• State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 73 subscribers
  • Views 1673 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 244744
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Directly access mbedTLS from nRF-SDK

M. David.

Hey all

I have to following setup:

  • nRF52840-DK (development kit)
  • Nordic SDK 15.3
  • Development using eclipse CDT (Makefile project)

I'd like to implement an EC-JPAKE sequence, by directly accessing the mbedtls API (ecjpake.h from mbedtls).

I've tried to statically link the mbedtls library to my existing Nordic project. However there where some problems with the entropy source. Then I decided to access the mbedtls library directly via the nordic SDK. As I discovered the mbedtls library is included in the nordic SDK. So I just added the neccesary files ($(SDK_ROOT)/external/mbedtls/library/ecjpake.c \) and include folder ($(SDK_ROOT)/external/mbedtls/include/mbedtls \) to my Makefile. Everything builds this way just fine.

However I also discovered the following link: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrfxlib/nrf_security/doc/nrf_security.html#ecjpake-configurations

There is something described, which goes by the name security-module. Now I'm confused:

  • What would be the best approach to get access to the ecjpake API from mbedtls, there seem to be various ways?
  • And how can I get this security-module (they are using some kconfig files) to work?

Thanks in advance for any help

Cheers

David

Parents
  • 0

    Hi, 

    What would be the best approach to get access to the ecjpake API from mbedtls, there seem to be various ways?

    SDK 15.3 does not support the ecjpake API.  It only supports Elliptic Curve Cryptography Key ManagementElliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Digital Signature (ECDSA)

    And how can I get this security-module (they are using some kconfig files) to work?

     If you want to use Elliptic Curve Cryptography Library, please enable ECC_ENABLED in the sdk_config.h

    -Amanda H.

  • +1 in reply to Amanda Hsieh

    Thanks for your answer, I'm aware that the nordic SDK does not provide the ecjpake API.That's the reason, why I currently use the mbedtls directly.

    My question goes more in the direction: what's the best approach to access/link the mbedtls library in my project?

    - link it as static library

    - Access via the SDK source (external)

    - what else?

    What I'm currently doing is, I've just added the ecjpake.c file, which is available in the nordic SDK (because nordic is using the mbedtls implementation) into my Makefile and then I was ready to use the ecjpake from mbedtls directly.

    I'm not interested in Elliptic Curve Cryptography directly but only in regard of the ec-jpake.

  • 0 in reply to M. David.

    Hi, 

    I have not tested it, but I don't see why it should be a problem. But neither do I see a reason for it (other than saving compilation time)

    you can use the mbed tls directly anyway, without building it as a separate library first (like we do in nrf_crypto).

    -Amanda H.

Reply
  • 0 in reply to M. David.

    Hi, 

    I have not tested it, but I don't see why it should be a problem. But neither do I see a reason for it (other than saving compilation time)

    you can use the mbed tls directly anyway, without building it as a separate library first (like we do in nrf_crypto).

    -Amanda H.

Children
No Data
Related
Terms of service