PSA crypto support (using MbedTLS) plans
Krishna Chaitanya
chaitanya.mgit at gmail.com
Tue Oct 17 01:48:08 PDT 2023
On Tue, 17 Oct 2023, 07:32 Glenn Strauss, <gs-lists-hostap at gluelogic.com> wrote:
>
> On Tue, Oct 17, 2023 at 12:08:44AM +0530, Krishna Chaitanya wrote:
> > Hi Jouni,
> >
> > This is a query regarding the plan for adding embedded security support
> > in Hostap using MbedTLS.
> >
> > We have two implementations, so, far
> >
> > 1. Based on Epressif's Apache-2.0-based implementation (Submitted by me)
> > - https://lists.infradead.org/pipermail/hostap/2022-April/040470.html
> > 2. Based on lighthttpd's BSD-3 implementation
> > - http://lists.infradead.org/pipermail/hostap/2022-September/040794.html
>
> The implementation by the lighttpd developer (me) was polished and is
> used *in production* by openwrt 23.05 with mbedtls 2.xx. As I recall,
> I completed full support for SAE and OWE, and also most DPP tests in
> the hostap hwsim tests. (DPP2 with mbedtls 3.3 (?) when PKCS#7 support
> was added to mbedtls) https://github.com/openwrt/openwrt/pull/10727
>
> https://github.com/gstrauss/hostap branch mbedtls targets mbedtls
> main branch, including support for mbedtls 3.x, which I think was
> mbedtls 3.2 when I was coding against it a year ago (last December).
>
> I have not revisited my mbedtls hostap port to the ARM PSA API.
> (ARM PSA is Arm’s Platform Security Architecture)
>
>
>
> Given the dated TLSv1.1 implementation native to hostap, I really hope
> that Jouni engages with me, and also with the WolfSSL developer (who is
> on the WolfSSL team!) to allow us to each maintain mbedtls and WolfSSL
> patches, respectively, in hostap.
FYI the implementation in #1 is also production ready with MbedTLS 2 and 3.
The cleanups are also ready, I just haven't posted them as we haven't concluded,
licensing is the only issue with that.
More information about the Hostap
mailing list