Comments (3)
Hi @lauleehong sorry for the long answer.
If I udnerstood your request correctly you would like to use RSA based certificate for the TLS session establishemnt. The ciphersuite is based as ECDHE key-deriviation algorithm. Is this correct?
YOu idea is to store the private/public RSA keys on the Trust X. YOu also have in mind to use the Trust X to support the ECDH.
ECDH is a three steps process, first you generate a new keypair (ECC), and send the public key to the counterpart, second you receive the public key of the counterpart. Third you run ECDH on the Trust X chip giving to the optiga_crypt_ecdh function public key of the counterpart, your private key (reference to it) and the buffer where you would like to get shared secret.
In this case you don't need to read the private key from the chip.
I would like as well to point you here you might find a file which helps to offload the ECDH to the secure element. It is seamlesly integrated into mbedtls.
If you would like to offload completly TLS using both RSA and EC/ECDH you might have a look on OPTIGA Trust M.
It has also full mbedTLS support https://github.com/Infineon/mbedtls-optiga-trust-m
from optiga-trust-x.
@ayushev thanks for the reply. My team came to conclude that this would require a rewrite of mbed-os's TLSSocket to support this secure element. I understand from mbed-os team that this feature is being looked at, and will be expected to release end-2020/early-2021.
from optiga-trust-x.
Hi @lauleehong
I don't know details of your particular implementation and usege scenario, but in general this isn't required.
- mbedTLS is the library used by the mbedOS to support the TLS communication.
- mbedTLS implements the TLS communication by calling individual crypto functions
- mbedTLS does support flexibel substitution of these functions by any other implementation, as such hardware.
- Generally it is a matter of one macro in the mbedTLS config to switch from software implementation to hardware.
- In other words, generaly you don't need to change any line of code neither in mbedTLS nor in mbedOS to make it work
What is supported currently
Trust X
- ECDSA Signature generation and verification
- ECDHE keypair generation and shared secret (key) deriviation
- Rnadom Number generation
Trust M
- All mentined above
- RSA Signature generation/verification
- RSA keypair generation
This Section and this figures can give you better overview on how this is integrated.
from optiga-trust-x.
Related Issues (20)
- [documentation] optiga_crypt_ecdsa_sign HOT 1
- PAL Linux GPIO buffer max length values HOT 1
- keypair generation at index OPTIGA_KEY_STORE_ID_E0F0 always fails. HOT 3
- Signature verification fails HOT 11
- Public key location for pregenerated private key HOT 1
- Storing data on the GP memory HOT 4
- Wrong oid (object id) used in wiki
- AES using optiga and NRF52840 HOT 8
- On chip encryption - Trust X SLS 32AIA HOT 2
- Multiple definition of mbedtls_hardware_poll() HOT 1
- Warning in example_optiga_util_write_data.c HOT 1
- Unclosed extern "C"
- I2C write bug HOT 1
- Mbed OS PAL outdated HOT 2
- There is a edit error HOT 1
- Cannot verify signature using internal certificate HOT 17
- Power consumption in "Power Profile" HOT 1
- Add Popcorn Computer's PocketP.C. i2c pal file
- Re-accessing locked data slots HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from optiga-trust-x.