Login
Login

mbed TLS

{{short description|Free software library implementing TLS}}

{{multiple issues|

{{lead too short|date=April 2014}}

{{primary sources|date=April 2014}}

}}

{{Infobox software

| name = Mbed TLS

|developer = Collaborative project managed by TrustedFirmware (formerly by Arm)

| logo =

| screenshot =

| caption =

| released = {{Start date|2009|01|15}}

| operating_system = Multi-platform

| programming_language = C

| genre = Security library

| license = Dual Apache-2.0 or GPL-2.0-or-later

| website = {{Url|https://www.trustedfirmware.org/projects/mbed-tls/}}

}}

Mbed TLS (previously PolarSSL) is an implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. It is distributed under the Apache License version 2.0. Stated on the website is that Mbed TLS aims to be "easy to understand, use, integrate and expand".

History

The PolarSSL SSL library is the official continuation fork of the XySSL SSL library. XySSL was created by the French "white hat hacker" Christophe Devine and was first released on November 1, 2006, under GNU GPL v2 and BSD licenses. In 2008, Christophe Devine was no longer able to support XySSL and allowed Paul Bakker to create the official fork, named PolarSSL.{{cite web|url=https://polarssl.org/about-us |title=About us |publisher=PolarSSL |access-date=2014-05-08}} In November 2014, PolarSSL was acquired by ARM Holdings.{{cite web | url=https://polarssl.org/tech-updates/blog/polarssl-part-of-arm | title=PolarSSL is now a part of ARM |date=2014-11-24}}

In 2011, the Dutch government approved an integration between OpenVPN and PolarSSL, which is named OpenVPN-NL. This version of OpenVPN has been approved for use in protecting government communications up to the level of Restricted.[https://www.aivd.nl/organisatie/eenheden/nationaal-bureau/artikel/inzetadviezen ] {{webarchive |url=https://web.archive.org/web/20130129002818/https://www.aivd.nl/organisatie/eenheden/nationaal-bureau/artikel/inzetadviezen |date=January 29, 2013 }}

As of the release of version 1.3.10, PolarSSL has been rebranded to Mbed TLS to better show its fit inside the Mbed ecosystem.{{cite web|url=https://polarssl.org/tech-updates/releases/mbedtls-1.3.10-released|title=mbed TLS 1.3.10 released|date=2015-02-08|access-date=2015-02-09}} Starting from version 2.1.0, the library was made available under both the GPL v2 and Apache License v2.0.{{cite web |title=Download |url=https://tls.mbed.org/download |website=Mbed TLS |publisher=Arm |access-date=2021-04-05 |archive-url=https://web.archive.org/web/20190324130137/https://tls.mbed.org/download |archive-date=2019-03-24}}

In 2020, Mbed TLS joined the TrustedFirmware project.{{cite web |title=Hafnium, MbedTLS, PSA Crypto join the Trusted Firmware Project |url=https://www.trustedfirmware.org/news/Hafnium-MbedTLS-PSA-Crypto-join-the-Trusted-Firmware-Project/ |website=TrustedFirmware |publisher=TrustedFirmware |access-date=2021-04-05 |archive-url=https://web.archive.org/web/20200812183040/https://www.trustedfirmware.org/news/Hafnium-MbedTLS-PSA-Crypto-join-the-Trusted-Firmware-Project/ |archive-date=2020-08-12}}

Library

The core SSL library is written in the C programming language and implements the SSL module, the basic cryptographic functions and provides various utility functions. Unlike OpenSSL and other implementations of TLS, Mbed TLS is like wolfSSL in that it is designed to fit on small embedded devices, with the minimum complete TLS stack requiring under 60KB of program space and under 64 KB of RAM. It is also highly modular: each component, such as a cryptographic function, can be used independently from the rest of the framework. Versions are also available for Microsoft Windows and Linux. Because Mbed TLS is written in the C programming language, without external dependencies, it works on most operating systems and architectures.

