mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-03 20:54:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

docs: TLS 1.3: Update prototype upstreaming status

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-12-09 14:53:59 +01:00
parent 653d5bc781
commit 7aa6fc1992
1 changed files with 11 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
docs/architecture/tls13-support.md
View File

@ -12,7 +12,8 @@ The development of the TLS 1.3 protocol is based on the TLS 1.3 prototype
located at https://github.com/hannestschofenig/mbedtls. The prototype is located at https://github.com/hannestschofenig/mbedtls. The prototype is
itself based on a version of the development branch that we aim to keep as itself based on a version of the development branch that we aim to keep as
recent as possible (ideally the head) by merging regularly commits of the recent as possible (ideally the head) by merging regularly commits of the
development branch into the prototype. development branch into the prototype. The section "Prototype upstreaming
status" below describes what remains to be upstreamed.
MVP definition MVP definition
@ -179,35 +180,19 @@ MVP definition
message ... message ...
Status Prototype upstreaming status
------ ----------------------------
The following lists which parts of the TLS 1.3 prototype have already been upstreamed The following gives an hint of which parts of the TLS 1.3 prototype remain
together with their level of testing: to be upstreamed:
* TLS 1.3 record protection mechanisms - Ephemeral only handshake on client side: client authentication,
HelloRetryRequest support, version negotiation.
The record protection routines `mbedtls_ssl_{encrypt|decrypt}_buf()` have been extended - Ephemeral only handshake server side.
to support the modified TLS 1.3 record protection mechanism, including modified computation
of AAD, IV, and the introduction of a flexible padding.
Those record protection routines have unit tests in `test_suite_ssl` alongside the - Pre-shared keys, session resumption and 0-RTT data (both client and server
tests for the other record protection routines. side).
TODO: Add some test vectors from RFC 8448.
- The HKDF key derivation function on which the TLS 1.3 key schedule is based,
is already present as an independent module controlled by `MBEDTLS_HKDF_C`
independently of the development of the TLS 1.3 prototype.
- The TLS 1.3-specific HKDF-based key derivation functions (see RFC 8446):
* HKDF-Expand-Label
* Derive-Secret
- Secret evolution
* The traffic {Key,IV} generation from secret
Those functions are implemented in `library/ssl_tls13_keys.c` and
tested in `test_suite_ssl` using test vectors from RFC 8448 and
https://tls13.ulfheim.net/.
- New TLS Message Processing Stack (MPS) - New TLS Message Processing Stack (MPS)