Mbedtls provides functions to access symmetric and asymmetric cryptography algorithms, it is licensed under GPLv2 and Apache 2 License and is maintained by ARM mbed. The library does not have any external dependencies, the compiled binary has a size of 60 KB and requires only 64 KB RAM when executed. This makes it an ideal solution to run on a bare-metal embedded system, such as the Arduino Primo (nRF52832).
Mbedtls needs to be configured for the target, this can be done by deactivating platform unsupported build options. The following configuration options were disabled, because the corresponding (hardware) modules are not present on the traget platform (ARM-based Arduinos): MBEDTLS_NET_C, MBEDTLS_TIMING_C, MBEDTLS_ENTROPY_PLATFORM, MBEDTLS_FS_IO, MBEDTLS_HAVE_TIME_DATE, MBEDTLS_HAVE_TIME
MBEDTLS_NET_C requires the BSD sockets API, which is obviously not present on a bare-metal system. MBEDTLS_TIMING_C, MBEDTLS_HAVE_TIME\_DATE, MBEDTLS_HAVE_TIME need to be deactivated because no RTC is present. MBEDTLS_FS_IO is also not available because a POSIX like filesystem is not present on the Arduinos. MBEDTLS_ENTROPY_PLATFORM is important for random number generation but must be deactivated because it implements a POSIX API and uses /dev/urandom as a seed, which is not present on the Arduino (and on other bare-metal embedded systems). When a RNG (random number generator) is important for the project it must be implemented differently. A lot of ARM based microcontrollers provide embedded hardware RNGs. See my other blogpost to make use of the Arduino Primo RNG.
The sample source code below shows AES cryptography (AES256) and message authentication using HMAC-SHA256:
The archive below contains the sample project for the Arduino including the mbedtls library: