PSA crypto support (using MbedTLS) plans
Krishna Chaitanya
chaitanya.mgit at gmail.com
Mon Oct 16 11:38:44 PDT 2023
Hi Jouni,
This is a query regarding the plan for adding embedded security support
in Hostap using MbedTLS.
We have two implementations, so, far
1. Based on Epressif's Apache-2.0-based implementation (Submitted by me)
- https://lists.infradead.org/pipermail/hostap/2022-April/040470.html
2. Based on lighthttpd's BSD-3 implementation
- http://lists.infradead.org/pipermail/hostap/2022-September/040794.html
Now I am planning to start a fresh port of MbedTLS but using PSA APIs [1]
which are supposed to be vendor-agnostic and designed for constrained hosts,
see [2]. But I see that APIs of PSA in existing libraries are not the same,
I have checked MbedTLS and WolfSSL, but couldn't find the PSA APIs for
Boring SSL/OpenSSL (only did a quick search).
I have started to work on this using one of the below approaches
1. Generic CRYPTO_PSA with different backends MbedTLS, WolfSSL, etc
2. Different implementations CONFIG_PSA_MBEDTLS, CONFIG_PSA_WOLF_SSL
This will be a ground-up implementation rather than based on existing ones
using MbedTLS as the first backend, not that I see one. But before
that, I want to
check with you and the community to see if this is something that is a shared
interest or not.
[1] - https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/
[2] - https://arm-software.github.io/psa-api/
Others,
Please pitch in if you have any shared interests or parallel
implementation or ideas.
Cheers.
More information about the Hostap
mailing list