Hi all,
We have implemented the PSA Functional API for a custom secure environment
which passes PSA Arch tests.
Now we would like to run mbedtls tests (make check) on the PSA API if
possible.
When we run "make check", it includes and compiles library/psa_crypto.c file
for mbedTLS's PSA API Implementation.
Herein, we would like to compile our own psa_crypto.c implementation, does
mbedtls build system allow us to include custom PSA API Implementation to
run tests?
Thank you.
Murat
Hello,
The interface of the Diffie-Hellman (DHM) module is modeled on the way
it's used in TLS, which is a bit different from the classical
presentation. You can find code examples in programs/pkey/dh_client.c
and programs/pkey/dh_server.c .
Elliptic-curve Diffie-Hellman (provided by the ECDH module) has similar
security properties and is significantly faster. If you don't need
interoperability with legacy software that only supports classical
(finite-field) Diffie-Hellman, you should use ECDH rather than DHM. With
the ECDH module, you can use either the same TLS-inspired interface as
the DHM module, or a more classical interface for which there is a usage
example in psa_crypto.c in the function psa_key_agreement_ecdh.
Hope this helps,
--
Gilles Peskine
Mbed TLS developer
You can find an example of the TLS-like inter
On 12/08/2020 14:02, youssouf sokhona via mbed-tls wrote:
>
> Hello, I hope you are going well during this Covid crisis.
>
>
>
> I'm sending you this message to find out how to generate a Diffie
> Hellman key using MbedTLS. Indeed, with all the documentation, I'm a
> bit lost.
>
>
>
> I think, you have to use the int mbedtls_dhm_set_group function to
> create p and g. And then, I don't know how to use which function...
> Moreover, I can't find any function that allows to set a and b,
> whereas they are 2 fundamental elements
>
> Can you help me? Thank you!
>
>
>
> Best regards, YS
>
>
>
Hello,
Short version: to use the official tools to configure Mbed TLS, or to
run the unit tests, you need Python. If we start requiring Python 3.5,
is this going to be a problem?
Detailed version:
Mbed TLS includes four Python scripts that are of interest to users,
with a fifth one in preparation:
* scripts/config.py : compile-time configuration (unless you prefer to
edit config.h directly).
* scripts/generate_psa_constants.py : to build
programs/psa/psa_constant_names (we have a pending task to commit the
result instead of requiring it during the build).
* tests/scripts/generate_test_code.py : necessary to build the unit tests.
* tests/scripts/mbedtls_test.py : does anyone use this? It's for testing
on platforms with Greentea, but some of the automation is missing.
* upcoming: a script to generate glue code for accelerator and secure
element drivers. We'll also provide a manual way, but it won't be as
convenient.
This is a question to everyone who's building Mbed TLS and using some of
these scripts: is it ok if they require Python 3.5?
Currently:
* scripts/config.py requires Python 3.5.
* scripts/generate_psa_constants.py requires Python 3.3.
* tests/scripts/generate_test_code.py still works with Python 2.7.
* tests/scripts/mbedtls_test.py still works with Python 2.7.
* the driver glue code generation script will require Python 3.5, or
Python 3.4 + typing.
Is there any demand for versions of Python before 3.5?
--
Gilles Peskine
Mbed TLS developer
Hello, I hope you are going well during this Covid crisis.
I'm sending you this message to find out how to generate a Diffie Hellman key using MbedTLS. Indeed, with all the documentation, I'm a bit lost.
I think, you have to use the int mbedtls_dhm_set_group function to create p and g. And then, I don't know how to use which function... Moreover, I can't find any function that allows to set a and b, whereas they are 2 fundamental elements
Can you help me? Thank you!
Best regards, YS
Hi Frank,
We have now updated the links both on the download-archive and releases site and now they point to https://github.com/ARMmbed/mbedtls/releases, where all the releases are available.
We also have added checksums to the release notes on github and fixed the archive structure.
Thank you very much for pointing these issues out!
Cheers,
Janos
(Mbed TLS developer)
On 04/08/2020, 19:06, "mbed-tls on behalf of Frank Bergmann via mbed-tls" <mbed-tls-bounces(a)lists.trustedfirmware.org on behalf of mbed-tls(a)lists.trustedfirmware.org> wrote:
Hi,
2.16.7 was released on github more than one month ago (2020-07-01).
But it is not listed on
- download archive at https://tls.mbed.org/download-archive
- release news at https://tls.mbed.org/tech-updates/releases
Questions about that:
- Is it an "official" release even if it is not mentioned on release news?
- When will it be available in download archive?
- If there will be no more addings to download archive because now we'll
have to use github:
* Will there be separate releases GPL/Apache available?
* Will a signed/unsigned check sum be provided?
