PSA crypto support (using MbedTLS) plans

Glenn Strauss gs-lists-hostap at gluelogic.com
Mon Oct 16 19:01:55 PDT 2023


On Tue, Oct 17, 2023 at 12:08:44AM +0530, Krishna Chaitanya wrote:
> Hi Jouni,
> 
> This is a query regarding the plan for adding embedded security support
> in Hostap using MbedTLS.
> 
> We have two implementations, so, far
> 
> 1. Based on Epressif's Apache-2.0-based implementation (Submitted by me)
> - https://lists.infradead.org/pipermail/hostap/2022-April/040470.html
> 2. Based on lighthttpd's BSD-3 implementation
> - http://lists.infradead.org/pipermail/hostap/2022-September/040794.html

The implementation by the lighttpd developer (me) was polished and is
used *in production* by openwrt 23.05 with mbedtls 2.xx.  As I recall,
I completed full support for SAE and OWE, and also most DPP tests in
the hostap hwsim tests.  (DPP2 with mbedtls 3.3 (?) when PKCS#7 support
was added to mbedtls) https://github.com/openwrt/openwrt/pull/10727

https://github.com/gstrauss/hostap branch mbedtls targets mbedtls
main branch, including support for mbedtls 3.x, which I think was
mbedtls 3.2 when I was coding against it a year ago (last December).

I have not revisited my mbedtls hostap port to the ARM PSA API.
(ARM PSA is Arm’s Platform Security Architecture)



Given the dated TLSv1.1 implementation native to hostap, I really hope
that Jouni engages with me, and also with the WolfSSL developer (who is
on the WolfSSL team!) to allow us to each maintain mbedtls and WolfSSL
patches, respectively, in hostap.

Cheers, Glenn



More information about the Hostap mailing list