- mbed-tls - lists.trustedfirmware.org

by Ronald Cron

We are happy to announce the publication in GitHub of the TF-PSA-Crypto repository: https://github.com/Mbed-TLS/TF-PSA-Crypto. The TF-PSA-Crypto repository provides an implementation of the PSA Cryptography API (https://arm-software.github.io/psa-api). This encompasses the on-going extensions to the PSA Cryptography API (e.g. PAKE). The PSA Cryptography API implementation is organized around the PSA Cryptography driver interface aiming to ease the support of cryptographic accelerators and processors. This is a significant milestone on the journey to split the PSA Cryptography API implementation and its development out of the Mbed TLS repository into TF-PSA-Crypto. This is early days though and the TF-PSA-Crypto repository should be considered as a prototype: it is read-only and mostly a mirror of the PSA Cryptography API implementation of Mbed TLS. But we believe it is a good illustration of what we are aiming at. Thanks, Ronald Cron on behalf of the Mbed TLS team.

2 years

2
2
0 0

How to implement Opaque driver API

by Jiamei Xie

Hi experts, I wanted to forward some crypto operations to an external driver that provides psa_call APIs. The mbedtls version I am using 3.4.0. Take psa_asymmetric_encrypt as an example, The mbedtls api is psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length) It gets attribute, key.data and key.byte from key_id. Then call function psa_driver_wrapper_asymmetric_encrypt without key_id as its argument: status = psa_driver_wrapper_asymmetric_encrypt( &attributes, slot->key.data, slot->key.bytes, alg, input, input_length, salt, salt_length, output, output_size, output_length); In psa_driver_wrapper_asymmetric_encrypt, it will use different implementations according to the location value in https://github.com/Mbed-TLS/mbedtls/blob/d69d3cda34c400a55220352518e37d3d2c…. I define a new location definition(RSS_PSA_LOCATION. When the location is RSS_PSA_LOCATION, making it call psa_status_t crypto_psa_asymmetric_encrypt(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length) This API require key_id. Is it possible to get key_id from attribute and key_slot? Regards, Jiamei Xie

2 years

3
3
0 0

Driver only build option

by Ruchika Gupta

Hi, I am trying to use the MACRO's defined at - https://github.com/Mbed-TLS/mbedtls/blob/development/docs/driver-only-build… to enable driver only build. As mentioned on the page I tried to do this for SHA256. However, the code in sha256.c isn't ifdefed by "MBEDTLS_PSA_ACCEL_ALG_SHA_256" so still gets compiled ? Can you point me to what I am missing here ? Regards, Ruchika

2 years

1
1
0 0

How can I encrypt with a private key?

by 克坚马

Hi all, I have been using the old version(2.28) for a very long time, and updated to version 3.4.0 recently. When using rsa encryption, there is a parameter 'mode' that allows to choose whether to use a public key or a private key. Why is it canceled in the new version? And how can I use the private key to perform an encryption operation? Thank you for your help!

2 years

4
6
0 0

For enabling TLS 1.3

by Sankalp Raj Singh

Can you please provide the proper steps and file name where we have to make changes in order to enable TLS 1.3

2 years

1
0
0 0

PSA crypto driver - KEY LOCATIONS

by Ruchika Gupta

Hi, For the crypto accelerator, we are developing for our SoC, we have a use-case where the same driver can support multiple/range of KEY LOCATIONS. We want a mechanism such that, the a common function in driver is called which can then take the necessary option based on the key location. The way jsons are currently structured, what I understand is that for every key location, we will need to create a separate json with a different driver prefix. This would lead to a lot of code duplication for us. For eg { to define 3 locations X, Y and Z , I need to create 3 json files -> these all refer to same crypto sub-system I my case} #define TEST_DRIVER_X_OPAQUE_DRIVER_ID #define TEST_DRIVER_Y_OPAQUE_DRIVER_ID #define TEST_DRIVER_Z_OPAQUE_DRIVER_ID Switch (key_location) Case x: Test_driver_x_ opaque_import_key(); break; Case y: Test_driver_y_ opaque_import_key(); break; Case z: Test_driver_z_ opaque_import_key(); break; This is resulting in a lot of code duplication and overhead. What we want to have the flexibility to achieve is : #define TEST_DRIVER_OPAQUE_DRIVER_ID Switch (key_location) Case x: Case y: Case z: Test_driver_opaque_import_key(); If we can support multiple locations from a driver json file for a given driver, this issue would be resolved. This would give the driver writers flexibility on how and where they want to handle the locations. Please let us know your views on the same. Regards, Ruchika