Since version 1.3.0, it has abstraction layers for memory allocation and threading to the core "to support better integration with existing embedded operating systems".{{cite web|url=https://polarssl.org/tech-updates/blog/new-features-in-polarssl-1.3.0 |title=New features in PolarSSL 1.3.0 – Tech Updates |publisher=Polarssl.org |access-date=2014-05-08}}

=Design priorities=

The Mbed TLS library expresses a focus on readability of the code, documentation, automated regression tests, a loosely coupled design and portable code.{{cite web|url=https://polarssl.org/features |title=PolarSSL Features: easy to use SSL library and well-documented |publisher=Polarssl.org |access-date=2014-05-08}}

=Development documentation=

The following documentation is available for developers:

  • High Level Design:{{cite web|url=https://polarssl.org/high-level-design |title=PolarSSL High Level Design |publisher=Polarssl.org |access-date=2014-05-08}} a high level description of the different modules inside the library, with UML diagrams, use cases and interactions in common scenarios.
  • API documentation:{{cite web|url=https://polarssl.org/api |title=v1.3.6 source code documentation – API Documentation |publisher=PolarSSL |access-date=2014-05-08}} Doxygen-generated documentation from the header files of the library.
  • Source code documentation:{{cite web|url=https://github.com/polarssl/polarssl |title=polarssl/polarssl — GitHub |publisher=Github.com |access-date=2014-05-08}} The source code of the library is documented to clarify structures, decisions and code constructs.

=Automated testing=

The automated testing of Mbed TLS includes:

  • A test framework is included with the source code that contains over 5000 automated tests (based on the number of tests in version 1.3.2 of the library) to test for regressions and compatibility on different platforms.
  • A compatibility script (compat.sh{{cite web|author=executable file |url=https://github.com/ARMmbed/mbedtls/blob/development/tests/compat.sh |title=mbedtls/compat.sh at development · ARMmbed/mbedtls · GitHub |publisher=Github.com |date=2020-04-26 |access-date=2021-04-05}}) that tests compatibility of SSL communication with OpenSSL and GnuTLS.
  • A continuous integration system based on Travis CI and Jenkins.{{cite web |title=Mbed TLS continuous integration |url=https://developer.trustedfirmware.org/w/mbed-tls/testing/ci/ |website=Trusted Firmware |publisher=Trusted Firmware |access-date=2021-04-05}}

Use

Mbed TLS is used as the SSL component in large open source projects:

Platforms

Mbed TLS is currently available for most Operating Systems including Linux, Microsoft Windows, OS X, OpenWrt, Android, iOS, RISC OS{{cite web |title=Connecting with the 21st century |url=https://www.riscosopen.org/news/articles/2019/04/26/connecting-with-the-21st-century |website=RISC OS Open |publisher=Steve Revill |access-date=2022-04-19}} and FreeRTOS. Chipsets supported at least include ARM, x86, PowerPC, MIPS.

Algorithms

Mbed TLS supports a number of different cryptographic algorithms:

;Cryptographic hash functions:

:MD2, MD4, MD5, RIPEMD160, SHA-1, SHA-2, SHA-3

;MAC modes

:CMAC, HMAC

;Ciphers:

:AES, ARIA, Blowfish, Camellia, ChaCha, DES, RC4, Triple DES, XTEA

;Cipher modes

:ECB, CBC, CFB, CTR, OFB, XTS

;Authenticated encryption modes

:CCM, GCM, NIST Key Wrap,

:ChaCha20-Poly1305

;Key derivation

:HKDF

;Key stretching

:PBKDF2, PKCS #5 PBE2, PKCS #12 key derivation

;Public-key cryptography:

:RSA, Diffie–Hellman key exchange,

:Elliptic curve cryptography (ECC), Elliptic curve Diffie–Hellman (ECDH), Elliptic Curve DSA (ECDSA), Elliptic curve J-PAKE

See also

{{Portal|Free and open-source software}}

References

{{Reflist}}

External links

  • {{Official website|https://www.trustedfirmware.org/projects/mbed-tls/}}

{{Cryptographic software}}

{{TLS/SSL}}

{{DEFAULTSORT:Mbed TLS}}

Category:Cryptographic software

Category:C (programming language) libraries

Category:Free security software

Category:Transport Layer Security implementation

Category:2009 software