best regards, Janos (Mbed TLS developer) From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Sawyer Liu via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Reply to: Sawyer Liu <sawyer.liu(a)nxp.com> Date: Wednesday, 28 October 2020 at 01:59 To: "mbed-tls(a)lists.trustedfirmware.org" <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] About mbedtls CVE Hello ARM Support, About below CVEs, any update? Thanks. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16150<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre…> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000520 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3739 Best Regards Sawyer Liu Microcontrollers, NXP Semiconductors

4 years, 10 months

2
1
0 0

Re: [mbed-tls] Questions about PSA Crypto API and mbed TLS

by Gilles Peskine

Hello, On 05/11/2020 17:49, François Beerten via mbed-tls wrote: > Hi, > > Thank you Gilles for the detailed reply. > > Do you prefer that discussion about PSA Crypto API spec go on mailing > list instead of here ? Is there some room for evolution or is the spec > already in a frozen released state ? Please use the psa-crypto list since there may be participants there who don't care about Mbed TLS. Version 1.0 of the PSA Crypto API is official so we won't make incompatible changes unless there is a compelling reason. We can, and will, add features in 1.x versions of the specification. Among planned features are: more algorithm declarations, key wrapping, key stretching, and a better treatment of key establishment (including password-based key establishment). > > For new algorithms, it's of course preferable that they're defined in > the spec itself. But does the mbedtls project want to supports all > algorithms that will be used with PSA Crypto API ? Mbed TLS intends to be a reference implementation of the PSA crypto API. However it isn't clear whether this means that Mbed TLS will eventually support all algorithms that the API declares: we intend to support all methods, but not necessarily all algorithms. A conforming implementation of the API is allowed to support any subset of the algorithms. We (here meaning Arm, not Mbed TLS) don't have a formal policy to decide whether to include a declaration for an algorithm, but here are some criteria that we're likely to follow: * There should be a public specification. (This can be a document that's only for purchase, such as an ISO standard.) * The algorithm should either be in good standing, or in current use in legacy protocols. * The bar is low for adding an algorithm that just requires a #define. It's a lot higher if a new function is needed. * Availability in Mbed TLS is not required. > > For pure ED25519 and ED448 with scattered data, there's one big > gotcha. You need to generate twice a hash that includes the message. > Thus the implementation needs to be able to access the buffers of the > message twice. With a piece of the message given only once as in the > init-update-finish scheme, that does not work well. > > From reading the document on the PSA Crypto driver API, a transparent > driver benefits from the management of keys done by the mbedtls > implementation. But what benefit is there for a driver working with > opaque keys which has to fully handle the protections and restrictions > of keys internally ? > One of the driving goals of PSA is to make security unobtrusive, and to facilitate security improvements. A unified interface to key management makes it easy to upgrade from having all keys inside, to using a single-chip application separation technology (MMU, MPU, secure enclave, …), to wrapping keys in a secure element and storing the wrapped key externally, to storing keys in a secure element (which protects against undeletion). When an application uses a key, it doesn't need to care where the key is stored. Best regards, -- Gilles Peskine > Best, > > François. > > > On 11/2/20 11:01 PM, Gilles Peskine via mbed-tls wrote: >> Hello, >> >> Thank you for your interest in the PSA crypto API. >> >> On 28/10/2020 15:20, François Beerten via mbed-tls wrote: >>> Hi everybody, >>> >>> After reading the PSA Crypto API specs (as on >>> https://armmbed.github.io/mbed-crypto/html/overview/functionality.html) >>> and looking at the mbed TLS library, a few questions came up. >>> >>> Is there some repository with the sources of the PSA Crypto API specs >>> where one can follow the evolution and eventually send proposals and >>> patches ? >>> >> The PSA specification drafts are not public. You can send feedback about >> the PSA Crypto application and driver interfaces on the psa-crypto >> mailing list (psa-crypto(a)lists.trustedfirmware.org, >> https://lists.trustedfirmware.org/mailman/listinfo/psa-crypto). If you >> prefer to send confidential feedback, you can email mbed-crypto(a)arm.com >> (feedback at this address will only be discussed inside Arm). An issue >> in the Mbed TLS repository will also reach PSA Crypto architects. >> >>> A note says "Hash suspend and resume is not defined for the SHA3 >>> family of hash algorithms". Why are they not defined for SHA3 ? >>> >> The hash suspend/resume operations marshall the internal state of the >> hash operation. They mimic an existing JavaCard API >> (https://docs.oracle.com/javacard/3.0.5/api/javacard/security/InitializedMes…). >> >> There is a de facto standard representation of the internal state for >> common Merkle-Damgård constructions, which covers all the currently >> defined hash algorithms except SHA3. If there's interest in this >> functionality, we could standardize a representation for SHA3. >> >>> How can or should one add support in PSA Crypto AP for not yet defined >>> algorithms (for example a KDF) ? >>> >> Answer from a PSA Crypto architect: preferably by requesting an encoding >> for this KDF as a PSA_ALG_xxx value (as well as new >> PSA_KEY_DERIVATION_INPUT_xxx values if applicable). If you can't do >> that, use an encoding in the vendor range (most significant bit set). >> >> The world of key derivation functions is unfortunately messy: there are >> many similar, but not functionally equivalent constructions (such as >> hashing a secret together with a nonce, formatted in all kinds of >> different ways). The set of KDF in PSA Crypto 1.0.0 was the minimum set >> required for the TLS protocol. We expect 1.0.x updates to define more >> KDF algorithms. >> >> Answer from an Mbed TLS maintainer: contributing an implementation would >> be appreciated (but not required). >> >>> In multipart operations, can the user reuse the input buffers >>> immediately after doing an 'update' (for example after >>> psa_hash_update()) ? And can he reuse the input buffers immediately >>> after some "setup" functions like psa_cipher_set_iv() or >>> psa_aead_set_nonce() ? >>> >> Yes. PSA crypto API functions that take a buffer as a parameter never >> take ownership of that buffer. Once the function returns, you can do >> whatever you want with the buffer. >> >> The PSA specification even guarantees that you can use the same buffer, >> or overlapping buffers, as inputs and outputs to the same function call. >> However beware that the Mbed TLS implementation does not always support >> such overlap (https://github.com/ARMmbed/mbedtls/issues/3266). >> >>> Do you plan to support (pure) ED25519 and ED448 only via >>> psa_sign_message() and psa_verify_message() ? What about messages in >>> multiple chunks ? >>> >> We plan to add a multi-part message signature interface, both for the >> sake of pureEdDSA and suitable for Mbed TLS's restartable ECDSA. I >> expect the design to be “what you'd expect” but I haven't yet verified >> that there aren't any gotchas. >> >>> In psa_asymmetric_encrypt(), why is the salt provided explicitely. >>> Shouldn't it be generated randomly internally when needed ? >>> >> Some applications use a fixed or deterministic salt which they check on >> decryption. Note that this parameter is what PKCS#1 calls “label”. >> >>> With PSA Crypto API, you define a flexible API for cryptographic >>> operations. Apparently, other providers could make their own >>> implementation of PSA Crypto API. Will mbed TLS then be able to use >>> those alternate PSA Crypto API implementations ? How would that work >>> practically ? >>> >> The X.509 and TLS layer of Mbed TLS are currently designed to use the >> mbedtls_xxx crypto API. We have already added partial support for the >> psa_xxx crypto API (with MBEDTLS_USE_PSA_CRYPTO), however it is not yet >> possible to fully decouple the X.509/TLS layers from the Mbed TLS crypto >> implementation. (I think this is already possible for a small set of >> cipher suites, but it isn't something that we've tried or currently >> actively support.) Before this can happen, some Mbed TLS APIs need to >> change, which will happen in 2021 with Mbed TLS 3.0. After that, we plan >> to decouple the PSA crypto reference implementation (Mbed TLS's current >> crypto implementation) from the X.509/TLS layer (which will remain “Mbed >> TLS”). Our plans >> (https://developer.trustedfirmware.org/w/mbed-tls/roadmap/) that far >> into the future are still vague and may change. >> >> Note that for the most common case of wanting a different implementation >> of cryptography, which is to leverage hardware such as accelerators and >> secure elements, PSA is defining a driver interface which is currently >> being implemented in Mbed TLS >> (https://github.com/ARMmbed/mbedtls/blob/development/docs/proposed/psa-drive…). >> >> The driver interface lets you combine mechanisms supported by your >> hardware with Mbed TLS's implementation for mechanisms without hardware >> support. >>

4 years, 10 months

1
0
0 0

Re: [mbed-tls] Mbed TLS Virtual Workshop Tomorrow

by Shebu Varghese Kuriakose

Hi Francois, The workshop slides and recordings are now available here - https://www.trustedfirmware.org/meetings/mbed-tls-workshop/ Regards, Shebu From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> On Behalf Of François Beerten via mbed-tls Sent: Thursday, November 5, 2020 4:52 PM To: mbed-tls(a)lists.trustedfirmware.org Subject: Re: [mbed-tls] Mbed TLS Virtual Workshop Tomorrow Hi Shebu, Will you post the slides of the presentations of the workshop ? Thanks, François. On 11/2/20 9:01 PM, Shebu Varghese Kuriakose via mbed-tls wrote: Hi All, Gentle reminder about the Mbed TLS workshop tomorrow (Tuesday, November 3rd) from 2 to 6pm GMT. See agenda and zoom link here - https://www.trustedfirmware.org/meetings/mbed-tls-workshop/ Thanks, Shebu -----Original Appointment----- From: Trusted Firmware Public Meetings <linaro.org_havjv2figrh5egaiurb229pd8c(a)group.calendar.google.com><mailto:linaro.org_havjv2figrh5egaiurb229pd8c@group.calendar.google.com> Sent: Friday, October 23, 2020 12:32 AM To: Trusted Firmware Public Meetings; Shebu Varghese Kuriakose; mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org>; Don Harbin; psa-crypto(a)lists.trustedfirmware.org<mailto:psa-crypto@lists.trustedfirmware.org>; Dave Rodgman Subject: Mbed TLS Virtual Workshop When: Tuesday, November 3, 2020 2:00 PM-6:00 PM (UTC+00:00) Dublin, Edinburgh, Lisbon, London. Where: Zoom: https://linaro-org.zoom.us/j/95315200315?pwd=ZDJGc1BZMHZLV29DTmpGUllmMjB1UT… You have been invited to the following event. Mbed TLS Virtual Workshop When Tue Nov 3, 2020 7am – 11am Mountain Standard Time - Phoenix Where Zoom: https://linaro-org.zoom.us/j/95315200315?pwd=ZDJGc1BZMHZLV29DTmpGUllmMjB1UT… (map<https://www.google.com/maps/search/Zoom:+https:%2F%2Flinaro-org.zoom.us%2Fj…>) Calendar shebu.varghesekuriakose(a)arm.com<mailto:shebu.varghesekuriakose@arm.com> Who • Don Harbin - creator • shebu.varghesekuriakose(a)arm.com<mailto:shebu.varghesekuriakose@arm.com> • mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org> • psa-crypto(a)lists.trustedfirmware.org<mailto:psa-crypto@lists.trustedfirmware.org> • dave.rodgman(a)arm.com<mailto:dave.rodgman@arm.com> more details »<https://www.google.com/calendar/event?action=VIEW&eid=NHVvY2FxY2o4Njk3MWZkd…> Hi, Trustedfirmware.org community project would like to invite you to the Mbed TLS Virtual Workshop. The purpose of the workshop is to bring together the Mbed TLS community including maintainers, contributors and users to discuss * The future direction of the project and * Ways to improve community collaboration Here is the agenda for the workshop. Topic Time (in GMT) Welcome 2.00 - 2.10pm Constant-time code 2.10 – 2.30pm Processes - how does work get scheduled? 2.30 – 2.50pm PSA Crypto APIs 2.50 – 3.20pm PSA Crypto for Silicon Labs Wireless MCUs - Why, What, Where and When 3.20 – 3.50pm Break Roadmap, TLS1.3 Update 4.10 – 4.30pm Mbed TLS 3.0 Plans, Scope 4.30 – 5.00pm How do I contribute my first review and be an effective Mbed TLS reviewer 5.00 – 5.30pm Regards, Don Harbin Trusted Firmware Community Manager ==============Zoom details below:==================== Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: Mbed TLS Virtual Workshop Time: Nov 3, 2020 02:00 PM Greenwich Mean Time Join Zoom Meeting https://linaro-org.zoom.us/j/95315200315?pwd=ZDJGc1BZMHZLV29DTmpGUllmMjB1UT…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9531520…> Meeting ID: 953 1520 0315 Passcode: 143755 One tap mobile +16699009128,,95315200315# US (San Jose) +12532158782,,95315200315# US (Tacoma) Dial by your location +1 669 900 9128 US (San Jose) +1 253 215 8782 US (Tacoma) +1 346 248 7799 US (Houston) +1 646 558 8656 US (New York) +1 301 715 8592 US (Germantown) +1 312 626 6799 US (Chicago) 888 788 0099 US Toll-free 877 853 5247 US Toll-free Meeting ID: 953 1520 0315 Find your local number: https://linaro-org.zoom.us/u/apL3hgti4<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fu%2FapL3hgt…> Going (shebu.varghesekuriakose(a)arm.com<mailto:shebu.varghesekuriakose@arm.com>)? Yes<https://www.google.com/calendar/event?action=RESPOND&eid=NHVvY2FxY2o4Njk3MW…> - Maybe<https://www.google.com/calendar/event?action=RESPOND&eid=NHVvY2FxY2o4Njk3MW…> - No<https://www.google.com/calendar/event?action=RESPOND&eid=NHVvY2FxY2o4Njk3MW…> more options »<https://www.google.com/calendar/event?action=VIEW&eid=NHVvY2FxY2o4Njk3MWZkd…> Invitation from Google Calendar<https://www.google.com/calendar/> You are receiving this courtesy email at the account shebu.varghesekuriakose(a)arm.com<mailto:shebu.varghesekuriakose@arm.com> because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://www.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More<https://support.google.com/calendar/answer/37135#forwarding>.

4 years, 10 months

1
0
0 0

Re: [mbed-tls] Mbed TLS Virtual Workshop Tomorrow

by François Beerten

Hi Shebu, Will you post the slides of the presentations of the workshop ? Thanks, François. On 11/2/20 9:01 PM, Shebu Varghese Kuriakose via mbed-tls wrote: > > Hi All, > > Gentle reminder about the Mbed TLS workshop tomorrow (Tuesday, > November 3^rd ) from 2 to 6pm GMT. > > See agenda and zoom link here - > https://www.trustedfirmware.org/meetings/mbed-tls-workshop/ > <https://www.trustedfirmware.org/meetings/mbed-tls-workshop/> > > Thanks, > > Shebu > > -----Original Appointment----- > *From:* Trusted Firmware Public Meetings > <linaro.org_havjv2figrh5egaiurb229pd8c(a)group.calendar.google.com> > *Sent:* Friday, October 23, 2020 12:32 AM > *To:* Trusted Firmware Public Meetings; Shebu Varghese Kuriakose; > mbed-tls(a)lists.trustedfirmware.org; Don Harbin; > psa-crypto(a)lists.trustedfirmware.org; Dave Rodgman > *Subject:* Mbed TLS Virtual Workshop > *When:* Tuesday, November 3, 2020 2:00 PM-6:00 PM (UTC+00:00) Dublin, > Edinburgh, Lisbon, London. > *Where:* Zoom: > https://linaro-org.zoom.us/j/95315200315?pwd=ZDJGc1BZMHZLV29DTmpGUllmMjB1UT… > > > *You have been invited to the following event.* > > > Mbed TLS Virtual Workshop > > When > > > > Tue Nov 3, 2020 7am – 11am Mountain Standard Time - Phoenix > > Where > > > > Zoom: > https://linaro-org.zoom.us/j/95315200315?pwd=ZDJGc1BZMHZLV29DTmpGUllmMjB1UT… > (map > <https://www.google.com/maps/search/Zoom:+https:%2F%2Flinaro-org.zoom.us%2Fj…>) > > Calendar > > > > shebu.varghesekuriakose(a)arm.com <mailto:shebu.varghesekuriakose@arm.com> > > Who > > > > • > > > > Don Harbin- creator > > • > > > > shebu.varghesekuriakose(a)arm.com <mailto:shebu.varghesekuriakose@arm.com> > > • > > > > mbed-tls(a)lists.trustedfirmware.org > <mailto:mbed-tls@lists.trustedfirmware.org> > > • > > > > psa-crypto(a)lists.trustedfirmware.org > <mailto:psa-crypto@lists.trustedfirmware.org> > > • > > > > dave.rodgman(a)arm.com <mailto:dave.rodgman@arm.com> > > *more details » > <https://www.google.com/calendar/event?action=VIEW&eid=NHVvY2FxY2o4Njk3MWZkd…>*** > > Hi, > Trustedfirmware.org community project would like to invite you to the > Mbed TLS Virtual Workshop. > > The purpose of the workshop is to bring together the Mbed TLS > community including maintainers, contributors and users to discuss > > * The future direction of the project and > * Ways to improve community collaboration > > Here is the agenda for the workshop. > > *Topic Time (in GMT)* > Welcome 2.00 - 2.10pm > Constant-time code 2.10 – 2.30pm > Processes - how does work get scheduled? 2.30 – 2.50pm > PSA Crypto APIs 2.50 – 3.20pm > PSA Crypto for Silicon Labs Wireless > MCUs - Why, What, Where and When 3.20 – 3.50pm > > *Break * > > Roadmap, TLS1.3 Update 4.10 – 4.30pm > Mbed TLS 3.0 Plans, Scope 4.30 – 5.00pm > How do I contribute my first review > and be an effective Mbed TLS reviewer 5.00 – 5.30pm > > Regards, > > Don Harbin > Trusted Firmware Community Manager > > > ==============Zoom details below:==================== > Trusted Firmware is inviting you to a scheduled Zoom meeting. > > Topic: Mbed TLS Virtual Workshop > Time: Nov 3, 2020 02:00 PM Greenwich Mean Time > > Join Zoom Meeting > https://linaro-org.zoom.us/j/95315200315?pwd=ZDJGc1BZMHZLV29DTmpGUllmMjB1UT… > <https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9531520…> > > Meeting ID: 953 1520 0315 > Passcode: 143755 > One tap mobile > +16699009128,,95315200315# US (San Jose) > +12532158782,,95315200315# US (Tacoma) > > Dial by your location > +1 669 900 9128 US (San Jose) > +1 253 215 8782 US (Tacoma) > +1 346 248 7799 US (Houston) > +1 646 558 8656 US (New York) > +1 301 715 8592 US (Germantown) > +1 312 626 6799 US (Chicago) > 888 788 0099 US Toll-free > 877 853 5247 US Toll-free > Meeting ID: 953 1520 0315 > Find your local number: https://linaro-org.zoom.us/u/apL3hgti4 > <https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fu%2FapL3hgt…> > > Going (shebu.varghesekuriakose(a)arm.com > <mailto:shebu.varghesekuriakose@arm.com>)? *Yes > <https://www.google.com/calendar/event?action=RESPOND&eid=NHVvY2FxY2o4Njk3MW…>**- > **Maybe > <https://www.google.com/calendar/event?action=RESPOND&eid=NHVvY2FxY2o4Njk3MW…>**- > **No > <https://www.google.com/calendar/event?action=RESPOND&eid=NHVvY2FxY2o4Njk3MW…>*more > options » > <https://www.google.com/calendar/event?action=VIEW&eid=NHVvY2FxY2o4Njk3MWZkd…> > > Invitation from Google Calendar <https://www.google.com/calendar/> > > You are receiving this courtesy email at the account > shebu.varghesekuriakose(a)arm.com > <mailto:shebu.varghesekuriakose@arm.com> because you are an attendee > of this event. > > To stop receiving future updates for this event, decline this event. > Alternatively you can sign up for a Google account at > https://www.google.com/calendar/ and control your notification > settings for your entire calendar. > > Forwarding this invitation could allow any recipient to send a > response to the organizer and be added to the guest list, or invite > others regardless of their own invitation status, or to modify your > RSVP. Learn More > <https://support.google.com/calendar/answer/37135#forwarding>. > >

4 years, 10 months

1
0
0 0

Re: [mbed-tls] Questions about PSA Crypto API and mbed TLS

by François Beerten

Hi, Thank you Gilles for the detailed reply. Do you prefer that discussion about PSA Crypto API spec go on mailing list instead of here ? Is there some room for evolution or is the spec already in a frozen released state ? For new algorithms, it's of course preferable that they're defined in the spec itself. But does the mbedtls project want to supports all algorithms that will be used with PSA Crypto API ? For pure ED25519 and ED448 with scattered data, there's one big gotcha. You need to generate twice a hash that includes the message. Thus the implementation needs to be able to access the buffers of the message twice. With a piece of the message given only once as in the init-update-finish scheme, that does not work well. From reading the document on the PSA Crypto driver API, a transparent driver benefits from the management of keys done by the mbedtls implementation. But what benefit is there for a driver working with opaque keys which has to fully handle the protections and restrictions of keys internally ? Best, François. On 11/2/20 11:01 PM, Gilles Peskine via mbed-tls wrote: > Hello, > > Thank you for your interest in the PSA crypto API. > > On 28/10/2020 15:20, François Beerten via mbed-tls wrote: >> Hi everybody, >> >> After reading the PSA Crypto API specs (as on >> https://armmbed.github.io/mbed-crypto/html/overview/functionality.html) >> and looking at the mbed TLS library, a few questions came up. >> >> Is there some repository with the sources of the PSA Crypto API specs >> where one can follow the evolution and eventually send proposals and >> patches ? >> > The PSA specification drafts are not public. You can send feedback about > the PSA Crypto application and driver interfaces on the psa-crypto > mailing list (psa-crypto(a)lists.trustedfirmware.org, > https://lists.trustedfirmware.org/mailman/listinfo/psa-crypto). If you > prefer to send confidential feedback, you can email mbed-crypto(a)arm.com > (feedback at this address will only be discussed inside Arm). An issue > in the Mbed TLS repository will also reach PSA Crypto architects. > >> A note says "Hash suspend and resume is not defined for the SHA3 >> family of hash algorithms". Why are they not defined for SHA3 ? >> > The hash suspend/resume operations marshall the internal state of the > hash operation. They mimic an existing JavaCard API > (https://docs.oracle.com/javacard/3.0.5/api/javacard/security/InitializedMes…). > There is a de facto standard representation of the internal state for > common Merkle-Damgård constructions, which covers all the currently > defined hash algorithms except SHA3. If there's interest in this > functionality, we could standardize a representation for SHA3. > >> How can or should one add support in PSA Crypto AP for not yet defined >> algorithms (for example a KDF) ? >> > Answer from a PSA Crypto architect: preferably by requesting an encoding > for this KDF as a PSA_ALG_xxx value (as well as new > PSA_KEY_DERIVATION_INPUT_xxx values if applicable). If you can't do > that, use an encoding in the vendor range (most significant bit set). > > The world of key derivation functions is unfortunately messy: there are > many similar, but not functionally equivalent constructions (such as > hashing a secret together with a nonce, formatted in all kinds of > different ways). The set of KDF in PSA Crypto 1.0.0 was the minimum set > required for the TLS protocol. We expect 1.0.x updates to define more > KDF algorithms. > > Answer from an Mbed TLS maintainer: contributing an implementation would > be appreciated (but not required). > >> In multipart operations, can the user reuse the input buffers >> immediately after doing an 'update' (for example after >> psa_hash_update()) ? And can he reuse the input buffers immediately >> after some "setup" functions like psa_cipher_set_iv() or >> psa_aead_set_nonce() ? >> > Yes. PSA crypto API functions that take a buffer as a parameter never > take ownership of that buffer. Once the function returns, you can do > whatever you want with the buffer. > > The PSA specification even guarantees that you can use the same buffer, > or overlapping buffers, as inputs and outputs to the same function call. > However beware that the Mbed TLS implementation does not always support > such overlap (https://github.com/ARMmbed/mbedtls/issues/3266). > >> Do you plan to support (pure) ED25519 and ED448 only via >> psa_sign_message() and psa_verify_message() ? What about messages in >> multiple chunks ? >> > We plan to add a multi-part message signature interface, both for the > sake of pureEdDSA and suitable for Mbed TLS's restartable ECDSA. I > expect the design to be “what you'd expect” but I haven't yet verified > that there aren't any gotchas. > >> In psa_asymmetric_encrypt(), why is the salt provided explicitely. >> Shouldn't it be generated randomly internally when needed ? >> > Some applications use a fixed or deterministic salt which they check on > decryption. Note that this parameter is what PKCS#1 calls “label”. > >> With PSA Crypto API, you define a flexible API for cryptographic >> operations. Apparently, other providers could make their own >> implementation of PSA Crypto API. Will mbed TLS then be able to use >> those alternate PSA Crypto API implementations ? How would that work >> practically ? >> > The X.509 and TLS layer of Mbed TLS are currently designed to use the > mbedtls_xxx crypto API. We have already added partial support for the > psa_xxx crypto API (with MBEDTLS_USE_PSA_CRYPTO), however it is not yet > possible to fully decouple the X.509/TLS layers from the Mbed TLS crypto > implementation. (I think this is already possible for a small set of > cipher suites, but it isn't something that we've tried or currently > actively support.) Before this can happen, some Mbed TLS APIs need to > change, which will happen in 2021 with Mbed TLS 3.0. After that, we plan > to decouple the PSA crypto reference implementation (Mbed TLS's current > crypto implementation) from the X.509/TLS layer (which will remain “Mbed > TLS”). Our plans > (https://developer.trustedfirmware.org/w/mbed-tls/roadmap/) that far > into the future are still vague and may change. > > Note that for the most common case of wanting a different implementation > of cryptography, which is to leverage hardware such as accelerators and > secure elements, PSA is defining a driver interface which is currently > being implemented in Mbed TLS > (https://github.com/ARMmbed/mbedtls/blob/development/docs/proposed/psa-drive…). > The driver interface lets you combine mechanisms supported by your > hardware with Mbed TLS's implementation for mechanisms without hardware > support. >

4 years, 10 months

1
0
0 0

Re: [mbed-tls] Write private key into buffer using encrypted PEM format

by Janos Follath

Hi Mate, I had a look and I couldn’t find such a feature implemented either. I don’t think that Mbed TLS supports that at the moment. Best regards, Janos From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of "Z.Máté via mbed-tls" <mbed-tls(a)lists.trustedfirmware.org> Reply to: "Z.Máté" <enleszekakalozkiraly(a)gmail.com> Date: Monday, 2 November 2020 at 21:01 To: "mbed-tls(a)lists.trustedfirmware.org" <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] Write private key into buffer using encrypted PEM format Dear mbedtls list members! Sorry if this is the second time I ask, I'm not sure the previous question is still on the list. I'm asking if there's a way to export a private key into a buffer in an encrypted format. So that mbedtls_pk_parse_key() has to be called with a password. In the example program key_app.c (I hope that's how it's called) I can see there are password encrypted PEM formatted keys. But how to generate one? For clarity, this is the type of header I'm looking for. —–BEGIN RSA PRIVATE KEY—– Proc-Type: 4,ENCRYPTED DEK-Info: AES-256-CBC,AB8E2B5B2D989271273F6730B6F9C687 ………………………………………………. ………………………………………………. ……………………………………… —–END RSA PRIVATE KEY—– I was only able to generate something like this by, using command line openssl. But I'd like a better solution, in code, using mbedtls. Yours Zombor Máté