2 years, 1 month

2
1
0 0

Re: [Mbed-tls-announce] New Mbed TLS releases : 3.5.0 and 2.28.5

by Oubaid AKRMI

Hi, Is the SHA-3 impacted by the vulnerability reported in NIST vulnerability database (link below) ? https://nvd.nist.gov/vuln/detail/CVE-2022-37454 "Description The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. " Best regards, [Shape, rectangle Description automatically generated] Oubaid AKRMI | Mobile: +33 7 53 06 08 49 GPM | Application Security Engineer [Icon Description automatically generated]<https://www.facebook.com/STMicroelectronics.NV/> [cid:image003.png@01D9FD35.14D24980] <https://twitter.com/st_world> [Icon Description automatically generated] <https://www.linkedin.com/company/stmicroelectronics/> [Icon Description automatically generated] <https://www.instagram.com/stmicroelectronics.nv/> [Icon Description automatically generated] <https://www.youtube.com/user/STonlineMedia> ST online: www.st.com<https://stmicroelectronics-my.sharepoint.com/personal/oubaid_akrmi_st_com/D…>

2 years, 1 month

2
1
0 0

Link to MBed TLS Tech Forum - Asia/Europe

by Daniel Morris

Just in case others are struggling to join/had a bad bookmark for the meeting which started a few minutes ago, the right one is: https://linaro-org.zoom.us/j/95471735908?pwd=WStaaWhEVXNqcWx1S2pEQU13cHU2UT… Also handily listed here: https://www.trustedfirmware.org/meetings/ Daniel %<---------------------------------------------------------------------- Daniel Morris eCosCentric - The eCos experts Tel: +44 1223 245 571 - info(a)eCosCentric.com

2 years, 1 month

1
0
0 0

psa_raw_key_agreement does not like PSA_ALG_ECDSA(PSA_ALG_SHA_256)

by Christian Huitema

I am not sure I completely understand the PSA API for key exchange. I have been creating a private key, exporting the public key, passing that successfully to the peer, obtaining the peer's public key, and I want to use psa_raw_key_agreement to obtain the shared secret. But it fails in: if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } The value of "alg" is 0x06000609, computed as PSA_ALG_ECDSA(PSA_ALG_SHA_256). That's probably wrong, but I do not know why... -- Christian Huitema

2 years, 2 months

1
1
0 0

Output format of mbedtls_ecdh_make_params does not play well with TLS 1.3

by Christian Huitema

In TLS 1.3, one half of an ECDH exchange is defined as a "key entry", coded as: struct { NamedGroup group; opaque key_exchange<1..2^16-1>; } KeyShareEntry; The opaque data is typically encoded as a one byte format (e.g., 0x04, no compression), and then the encoding of either one or two points: 32 bytes for one point with CURVE25519, 64 bytes for two points with SECP256R1. The encoding for the "public key" output of mbedtls_ecdh_make_params is different: 1 byte of length, followed by 2 bytes of curve ID, followed by the raw encoding of the point or points. The related encoding of the server public key output of mbedtls_ecdh_make_public is also different: 1 byte of length, followed by 2 bytes of curve ID, followed by the raw encoding of the point or points. To make that work, I need some reformatting: strip out 3 bytes for the client public key, write a single 0x04 byte instead; strip out one byte from the key-exchange data received at the server and write 3 bytes of length and curve ID instead. Also, make sure to reset the strings to the unmodified value before calling mbedtls_ecdh_calc_secret, which probably means maintaining two copies, thus twice the memory. This is a bit messy, and probably unnecessary. The extra parameters "length" is already passed through the API (the &olen argument) and the "group_id" could easily be passed as well. Or maybe I am looking at the wrong API... -- Christian Huitema

2 years, 2 months

3
7
0 0

2025

2024

2023

2022

2021

2020

mbed-tls