All,
Not sure if this is the right audience (If it is not let me know if there is a better place to ask the following question)
We have been looking at future security requirements for CPE devices, and we think that we need the following functionality that is currently not really available in the current crypto libraries.
- Support for Quantum computing secure algorithms (Post Quantum of PQ algorithms)
- Support for Hybrid keys ( PQ plus Classic algorithm), preferable in any configuration.
- Modularized public key crypto algorithms implementation, to simplify adding new algorithms
- Updating public key architecture to simplify off-loading private key operations to a Trusted Execution environment or other security HW.
We initially looked at openssl, but found the openssl difficult to work with, so we decided to look at Mbedtls, which has a more lightweight design.
We modified the mbedtls 'pkey' code to make it more modularized (building on the pkwrap design), and added to support for Hybrid keys, which was relatively easy to do.
Updating the TLS library to support hybrid keys has however been a big challenge. The TLS code is very interwoven with the 'pkey' code, and seems to have almost unique implementation for each type of key, making it difficult to follow and modify. Adding support for other (PQ) algorithms within that design will be challenge.
Before spending too much time on this we would like to know if there is an interest in the MBEDTLS community for a redesign of the code to support hybrid keys, PQ algorithms and modularized public key architecture.
Thanks,
Robert
E-MAIL CONFIDENTIALITY NOTICE:
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
Hi All, A gentle reminder that the US-Europe timezone-friendly MBest TLS
Tech forum is next Monday. If you have any topics, please let Dave Rodgman
know. :) Best regards, Don
Title: MBed TLS Technical Forum
Trusted Firmware is inviting you to a scheduled Zoom meeting.
Topic: MBed TLS Technical Forum
Time: Oct 25, 2021 04:30 PM London
Every 4 weeks on Mon, 20 occurrence(s)
Oct 25, 2021 04:30 PM
Nov 22, 2021 04:30 PM
Dec 20, 2021 04:30 PM
Jan 17, 2022 04:30 PM
Feb 14, 2022 04:30 PM
Mar 14, 2022 04:30 PM
Apr 11, 2022 04:30 PM
May 9, 2022 04:30 PM
Jun 6, 2022 04:30 PM
Jul 4, 2022 04:30 PM
Aug 1, 2022 04:30 PM
Aug 29, 2022 04:30 PM
Sep 26, 2022 04:30 PM
Oct 24, 2022 04:30 PM
Nov 21, 2022 04:30 PM
Dec 19, 2022 04:30 PM
Jan 16, 2023 04:30 PM
Feb 13, 2023 04:30 PM
Mar 13, 2023 04:30 PM
Apr 10, 2023 04:30 PM
Please download and import the following iCalendar (.ics) files to your
calendar system.
Weekly:
https://linaro-org.zoom.us/meeting/tJEkceuurT4sGdaksikbUn6FARB9Kuk3ac2o/ics…
Join Zoom Meeting
https://linaro-org.zoom.us/j/95962635632?pwd=STFkQVltejAzRDJ6NmoxZjhmZC9RUT…
Meeting ID: 959 6263 5632
Passcode: 018366
One tap mobile
+13462487799,,95962635632# US (Houston)
+16699009128,,95962635632# US (San Jose)
Dial by your location
+1 346 248 7799 US (Houston)
+1 669 900 9128 US (San Jose)
+1 253 215 8782 US (Tacoma)
+1 312 626 6799 US (Chicago)
+1 646 558 8656 US (New York)
+1 301 715 8592 US (Washington DC)
877 853 5247 US Toll-free
888 788 0099 US Toll-free
Meeting ID: 959 6263 5632
Find your local number: https://linaro-org.zoom.us/u/aewUpnQu5y
When: Mon Feb 14, 2022 9:30am – 10:30am Mountain Standard Time - Phoenix
Who:
* Don Harbin - creator
* psa-crypto(a)lists.trustedfirmware.org
* mbed-tls(a)lists.trustedfirmware.org
* nnac123(a)gmail.com
Hello,
I am evaluating the mbedTLS library and trying to create a build with Visual Studio 2010, but I am encountering errors. Below are the steps I have taken:
1. Downloaded "mbedtls-3.1.0.zip" and extracted the contents to my Windows 10 computer.
2. Run Visual Studio 2010 and open the solution "mbedTLS.sln" in the folder "mbedtls-3.1.0\visualc\VS2010".
3. Select the "mbedTLS" project and select "Rebuild Only mbedTLS". This is for the Release configuration targeting Win32.
4. During the build process multiple errors are encounter, which seem to be related to Visual Studio's limited C Compiler support. The build output is attached.
Am I missing any steps for configuring the solution or project? I was under the impression that mbedTLS offered support for compiling with Visual Studio 2010? Any help that you can provide would be greatly appreciated.
Best regards,
Murray Shirley, P.Eng.
MicroSurvey Software, Inc.
(250) 707-0000
murray.shirley(a)microsurvey.com<mailto:murray.shirley@microsurvey.com>
Hi,
I am developing TLS client and server for embedded systems. Considering the operational efficiency, it is sufficient to have data authentication. Is it possible to setup a TLS communication with data authentication and without encryption?
Consider a PLC network,
1. Within physical secure zone.
2. Requires faster data transfer.
3. Data are not confidential, but must be cryptographically authenticated.
Thanks,
Gopi Krishnan
Hello.
I am facing the issue of certificate verification error during handshake.The problem is described by me in the appropriate section of the forum.
https://forums.mbed.com/t/mbedtls-failing-with-the-certificate-is-not-corre…
Please help me figure it out - there is no one else to turn to.
Sincerely,
Shabrov Dmitry
Good morning,
My team and me are starting a bigger project concerning object control on the rail. The security specifications shall use TLS version 1.3. I could read on some forums that you are actually working on it. Could I please get some information about the release date of it? If not provided soon we will be forced to switch to another library.
Thanks a lot for your help.
Best Regards,
Lukas Frei
Dipl. MSc Universität Bern und BFH in Biomedical Engineering
Embedded Software Engineer
CSA Engineering AG
Hans Huber-Strasse 38
CH-4500 Solothurn
Direkt +41 32 626 35 81
Telefon +41 32 626 35 55
Fax +41 32 626 35 50
mailto:lukas.frei@csa.ch
https://www.csa.ch
________________________________
Confidentiality Note: This message is intended only for the use of the named recipient(s) and may contain confidential and/or privileged information. If you are not the/an intended recipient, please contact the sender and delete this message. Any unauthorized use of the information contained in this message is prohibited.
Good afternoon.
I am a microcontroller product designer. I ported MBED TLS to STM 32L471 microcontroller. While I do not understand how can I use the certificate. My customer gave me a certificate in the form of a center2m.com.cer file. The file contains the 3 fields:
-----BEGIN CERTIFICATE-----
MIIGVzCCBT+gAwIBAgIMEnU/
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIET
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIDDX
...
-----END CERTIFICATE-----
tell me please, how to port my certificate to certs.c file. The question is which fields to insert where? Please help. No one can answer this question except you.
Sincerely,
development engineer,
Shabrov Dmitrii
Hi All,
This is a gentle reminder that the next MBed TLS Tech forum is next Monday
@10am UK time.
Reminders:
- This is the "Asia timezone friendly" session, but the session
recording and supporting content are archived here
<https://www.trustedfirmware.org/meetings/mbed-tls-technical-forum/>.
- Dial-in details can be found in the online calendar
<https://www.trustedfirmware.org/meetings/>. If you click on this
event in the calendar, it also provides the option to add it to your
personal calendar if you wish
If anyone has topics you would like to see added to the agenda, please
share and Dave and the team will work to get these onto the agenda.
Best regards,
Don