4 years, 10 months

1
0
0 0

Re: [mbed-tls] Questions about PSA Crypto API and mbed TLS

by Gilles Peskine

Hello, Thank you for your interest in the PSA crypto API. On 28/10/2020 15:20, François Beerten via mbed-tls wrote: > > Hi everybody, > > After reading the PSA Crypto API specs (as on > https://armmbed.github.io/mbed-crypto/html/overview/functionality.html) > and looking at the mbed TLS library, a few questions came up. > > Is there some repository with the sources of the PSA Crypto API specs > where one can follow the evolution and eventually send proposals and > patches ? > The PSA specification drafts are not public. You can send feedback about the PSA Crypto application and driver interfaces on the psa-crypto mailing list (psa-crypto(a)lists.trustedfirmware.org, https://lists.trustedfirmware.org/mailman/listinfo/psa-crypto). If you prefer to send confidential feedback, you can email mbed-crypto(a)arm.com (feedback at this address will only be discussed inside Arm). An issue in the Mbed TLS repository will also reach PSA Crypto architects. > A note says "Hash suspend and resume is not defined for the SHA3 > family of hash algorithms". Why are they not defined for SHA3 ? > The hash suspend/resume operations marshall the internal state of the hash operation. They mimic an existing JavaCard API (https://docs.oracle.com/javacard/3.0.5/api/javacard/security/InitializedMes…). There is a de facto standard representation of the internal state for common Merkle-Damgård constructions, which covers all the currently defined hash algorithms except SHA3. If there's interest in this functionality, we could standardize a representation for SHA3. > How can or should one add support in PSA Crypto AP for not yet defined > algorithms (for example a KDF) ? > Answer from a PSA Crypto architect: preferably by requesting an encoding for this KDF as a PSA_ALG_xxx value (as well as new PSA_KEY_DERIVATION_INPUT_xxx values if applicable). If you can't do that, use an encoding in the vendor range (most significant bit set). The world of key derivation functions is unfortunately messy: there are many similar, but not functionally equivalent constructions (such as hashing a secret together with a nonce, formatted in all kinds of different ways). The set of KDF in PSA Crypto 1.0.0 was the minimum set required for the TLS protocol. We expect 1.0.x updates to define more KDF algorithms. Answer from an Mbed TLS maintainer: contributing an implementation would be appreciated (but not required). > In multipart operations, can the user reuse the input buffers > immediately after doing an 'update' (for example after > psa_hash_update()) ? And can he reuse the input buffers immediately > after some "setup" functions like psa_cipher_set_iv() or > psa_aead_set_nonce() ? > Yes. PSA crypto API functions that take a buffer as a parameter never take ownership of that buffer. Once the function returns, you can do whatever you want with the buffer. The PSA specification even guarantees that you can use the same buffer, or overlapping buffers, as inputs and outputs to the same function call. However beware that the Mbed TLS implementation does not always support such overlap (https://github.com/ARMmbed/mbedtls/issues/3266). > Do you plan to support (pure) ED25519 and ED448 only via > psa_sign_message() and psa_verify_message() ? What about messages in > multiple chunks ? > We plan to add a multi-part message signature interface, both for the sake of pureEdDSA and suitable for Mbed TLS's restartable ECDSA. I expect the design to be “what you'd expect” but I haven't yet verified that there aren't any gotchas. > In psa_asymmetric_encrypt(), why is the salt provided explicitely. > Shouldn't it be generated randomly internally when needed ? > Some applications use a fixed or deterministic salt which they check on decryption. Note that this parameter is what PKCS#1 calls “label”. > With PSA Crypto API, you define a flexible API for cryptographic > operations. Apparently, other providers could make their own > implementation of PSA Crypto API. Will mbed TLS then be able to use > those alternate PSA Crypto API implementations ? How would that work > practically ? > The X.509 and TLS layer of Mbed TLS are currently designed to use the mbedtls_xxx crypto API. We have already added partial support for the psa_xxx crypto API (with MBEDTLS_USE_PSA_CRYPTO), however it is not yet possible to fully decouple the X.509/TLS layers from the Mbed TLS crypto implementation. (I think this is already possible for a small set of cipher suites, but it isn't something that we've tried or currently actively support.) Before this can happen, some Mbed TLS APIs need to change, which will happen in 2021 with Mbed TLS 3.0. After that, we plan to decouple the PSA crypto reference implementation (Mbed TLS's current crypto implementation) from the X.509/TLS layer (which will remain “Mbed TLS”). Our plans (https://developer.trustedfirmware.org/w/mbed-tls/roadmap/) that far into the future are still vague and may change. Note that for the most common case of wanting a different implementation of cryptography, which is to leverage hardware such as accelerators and secure elements, PSA is defining a driver interface which is currently being implemented in Mbed TLS (https://github.com/ARMmbed/mbedtls/blob/development/docs/proposed/psa-drive…). The driver interface lets you combine mechanisms supported by your hardware with Mbed TLS's implementation for mechanisms without hardware support. -- Gilles Peskine PSA Cryptography architect and Mbed TLS developer > Thank you for your attention, > > François. > > >

4 years, 10 months

1
0
0 0

Write private key into buffer using encrypted PEM format

by Z.Máté

Dear mbedtls list members! Sorry if this is the second time I ask, I'm not sure the previous question is still on the list. I'm asking if there's a way to export a private key into a buffer in an encrypted format. So that mbedtls_pk_parse_key() has to be called with a password. In the example program key_app.c (I hope that's how it's called) I can see there are password encrypted PEM formatted keys. But how to generate one? For clarity, this is the type of header I'm looking for. —–BEGIN RSA PRIVATE KEY—– Proc-Type: 4,ENCRYPTED DEK-Info: AES-256-CBC,AB8E2B5B2D989271273F6730B6F9C687 ………………………………………………. ………………………………………………. ……………………………………… —–END RSA PRIVATE KEY—– I was only able to generate something like this by, using command line openssl. But I'd like a better solution, in code, using mbedtls. Yours Zombor Máté

4 years, 10 months

1
0
0 0

Mbed TLS Virtual Workshop Tomorrow

by Shebu Varghese Kuriakose

Hi All, Gentle reminder about the Mbed TLS workshop tomorrow (Tuesday, November 3rd) from 2 to 6pm GMT. See agenda and zoom link here - https://www.trustedfirmware.org/meetings/mbed-tls-workshop/ Thanks, Shebu -----Original Appointment----- From: Trusted Firmware Public Meetings <linaro.org_havjv2figrh5egaiurb229pd8c(a)group.calendar.google.com> Sent: Friday, October 23, 2020 12:32 AM To: Trusted Firmware Public Meetings; Shebu Varghese Kuriakose; mbed-tls(a)lists.trustedfirmware.org; Don Harbin; psa-crypto(a)lists.trustedfirmware.org; Dave Rodgman Subject: Mbed TLS Virtual Workshop When: Tuesday, November 3, 2020 2:00 PM-6:00 PM (UTC+00:00) Dublin, Edinburgh, Lisbon, London. Where: Zoom: https://linaro-org.zoom.us/j/95315200315?pwd=ZDJGc1BZMHZLV29DTmpGUllmMjB1UT… You have been invited to the following event. Mbed TLS Virtual Workshop When Tue Nov 3, 2020 7am – 11am Mountain Standard Time - Phoenix Where Zoom: https://linaro-org.zoom.us/j/95315200315?pwd=ZDJGc1BZMHZLV29DTmpGUllmMjB1UT… (map<https://www.google.com/maps/search/Zoom:+https:%2F%2Flinaro-org.zoom.us%2Fj…>) Calendar shebu.varghesekuriakose(a)arm.com<mailto:shebu.varghesekuriakose@arm.com> Who • Don Harbin - creator • shebu.varghesekuriakose(a)arm.com<mailto:shebu.varghesekuriakose@arm.com> • mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org> • psa-crypto(a)lists.trustedfirmware.org<mailto:psa-crypto@lists.trustedfirmware.org> • dave.rodgman(a)arm.com<mailto:dave.rodgman@arm.com> more details »<https://www.google.com/calendar/event?action=VIEW&eid=NHVvY2FxY2o4Njk3MWZkd…> Hi, Trustedfirmware.org community project would like to invite you to the Mbed TLS Virtual Workshop. The purpose of the workshop is to bring together the Mbed TLS community including maintainers, contributors and users to discuss * The future direction of the project and * Ways to improve community collaboration Here is the agenda for the workshop. Topic Time (in GMT) Welcome 2.00 - 2.10pm Constant-time code 2.10 – 2.30pm Processes - how does work get scheduled? 2.30 – 2.50pm PSA Crypto APIs 2.50 – 3.20pm PSA Crypto for Silicon Labs Wireless MCUs - Why, What, Where and When 3.20 – 3.50pm Break Roadmap, TLS1.3 Update 4.10 – 4.30pm Mbed TLS 3.0 Plans, Scope 4.30 – 5.00pm How do I contribute my first review and be an effective Mbed TLS reviewer 5.00 – 5.30pm Regards, Don Harbin Trusted Firmware Community Manager ==============Zoom details below:==================== Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: Mbed TLS Virtual Workshop Time: Nov 3, 2020 02:00 PM Greenwich Mean Time Join Zoom Meeting https://linaro-org.zoom.us/j/95315200315?pwd=ZDJGc1BZMHZLV29DTmpGUllmMjB1UT…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9531520…> Meeting ID: 953 1520 0315 Passcode: 143755 One tap mobile +16699009128,,95315200315# US (San Jose) +12532158782,,95315200315# US (Tacoma) Dial by your location +1 669 900 9128 US (San Jose) +1 253 215 8782 US (Tacoma) +1 346 248 7799 US (Houston) +1 646 558 8656 US (New York) +1 301 715 8592 US (Germantown) +1 312 626 6799 US (Chicago) 888 788 0099 US Toll-free 877 853 5247 US Toll-free Meeting ID: 953 1520 0315 Find your local number: https://linaro-org.zoom.us/u/apL3hgti4<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fu%2FapL3hgt…> Going (shebu.varghesekuriakose(a)arm.com<mailto:shebu.varghesekuriakose@arm.com>)? Yes<https://www.google.com/calendar/event?action=RESPOND&eid=NHVvY2FxY2o4Njk3MW…> - Maybe<https://www.google.com/calendar/event?action=RESPOND&eid=NHVvY2FxY2o4Njk3MW…> - No<https://www.google.com/calendar/event?action=RESPOND&eid=NHVvY2FxY2o4Njk3MW…> more options »<https://www.google.com/calendar/event?action=VIEW&eid=NHVvY2FxY2o4Njk3MWZkd…> Invitation from Google Calendar<https://www.google.com/calendar/> You are receiving this courtesy email at the account shebu.varghesekuriakose(a)arm.com<mailto:shebu.varghesekuriakose@arm.com> because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://www.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More<https://support.google.com/calendar/answer/37135#forwarding>.