* Will the "new structure" as provided by tarball on github be kept
in future or was it just an accident? (e.g. main dir is named
"mbedtls-mbedtls-2.16.7")
I started using mbed TLS with 2.16.6 but now I am confused. ;-)
cheers,
Frank
--
mbed-tls mailing list
mbed-tls(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
Hi Frank,
I confirm that 2.16.7 is an official release of the 2.16 long-time
support branch of Mbed TLS, alongside 2.7.16 for the 2.7 branch and
2.23.0 for the latest features. Everyone should update to one of these
versions since they fix security issues and other bugs.
We're progressively transitioning the project from Arm infrastructure to
TrustedFirmware infrastructure. Eventually we'll decommission the
existing tls.mbed.org, and we intend to distribute releases via
trustedfirmware.org. We no longer intend to reference new releases
directly on https://tls.mbed.org/download-archive . For the time being,
we're distributing via GitHub. However, it isn't right that
https://tls.mbed.org/download-archive links to
https://github.com/ARMmbed/mbedtls/releases/ which doesn't list LTS
branches. We need to link from https://tls.mbed.org/download-archive to
the place that has the latest LTS releases one way or the other.
There are no longer separate archives with Apache and GPL licenses.
These archives were always identical except for license headers. Now LTS
releases are distributed as a single archive in which the files are
dual-licensed.
The naming with mbedtls-mbedtls- must be a bug in our release script.
Thanks for noticing.
I don't think we made a conscious decision not to provide official
checksums. I can see the value of having them so let's try to
incorporate those in our new release process.
--
Gilles Peskine
Mbed TLS developer
On 04/08/2020 19:05, Frank Bergmann via mbed-tls wrote:
> Hi,
>
> 2.16.7 was released on github more than one month ago (2020-07-01).
> But it is not listed on
> - download archive at https://tls.mbed.org/download-archive
> - release news at https://tls.mbed.org/tech-updates/releases
>
> Questions about that:
> - Is it an "official" release even if it is not mentioned on release news?
> - When will it be available in download archive?
> - If there will be no more addings to download archive because now we'll
> have to use github:
> * Will there be separate releases GPL/Apache available?
> * Will a signed/unsigned check sum be provided?
> * Will the "new structure" as provided by tarball on github be kept
> in future or was it just an accident? (e.g. main dir is named
> "mbedtls-mbedtls-2.16.7")
>
> I started using mbed TLS with 2.16.6 but now I am confused. ;-)
>
> cheers,
> Frank
>
>
Hi,
2.16.7 was released on github more than one month ago (2020-07-01).
But it is not listed on
- download archive at https://tls.mbed.org/download-archive
- release news at https://tls.mbed.org/tech-updates/releases
Questions about that:
- Is it an "official" release even if it is not mentioned on release news?
- When will it be available in download archive?
- If there will be no more addings to download archive because now we'll
have to use github:
* Will there be separate releases GPL/Apache available?
* Will a signed/unsigned check sum be provided?
* Will the "new structure" as provided by tarball on github be kept
in future or was it just an accident? (e.g. main dir is named
"mbedtls-mbedtls-2.16.7")
I started using mbed TLS with 2.16.6 but now I am confused. ;-)
cheers,
Frank
Hi Youssouf,
This is Steven with Silicon Labs. It sounds like you have questions that are very device-specific, and relate to Silicon Labs products. We do provide TRNG drivers for mbed TLS through Simplicity Studio and our software SDK. Please contact our support staff at www.silabs.com/support<http://www.silabs.com/support>, and they’ll do their best to help you out with your questions.
Regards,
-- Steven
From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of youssouf sokhona via mbed-tls <mbed-tls(a)lists.trustedfirmware.org>
Reply to: youssouf sokhona <youssouf.sokhona(a)hotmail.fr>
Date: Tuesday, 4 August 2020 at 12:59
To: "mbed-tls(a)lists.trustedfirmware.org" <mbed-tls(a)lists.trustedfirmware.org>
Subject: [mbed-tls] Entropy & TRNG on the BGM13P32
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hi, everyone,
First of all, I hope you are all healthy during this difficult time.
I am working with Simplicity Studio IDE with MbedTLS and I am currently working on a project with a BGM13P32. I plan to perform a key exchange via bluetooth with the Diffie Hellman protocol. To start my project, I need an entropy source. I read the following on the BGM13P32 documentation "The TRNG is a non-deterministic random number generator based on a full hardware solution. The TRNG is validated with NIST800-22and AIS-31 test suites as well as being suitable for FIPS 140-2 certification (for the purposes of cryptographic key generation)."
And I also read about the Random Number Generator "The Frame Controller (FRC) implements a random number generator that uses entropy gathered from noise in the RF receive chain.The data is suitable for use in cryptographic applications.Output from the random number generator can be used either directly or as a seed or entropy source for software-based random num-ber generator algorithms such as Fortuna"
Knowing this, how can we use this to create entropy and then create a sequence of random numbers? I need to implement the MbedTLS_hardware_poll() function? Do I have to add another entropy, like real timing for example
As you can see I am a bit confused actually. Can you help me out?
Thanks in advance, and take care of yourself !
