mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-04-23 11:42:31 +00:00
docs: TLS 1.3: Swap prototype upstreaming status and MVP definition
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
parent
43ffc9d659
commit
653d5bc781
@ -14,55 +14,6 @@ itself based on a version of the development branch that we aim to keep as
|
|||||||
recent as possible (ideally the head) by merging regularly commits of the
|
recent as possible (ideally the head) by merging regularly commits of the
|
||||||
development branch into the prototype.
|
development branch into the prototype.
|
||||||
|
|
||||||
Status
|
|
||||||
------
|
|
||||||
|
|
||||||
The following lists which parts of the TLS 1.3 prototype have already been upstreamed
|
|
||||||
together with their level of testing:
|
|
||||||
|
|
||||||
* TLS 1.3 record protection mechanisms
|
|
||||||
|
|
||||||
The record protection routines `mbedtls_ssl_{encrypt|decrypt}_buf()` have been extended
|
|
||||||
to support the modified TLS 1.3 record protection mechanism, including modified computation
|
|
||||||
of AAD, IV, and the introduction of a flexible padding.
|
|
||||||
|
|
||||||
Those record protection routines have unit tests in `test_suite_ssl` alongside the
|
|
||||||
tests for the other record protection routines.
|
|
||||||
|
|
||||||
TODO: Add some test vectors from RFC 8448.
|
|
||||||
|
|
||||||
- The HKDF key derivation function on which the TLS 1.3 key schedule is based,
|
|
||||||
is already present as an independent module controlled by `MBEDTLS_HKDF_C`
|
|
||||||
independently of the development of the TLS 1.3 prototype.
|
|
||||||
|
|
||||||
- The TLS 1.3-specific HKDF-based key derivation functions (see RFC 8446):
|
|
||||||
* HKDF-Expand-Label
|
|
||||||
* Derive-Secret
|
|
||||||
- Secret evolution
|
|
||||||
* The traffic {Key,IV} generation from secret
|
|
||||||
Those functions are implemented in `library/ssl_tls13_keys.c` and
|
|
||||||
tested in `test_suite_ssl` using test vectors from RFC 8448 and
|
|
||||||
https://tls13.ulfheim.net/.
|
|
||||||
|
|
||||||
- New TLS Message Processing Stack (MPS)
|
|
||||||
|
|
||||||
The TLS 1.3 prototype is developed alongside a rewrite of the TLS messaging layer,
|
|
||||||
encompassing low-level details such as record parsing, handshake reassembly, and
|
|
||||||
DTLS retransmission state machine.
|
|
||||||
|
|
||||||
MPS has the following components:
|
|
||||||
- Layer 1 (Datagram handling)
|
|
||||||
- Layer 2 (Record handling)
|
|
||||||
- Layer 3 (Message handling)
|
|
||||||
- Layer 4 (Retransmission State Machine)
|
|
||||||
- Reader (Abstracted pointer arithmetic and reassembly logic for incoming data)
|
|
||||||
- Writer (Abstracted pointer arithmetic and fragmentation logic for outgoing data)
|
|
||||||
|
|
||||||
Of those components, the following have been upstreamed
|
|
||||||
as part of `MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL`:
|
|
||||||
|
|
||||||
- Reader ([`library/mps_reader.h`](../../library/mps_reader.h))
|
|
||||||
|
|
||||||
|
|
||||||
MVP definition
|
MVP definition
|
||||||
--------------
|
--------------
|
||||||
@ -227,6 +178,57 @@ MVP definition
|
|||||||
response to the MVP ClientHello, server sending a CertificateRequest
|
response to the MVP ClientHello, server sending a CertificateRequest
|
||||||
message ...
|
message ...
|
||||||
|
|
||||||
|
|
||||||
|
Status
|
||||||
|
------
|
||||||
|
|
||||||
|
The following lists which parts of the TLS 1.3 prototype have already been upstreamed
|
||||||
|
together with their level of testing:
|
||||||
|
|
||||||
|
* TLS 1.3 record protection mechanisms
|
||||||
|
|
||||||
|
The record protection routines `mbedtls_ssl_{encrypt|decrypt}_buf()` have been extended
|
||||||
|
to support the modified TLS 1.3 record protection mechanism, including modified computation
|
||||||
|
of AAD, IV, and the introduction of a flexible padding.
|
||||||
|
|
||||||
|
Those record protection routines have unit tests in `test_suite_ssl` alongside the
|
||||||
|
tests for the other record protection routines.
|
||||||
|
|
||||||
|
TODO: Add some test vectors from RFC 8448.
|
||||||
|
|
||||||
|
- The HKDF key derivation function on which the TLS 1.3 key schedule is based,
|
||||||
|
is already present as an independent module controlled by `MBEDTLS_HKDF_C`
|
||||||
|
independently of the development of the TLS 1.3 prototype.
|
||||||
|
|
||||||
|
- The TLS 1.3-specific HKDF-based key derivation functions (see RFC 8446):
|
||||||
|
* HKDF-Expand-Label
|
||||||
|
* Derive-Secret
|
||||||
|
- Secret evolution
|
||||||
|
* The traffic {Key,IV} generation from secret
|
||||||
|
Those functions are implemented in `library/ssl_tls13_keys.c` and
|
||||||
|
tested in `test_suite_ssl` using test vectors from RFC 8448 and
|
||||||
|
https://tls13.ulfheim.net/.
|
||||||
|
|
||||||
|
- New TLS Message Processing Stack (MPS)
|
||||||
|
|
||||||
|
The TLS 1.3 prototype is developed alongside a rewrite of the TLS messaging layer,
|
||||||
|
encompassing low-level details such as record parsing, handshake reassembly, and
|
||||||
|
DTLS retransmission state machine.
|
||||||
|
|
||||||
|
MPS has the following components:
|
||||||
|
- Layer 1 (Datagram handling)
|
||||||
|
- Layer 2 (Record handling)
|
||||||
|
- Layer 3 (Message handling)
|
||||||
|
- Layer 4 (Retransmission State Machine)
|
||||||
|
- Reader (Abstracted pointer arithmetic and reassembly logic for incoming data)
|
||||||
|
- Writer (Abstracted pointer arithmetic and fragmentation logic for outgoing data)
|
||||||
|
|
||||||
|
Of those components, the following have been upstreamed
|
||||||
|
as part of `MBEDTLS_SSL_PROTO_TLS1_3`:
|
||||||
|
|
||||||
|
- Reader ([`library/mps_reader.h`](../../library/mps_reader.h))
|
||||||
|
|
||||||
|
|
||||||
Coding rules checklist for TLS 1.3
|
Coding rules checklist for TLS 1.3
|
||||||
----------------------------------
|
----------------------------------
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user