4 years, 10 months

1
0
0 0

Exporting private key in encrypted PEM format

by Z.Máté

Dear mbedtls list members! Is there a way to write a private key into a buffer, in PEM format, by using a password for encryption? Mbedtls is able to parse encrypted PEM files so can I write one? I couldn't really find any info regarding it, only an older, unfinished github issue ... Yours Zombor Máté

4 years, 10 months

1
0
0 0

Re: [mbed-tls] Questions about PSA Crypto API and mbed TLS

by Levi Schuck

Hello François, The following is my understanding, I am not a maintainer but a user of mbedtls. My response below only addresses a few of your questions. PSA appears to be bound to what mbedtls currently supports, this does not include Ed25519 or Ed448 at this time. A pull request is currently open for this feature development https://github.com/ARMmbed/mbedtls/pull/3245 Further development may be necessary to include those in PSA. The only implementation of PSA that I know of is one that wraps around mbedtls. Best, Levi On Wed, Oct 28, 2020 at 9:20 AM François Beerten via mbed-tls < mbed-tls(a)lists.trustedfirmware.org> wrote: > Hi everybody, > > After reading the PSA Crypto API specs (as on > https://armmbed.github.io/mbed-crypto/html/overview/functionality.html) > and looking at the mbed TLS library, a few questions came up. > > Is there some repository with the sources of the PSA Crypto API specs > where one can follow the evolution and eventually send proposals and > patches ? > > A note says "Hash suspend and resume is not defined for the SHA3 family of > hash algorithms". Why are they not defined for SHA3 ? > > How can or should one add support in PSA Crypto AP for not yet defined > algorithms (for example a KDF) ? > > In multipart operations, can the user reuse the input buffers immediately > after doing an 'update' (for example after psa_hash_update()) ? And can > he reuse the input buffers immediately after some "setup" functions like > psa_cipher_set_iv() or psa_aead_set_nonce() ? > > Do you plan to support (pure) ED25519 and ED448 only via > psa_sign_message() and psa_verify_message() ? What about messages in > multiple chunks ? > > In psa_asymmetric_encrypt(), why is the salt provided explicitely. > Shouldn't it be generated randomly internally when needed ? > > With PSA Crypto API, you define a flexible API for cryptographic > operations. Apparently, other providers could make their own implementation > of PSA Crypto API. Will mbed TLS then be able to use those alternate PSA > Crypto API implementations ? How would that work practically ? > > Thank you for your attention, > > François. > > > -- > mbed-tls mailing list > mbed-tls(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls >

4 years, 10 months

2
2
0 0

JITR is not working in case CA is created using BouncyCastle in mbedtls

by 박현웅

I make a CA certificate for JITR using BouncyCastle lib in the android app as the below example And a device certificate is generated by this certificate in mbed_tls. At this time, JITR is not working. Namely, a device certificate is not registered in AWS. But In the case of making a ca certificate using OPENSSL, JITR works normally. Below is CA certificate based BouncyCastle lib. -----BEGIN CERTIFICATE----- MIIB8jCCAZegAwIBAgIVAK0ct2HFXVdS/k2NblxYGoxyuabfMAoGCCqGSM49BAMC MDIxCzAJBgNVBAYTAktSMRAwDgYDVQQKDAdUcnVzdEZpMREwDwYDVQQDDAhtZWdh em9uZTAeFw0yMDEwMjcwMDAwMDBaFw0zNTAxMDEwMDAwMDBaMDIxCzAJBgNVBAYT AktSMRAwDgYDVQQKDAdUcnVzdEZpMREwDwYDVQQDDAhtZWdhem9uZTBZMBMGByqG SM49AgEGCCqGSM49AwEHA0IABEknYdqI3CdVlmMkTmqKS63HnHc5PbyBff1RokGG 6NE6z31ilA8Yt2fGFHIln1kQtx//6stBA1bIqiqsSo8wad6jgYkwgYYwHQYDVR0O BBYEFBHaQtHvagaDPkpWxQurErTekm2cMB8GA1UdIwQYMBaAFBHaQtHvagaDPkpW xQurErTekm2cMA8GA1UdEwEB/wQFMAMBAf8wEQYJYIZIAYb4QgEBBAQDAgAHMAsG A1UdDwQEAwIBBjATBgNVHSUEDDAKBggrBgEFBQcDAzAKBggqhkjOPQQDAgNJADBG AiEA9HSXn3FpGUYLagsI3qaHz3VicMSuADUz/QBYEKN9STkCIQC+8BX/TPADpPOy ClmBIkjxdDt0Fh7HTDn9UwBUxYA3/g== -----END CERTIFICATE----- -----BEGIN EC PRIVATE KEY----- MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgU9pUZUfplZyhC+mH Pt8pthLItdpbJ+Qy47r7gJKTNvCgCgYIKoZIzj0DAQehRANCAARJJ2HaiNwnVZZj JE5qikutx5x3OT28gX39UaJBhujROs99YpQPGLdnxhRyJZ9ZELcf/+rLQQNWyKoq rEqPMGne -----END EC PRIVATE KEY----- BRs. Hyunung Park

4 years, 10 months

1
0
0 0

Questions about PSA Crypto API and mbed TLS

by François Beerten

Hi everybody, After reading the PSA Crypto API specs (as on https://armmbed.github.io/mbed-crypto/html/overview/functionality.html) and looking at the mbed TLS library, a few questions came up. Is there some repository with the sources of the PSA Crypto API specs where one can follow the evolution and eventually send proposals and patches ? A note says "Hash suspend and resume is not defined for the SHA3 family of hash algorithms". Why are they not defined for SHA3 ? How can or should one add support in PSA Crypto AP for not yet defined algorithms (for example a KDF) ? In multipart operations, can the user reuse the input buffers immediately after doing an 'update' (for example after psa_hash_update()) ? And can he reuse the input buffers immediately after some "setup" functions like psa_cipher_set_iv() or psa_aead_set_nonce() ? Do you plan to support (pure) ED25519 and ED448 only via psa_sign_message() and psa_verify_message() ? What about messages in multiple chunks ? In psa_asymmetric_encrypt(), why is the salt provided explicitely. Shouldn't it be generated randomly internally when needed ? With PSA Crypto API, you define a flexible API for cryptographic operations. Apparently, other providers could make their own implementation of PSA Crypto API. Will mbed TLS then be able to use those alternate PSA Crypto API implementations ? How would that work practically ? Thank you for your attention, François.

