- mbed-tls - lists.trustedfirmware.org

Regarding adding a new encryption algorithm in mbedtls

by Vishal Rathod

Dear sir/madam, Hope you are doing good! We are working on a lightweight TLS implementation for embedded hardware and want to add our own algorithm inside mbedTLS. As per my knowledge, we have to add a .h file in mbedtls/include/mbedtls and .c file in the library. Also, we have to list our algorithm in library/CMakeLists.txt. Except these, what should be the procedure? Also, our task is during handshake, the receiver chooses our algorithm instead of the default one for encryption and decryption. If someone could help us regarding this then it would be great. Thanks in advance. Regards, -- *Dr. Vishal J. Rathod* *(Member - IEEE, ACM, IET)* *Senior Project Engineer (SPE),* *IoT R & D Group,* *C-DAC, Electronic City,* *Bengaluru, Karnataka, India.* *Email ID: rathodvishal78(a)gmail.com <rathodvishal78(a)gmail.com> and * vishalrathod(a)ieee.org *Mobile - 9879957770*

3 years

1
0
0 0

Feature idea for mbedtls_net_connect()

by Alexander Timofeev

Hi! I am a new MbedTLS user and would like to say thanks to devs first! From my point of view mbedtls_net_connect() could handle binding socket to a specified local client port. Although it does not seem to be a common requirement and bloats API a little bit but otherwise user has to throw away mbedtls_net_connect() and implement connection function by their hands. Best, Alex

3 years

1
0
0 0

Re: [psa-crypto] Benchmark application for PSA crypto API's

by Stephan Koch

Hi Ruchika, as an addition to the previous answers, there is also the SecureMark-TLS benchmark from EEMBC that "Analyzes the costs associated with implementing TLS on an edge device using a common IoT cyphersuite comprised of ECC & ECDSA on the NIST secp256r1 curve, SHA256, and AES128-CCM/ECB", see: https://www.eembc.org/securemark/ It provides profiles to run benchmarks against Mbed TLS API, PSA Crypto API, and wolfSSL, see sources here: https://github.com/eembc/securemark-tls/tree/main/examples/selfhosted/profi… The chosen cipher-suite is similar to the TF-M medium profile and it allows estimates of speed and power consumption for TLS on microcontrollers. It also allows to add - manually - footprint data. Best Stephan From: Ruchika Gupta via psa-crypto <psa-crypto(a)lists.trustedfirmware.org> Reply to: Ruchika Gupta <ruchika.gupta_1(a)nxp.com> Date: Tuesday, 16 May 2023 at 13:40 To: "mbed-tls(a)lists.trustedfirmware.org" <mbed-tls(a)lists.trustedfirmware.org>, "psa-crypto(a)lists.trustedfirmware.org" <psa-crypto(a)lists.trustedfirmware.org> Subject: [psa-crypto] Benchmark application for PSA crypto API's Hi, For mbedtls API’s, there is a benchmark application available. Are there any plans to implement benchmark application for PSA crypto APIs ? Regards, Ruchika

3 years

2
3
0 0

Benchmark application for PSA crypto API's

by Ruchika Gupta

Hi, For mbedtls API's, there is a benchmark application available. Are there any plans to implement benchmark application for PSA crypto APIs ? Regards, Ruchika

3 years

3
4
0 0

PSA key slot management functions access private structure members

by S Krishnan, Archanaa

Hello, In mbedLS v3.4.0, I came across a build error that there are no members for type and flag in psa_core_keyattributes_t structure. The following functions in psa_crypto_core.h access private members type and flag of psa_core_keyattributes_t structure without the MBEDTLS_PRIBATE() private access. * psa_is_key_slot_occupied() * psa_key_slot_get_flags() * psa_key_slot_set_flags() * psa_key_slot_set_bits_in_flags() * psa_key_slot_clear_bits() Updating to private access for attribute struct members in psa_crypto_core.h fixed the build errors. Regards, Archanaa

3 years

2
4
0 0

Reminder: MBed TLS Tech Forum - US/Europe

by Don Harbin

Hi All, A gentle reminder that the US-Europe timezone-friendly MBed TLS Tech forum is next Monday at 4:30 PM UK time. Invite details can be found on the online calendar here <https://www.trustedfirmware.org/meetings/>. If you have any topics, please let Dave Rodgman know. :) Best regards, Don Harbin TrustedFirmware Community Manager don.harbin(a)linaro.org

3 years

1
5
0 0

Canceled event with note: MBed TLS Technical Forum @ Mon May 8, 2023 8:30am - 9:30am (MST) (mbed-tls@lists.trustedfirmware.org)

by don.harbin＠linaro.org

This event has been canceled with a note: "Cancelled due to Bank Holiday" MBed TLS Technical Forum Monday May 8, 2023 ⋅ 8:30am – 9:30am Mountain Standard Time - Phoenix Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: MBed TLS Technical Forum Time: Oct 25, 2021 04:30 PM London Every 4 weeks on Mon, 20 occurrence(s) Oct 25, 2021 04:30 PM Nov 22, 2021 04:30 PM Dec 20, 2021 04:30 PM Jan 17, 2022 04:30 PM Feb 14, 2022 04:30 PM Mar 14, 2022 04:30 PM Apr 11, 2022 04:30 PM May 9, 2022 04:30 PM Jun 6, 2022 04:30 PM Jul 4, 2022 04:30 PM Aug 1, 2022 04:30 PM Aug 29, 2022 04:30 PM Sep 26, 2022 04:30 PM Oct 24, 2022 04:30 PM Nov 21, 2022 04:30 PM Dec 19, 2022 04:30 PM Jan 16, 2023 04:30 PM Feb 13, 2023 04:30 PM Mar 13, 2023 04:30 PM Apr 10, 2023 04:30 PM Please download and import the following iCalendar (.ics) files to your calendar system. Weekly: https://linaro-org.zoom.us/meeting/tJEkceuurT4sGdaksikbUn6FARB9Kuk3ac2o/ics… Join Zoom Meeting https://linaro-org.zoom.us/j/95962635632?pwd=STFkQVltejAzRDJ6NmoxZjhmZC9RUT… Meeting ID: 959 6263 5632 Passcode: 018366 One tap mobile +13462487799,,95962635632# US (Houston) +16699009128,,95962635632# US (San Jose) Dial by your location +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 253 215 8782 US (Tacoma) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) +1 301 715 8592 US (Washington DC) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 959 6263 5632 Find your local number: https://linaro-org.zoom.us/u/aewUpnQu5y Guests nnac123(a)gmail.com psa-crypto(a)lists.trustedfirmware.org mbed-tls(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

3 years

1
0
0 0

Minimum size in RSA key generation

by Gilles Peskine

Hello, To strengthen Mbed TLS against accidental misuse, we're going to enforce a minimum size for RSA key generation. Currently the minimum is 128 bits, just to avoid some edge cases in the implementation. So for example, if you want a 2048-bit key but accidentally pass a number of bytes, the library will happily generate a 256-bit key. We want to prevent this scenario. What should the minimum be? If we make the minimum 2048 bits, will this be a problem? We will not make the minimum any higher. But we're considering enforcing only a minimum 1024 bits, which is over the record from public breaks and largely resolves the risk of bits/bytes confusion. Should we also enforce a minimum (perhaps lower) in the 2.28 long-time support branch? If you're using Mbed TLS to generate small RSA keys, please let us know on the mailing list, on GitHub at https://github.com/Mbed-TLS/mbedtls/issues/7556, or by private email. Best regards, -- Gilles Peskine Mbed TLS developer

3 years

1
0
0 0

Invitation: MBed TLS Technical Forum @ Every 4 weeks from 9:30am to 10:30am on Monday (MST) (mbed-tls@lists.trustedfirmware.org)

by don.harbin＠linaro.org

MBed TLS Technical Forum Every 4 weeks from 9:30am to 10:30am on Monday Mountain Standard Time - Phoenix Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: MBed TLS Technical Forum Time: Oct 25, 2021 04:30 PM London Every 4 weeks on Mon, 20 occurrence(s) Oct 25, 2021 04:30 PM Nov 22, 2021 04:30 PM Dec 20, 2021 04:30 PM Jan 17, 2022 04:30 PM Feb 14, 2022 04:30 PM Mar 14, 2022 04:30 PM Apr 11, 2022 04:30 PM May 9, 2022 04:30 PM Jun 6, 2022 04:30 PM Jul 4, 2022 04:30 PM Aug 1, 2022 04:30 PM Aug 29, 2022 04:30 PM Sep 26, 2022 04:30 PM Oct 24, 2022 04:30 PM Nov 21, 2022 04:30 PM Dec 19, 2022 04:30 PM Jan 16, 2023 04:30 PM Feb 13, 2023 04:30 PM Mar 13, 2023 04:30 PM Apr 10, 2023 04:30 PM Please download and import the following iCalendar (.ics) files to your calendar system. Weekly: https://linaro-org.zoom.us/meeting/tJEkceuurT4sGdaksikbUn6FARB9Kuk3ac2o/ics… Join Zoom Meeting https://linaro-org.zoom.us/j/95962635632?pwd=STFkQVltejAzRDJ6NmoxZjhmZC9RUT… Meeting ID: 959 6263 5632 Passcode: 018366 One tap mobile +13462487799,,95962635632# US (Houston) +16699009128,,95962635632# US (San Jose) Dial by your location +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 253 215 8782 US (Tacoma) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) +1 301 715 8592 US (Washington DC) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 959 6263 5632 Find your local number: https://linaro-org.zoom.us/u/aewUpnQu5y Guests psa-crypto(a)lists.trustedfirmware.org mbed-tls(a)lists.trustedfirmware.org nnac123(a)gmail.com View all guest info https://calendar.google.com/calendar/event?action=VIEW&eid=ZGExMnNqcDB1MDFm… Reply for mbed-tls(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=ZGExMnNqcDB1MDFm… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

3 years

1
0
0 0

Troubles with server certificate verification

by François Legal

Hello, using mbed TLS pavkaged with esp32 toolchain, for doing eap-tls with server certificate verification using CA cert. Mbed TLS rejects certificate in mbedtls_x509_crt_check_key_usage (x509_crt.c), because usage_may variable is 0. usage is set by mbedtls_ssl_check_cert_usage (ssl_tls.c) to MBEDTLS_X509_KU_DIGITAL_SIGNATURE because my keys are ECDHE-ECDSA. Is this the expected behaviour ? Thanks in advance François

3 years

1
0
0 0

2026

2025

2024

2023

2022

2021

2020

mbed-tls