4 years, 10 months

1
0
0 0

Re: [mbed-tls] Availability of 2.16.7 in download archive

by Janos Follath

Hi Frank, The issue exists because you are downloading a tag and not the release. The 2.16.8 release is available here: https://github.com/ARMmbed/mbedtls/archive/v2.16.8.tar.gz Best regards, Janos On 28/10/2020, 12:15, "mbed-tls on behalf of Frank Bergmann via mbed-tls" <mbed-tls-bounces(a)lists.trustedfirmware.org on behalf of mbed-tls(a)lists.trustedfirmware.org> wrote: Hi Gilles, I noticed that the "double name" does still exist in some archive files: $ wget -q -O - https://github.com/ARMmbed/mbedtls/archive/mbedtls-2.16.8.tar.gz|tar tzf -|head mbedtls-mbedtls-2.16.8/ mbedtls-mbedtls-2.16.8/.github/ mbedtls-mbedtls-2.16.8/.github/issue_template.md mbedtls-mbedtls-2.16.8/.github/pull_request_template.md mbedtls-mbedtls-2.16.8/.gitignore mbedtls-mbedtls-2.16.8/.globalrc mbedtls-mbedtls-2.16.8/.pylintrc mbedtls-mbedtls-2.16.8/.travis.yml mbedtls-mbedtls-2.16.8/CMakeLists.txt mbedtls-mbedtls-2.16.8/CONTRIBUTING.md cheers, Frank On Tue, Aug 04, 2020 at 09:18:56PM +0000, Gilles Peskine via mbed-tls wrote: [...] > The naming with mbedtls-mbedtls- must be a bug in our release script. [...] -- Frank Bergmann, Pödinghauser Str. 5, D-32051 Herford, Tel. +49-5221-9249753 SAP Hybris & Linux LPIC-3, E-Mail tx2014(a)tuxad.de, USt-IdNr DE237314606 http://tdyn.de/freel -- Redirect to profile at freelancermap http://www.gulp.de/freiberufler/2HNKY2YHW.html -- Profile at GULP -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls

4 years, 10 months

2
1
0 0

Re: [mbed-tls] Availability of 2.16.7 in download archive

by Frank Bergmann

Hi Gilles, I noticed that the "double name" does still exist in some archive files: $ wget -q -O - https://github.com/ARMmbed/mbedtls/archive/mbedtls-2.16.8.tar.gz|tar tzf -|head mbedtls-mbedtls-2.16.8/ mbedtls-mbedtls-2.16.8/.github/ mbedtls-mbedtls-2.16.8/.github/issue_template.md mbedtls-mbedtls-2.16.8/.github/pull_request_template.md mbedtls-mbedtls-2.16.8/.gitignore mbedtls-mbedtls-2.16.8/.globalrc mbedtls-mbedtls-2.16.8/.pylintrc mbedtls-mbedtls-2.16.8/.travis.yml mbedtls-mbedtls-2.16.8/CMakeLists.txt mbedtls-mbedtls-2.16.8/CONTRIBUTING.md cheers, Frank On Tue, Aug 04, 2020 at 09:18:56PM +0000, Gilles Peskine via mbed-tls wrote: [...] > The naming with mbedtls-mbedtls- must be a bug in our release script. [...] -- Frank Bergmann, Pödinghauser Str. 5, D-32051 Herford, Tel. +49-5221-9249753 SAP Hybris & Linux LPIC-3, E-Mail tx2014(a)tuxad.de, USt-IdNr DE237314606 http://tdyn.de/freel -- Redirect to profile at freelancermap http://www.gulp.de/freiberufler/2HNKY2YHW.html -- Profile at GULP

4 years, 10 months

1
0
0 0

Re: [mbed-tls] About mbedtls CVE

by Janos Follath

Hi Sawyer, Thank you for your interest in Mbed TLS. Currently the status of these CVE’s is: - CVE-2020-16150 has been fixed in the latest Mbed TLS release - CVE-2018-1000520 is not a security issue, it had been studied and rejected - CVE-2016-3739 is a vulnerability in an application using Mbed TLS but not in Mbed TLS itself, also it too had been fixed. Does this answer your question? (Also, I would like to make a minor clarification: we are not Arm Support. As far as I know Arm does not offer official support for Mbed TLS. Arm only contributes engineers to the Mbed TLS project, and at the moment these engineers are the maintainers of Mbed TLS. We are on this mailing list and try to answer questions, but we are not doing that as official support provided by Arm, but as members of the community. Mbed TLS is supported by the community and this mailing list is indeed the right place to get that support. I apologise for the nitpick, I just wanted to make sure that we are not giving the wrong impressions.) Best regards, Janos (Mbed TLS developer) From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Sawyer Liu via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Reply to: Sawyer Liu <sawyer.liu(a)nxp.com> Date: Wednesday, 28 October 2020 at 01:59 To: "mbed-tls(a)lists.trustedfirmware.org" <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] About mbedtls CVE Hello ARM Support, About below CVEs, any update? Thanks. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16150<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre…> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000520 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3739 Best Regards Sawyer Liu Microcontrollers, NXP Semiconductors

4 years, 10 months

2
2
0 0

Re: [mbed-tls] JITR in mbedtls

by 박현웅

From: 박현웅 <hupark(a)ictk.com> Sent: Wednesday, October 28, 2020 6:21 PM To: 'mbed-tls(a)lists.trustedfirmware.org.' <mbed-tls(a)lists.trustedfirmware.org.> Subject: JITR in mbedtls Hi I make a certificate using BouncyCastle lib in android app as the below. JITR is not working. Namely a device certificate is not registered in aws iot. In case of making ca certificate using openssl, JITR works normally. Could you please help me? -----BEGIN CERTIFICATE----- MIIB8jCCAZegAwIBAgIVAK0ct2HFXVdS/k2NblxYGoxyuabfMAoGCCqGSM49BAMC MDIxCzAJBgNVBAYTAktSMRAwDgYDVQQKDAdUcnVzdEZpMREwDwYDVQQDDAhtZWdh em9uZTAeFw0yMDEwMjcwMDAwMDBaFw0zNTAxMDEwMDAwMDBaMDIxCzAJBgNVBAYT AktSMRAwDgYDVQQKDAdUcnVzdEZpMREwDwYDVQQDDAhtZWdhem9uZTBZMBMGByqG SM49AgEGCCqGSM49AwEHA0IABEknYdqI3CdVlmMkTmqKS63HnHc5PbyBff1RokGG 6NE6z31ilA8Yt2fGFHIln1kQtx//6stBA1bIqiqsSo8wad6jgYkwgYYwHQYDVR0O BBYEFBHaQtHvagaDPkpWxQurErTekm2cMB8GA1UdIwQYMBaAFBHaQtHvagaDPkpW xQurErTekm2cMA8GA1UdEwEB/wQFMAMBAf8wEQYJYIZIAYb4QgEBBAQDAgAHMAsG A1UdDwQEAwIBBjATBgNVHSUEDDAKBggrBgEFBQcDAzAKBggqhkjOPQQDAgNJADBG AiEA9HSXn3FpGUYLagsI3qaHz3VicMSuADUz/QBYEKN9STkCIQC+8BX/TPADpPOy ClmBIkjxdDt0Fh7HTDn9UwBUxYA3/g== -----END CERTIFICATE----- -----BEGIN EC PRIVATE KEY----- MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgU9pUZUfplZyhC+mH Pt8pthLItdpbJ+Qy47r7gJKTNvCgCgYIKoZIzj0DAQehRANCAARJJ2HaiNwnVZZj JE5qikutx5x3OT28gX39UaJBhujROs99YpQPGLdnxhRyJZ9ZELcf/+rLQQNWyKoq rEqPMGne -----END EC PRIVATE KEY----- BRs. Hyunung Park

4 years, 10 months

1
0
0 0

About mbedtls CVE

by Sawyer Liu

Hello ARM Support, About below CVEs, any update? Thanks. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16150<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre…> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000520 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3739 Best Regards Sawyer Liu Microcontrollers, NXP Semiconductors

4 years, 10 months

1
0
0 0

Re: [mbed-tls] Availability of GPLv2 releases in the future

by Gilles Peskine

Hi Fabian, Unfortunately https://tls.mbed.org/how-to-get is out of date. As indicated on https://tls.mbed.org/download, newer releases (since 2.17) are distributed under Apache license only. Only the long-time support branches (2.7.x and 2.16.x) still have GPL releases. -- Gilles Peskine Mbed TLS developer On 20/10/2020 14:19, Fabian Keil via mbed-tls wrote: > Hi, > > tls.mbed.org currently sends mixed signals regarding > the license of future MbedTLS releases. > > Quoting https://tls.mbed.org/download: > | In packaged form, mbed TLS 2.1.0 to mbed TLS 2.16 are > | available in both an Apache 2.0 licensed version (our > | primary open source license) and in a GPL 2.0 licensed version. > | > | Newer versions will be available under the Apache 2.0 license. > > Quoting https://tls.mbed.org/how-to-get: > | All the current versions of the mbed TLS library are distributed > | under the Apache 2.0 license and available from our Download area. > | In addition there are packaged versions of the mbed TLS library > | that are distributed with the GNU Public License Version 2.0 (GPL v2.0). > | > | The Apache-licensed and GPL-licensed versions of mbed TLS are > | identical in source code (with the exception of the license > | headers at the top of files). > | > | We plan to keep both licensed versions around. > > Can anyone estimate when "newer releases" will no longer > be dual licensed? > > We recently added MbedTLS support for Privoxy and a > MbedTLS license switch from dual license to Apache 2.0 > complicates the license terms. > > Thanks > Fabian >

4 years, 10 months

1
0
0 0

Re: [mbed-tls] Clarification regarding the mbedtls_pk_context object and the PEM format, an a question about the example TLS server

by Gilles Peskine

Hi Máté, On 26/10/2020 12:04, Z.Máté via mbed-tls wrote: > Dear mbedtls mailing list members! > > I hope you recieve my message now, previously I had problems posting > to this list. :( > > My first question is actually about the PEM format. As far as I'm > aware the PEM format either contains the Private key (signalled by the > ---- BEGIN PRIVATE KEY ---- header) or a public key (---- BEGIN PUBLIC > KEY -----). In my application I have to work on an app that stores key > pairs in a special, secure storage solution (Secure Storage of OPTEE > if you've heard about it). I decided to export the keys in PEM format, > so that reading and handling them is equal to moving a large string > buffer around. Using the PEM format, is there a way to store both > private and public keys in the same "file"? Does mbedtls allow for > such a solution (does such a solution even exist?). There are actually several PEM formats. Some private key formats actually store both the private key and the public key, while others only store the private key. However, it is always possible to calculate the public key from the private key. So if you want to have the whole key pair, just write the private key in any format. If you have a private key file, you can extract the public key with the Mbed TLS sample program key_app_writer (untested command line, typed directly into my mail client): programs/pkey/key_app_writer mode=private filename=my_private_key.pem output_mode=public output_file=my_public_key.pem or with OpenSSL: openssl pkey -in my_private_key.pem -pubout -out my_public_key.pem > > If not, is there a simple way to get the public key from a private key > object? Does the mbedtls_pk_context, (that parsed up with a private > key) contain the information needed to export the public key into a > PEM buffer? As far as I know mbedtls allows for exporting the private > key and the public key with the functions mbedtls_write_key_pem and > ...write_pubkey_pem (or something along those lines) does that mean I > can only export one at a time and there's no way to save the > information for both into one PEM buffer? > > If there's a way to save both private and public keys into one PEM > file, do I have to parse the private key and public key into separate > objects then? With parse_key and parse_pubkey? This isn't really a > problem just clarifying. Once you have an mbedtls_pk_context, if you want to export both keys to a file, use mbedtls_write_key_pem(). If you want to have a separate file that only contains the public key, call mbedtls_write_pubkey_pem() on the same mbedtls_pk_context. > > If you can point me to an actually good description of the PEM format > and what CAN be stored inside of it, I'd be very grateful! :) PEM is just an encoding: base64 data between a header and footer. The base64-encoded data can have several different formats depending on the header. It can represent a private key (several formats depending on the header), a public key or a certificate. A complete description is spread across about half a dozen RFC. Fortunately, I don't think you need to dig into those. > > I also have a question regarding the example SSL server program. In > it, the server needs a private key and a certificate for obvious > reasons. It also loads a certificate and as far as I know, the > certificate has to be tied to a known CA for it to be valid. > > I would like to test the program with a self generated key pair, do I > need to change the Certificate and CAs to a new one as well? To > authenticate the new keypair? Does the mbedtls ssl_client1 example > program work with self signed certs? Or do I need to take care of the > CA validation myself (that would probably beyond the scope of the > project I'm working on). The sample program ssl_server does not check the client certificate. The test program ssl_server2 can check the client certificate: pass the command line options "auth_mode=required ca_file=my_ca.crt". If you have a self-signed client certificate, you can pass it as the ca_file. -- Gilles Peskine Mbed TLS developer > > Thank you in advance! > > Yours truly, > Máté Zombor >

4 years, 10 months

1
0
0 0

Clarification regarding the mbedtls_pk_context object and the PEM format, an a question about the example TLS server

by Z.Máté

Dear mbedtls mailing list members! I hope you recieve my message now, previously I had problems posting to this list. :( My first question is actually about the PEM format. As far as I'm aware the PEM format either contains the Private key (signalled by the ---- BEGIN PRIVATE KEY ---- header) or a public key (---- BEGIN PUBLIC KEY -----). In my application I have to work on an app that stores key pairs in a special, secure storage solution (Secure Storage of OPTEE if you've heard about it). I decided to export the keys in PEM format, so that reading and handling them is equal to moving a large string buffer around. Using the PEM format, is there a way to store both private and public keys in the same "file"? Does mbedtls allow for such a solution (does such a solution even exist?). If not, is there a simple way to get the public key from a private key object? Does the mbedtls_pk_context, (that parsed up with a private key) contain the information needed to export the public key into a PEM buffer? As far as I know mbedtls allows for exporting the private key and the public key with the functions mbedtls_write_key_pem and ...write_pubkey_pem (or something along those lines) does that mean I can only export one at a time and there's no way to save the information for both into one PEM buffer? If there's a way to save both private and public keys into one PEM file, do I have to parse the private key and public key into separate objects then? With parse_key and parse_pubkey? This isn't really a problem just clarifying. If you can point me to an actually good description of the PEM format and what CAN be stored inside of it, I'd be very grateful! :) I also have a question regarding the example SSL server program. In it, the server needs a private key and a certificate for obvious reasons. It also loads a certificate and as far as I know, the certificate has to be tied to a known CA for it to be valid. I would like to test the program with a self generated key pair, do I need to change the Certificate and CAs to a new one as well? To authenticate the new keypair? Does the mbedtls ssl_client1 example program work with self signed certs? Or do I need to take care of the CA validation myself (that would probably beyond the scope of the project I'm working on). Thank you in advance! Yours truly, Máté Zombor

4 years, 10 months

1
0
0 0

2025

2024

2023

2022

2021

2020

mbed-tls