diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md index 6566393c4..c8dd99822 100644 --- a/docs/architecture/tls13-support.md +++ b/docs/architecture/tls13-support.md @@ -14,55 +14,6 @@ itself based on a version of the development branch that we aim to keep as recent as possible (ideally the head) by merging regularly commits of the development branch into the prototype. -Status ------- - -The following lists which parts of the TLS 1.3 prototype have already been upstreamed -together with their level of testing: - -* TLS 1.3 record protection mechanisms - - The record protection routines `mbedtls_ssl_{encrypt|decrypt}_buf()` have been extended - to support the modified TLS 1.3 record protection mechanism, including modified computation - of AAD, IV, and the introduction of a flexible padding. - - Those record protection routines have unit tests in `test_suite_ssl` alongside the - tests for the other record protection routines. - - TODO: Add some test vectors from RFC 8448. - -- The HKDF key derivation function on which the TLS 1.3 key schedule is based, - is already present as an independent module controlled by `MBEDTLS_HKDF_C` - independently of the development of the TLS 1.3 prototype. - -- The TLS 1.3-specific HKDF-based key derivation functions (see RFC 8446): - * HKDF-Expand-Label - * Derive-Secret - - Secret evolution - * The traffic {Key,IV} generation from secret - Those functions are implemented in `library/ssl_tls13_keys.c` and - tested in `test_suite_ssl` using test vectors from RFC 8448 and - https://tls13.ulfheim.net/. - -- New TLS Message Processing Stack (MPS) - - The TLS 1.3 prototype is developed alongside a rewrite of the TLS messaging layer, - encompassing low-level details such as record parsing, handshake reassembly, and - DTLS retransmission state machine. - - MPS has the following components: - - Layer 1 (Datagram handling) - - Layer 2 (Record handling) - - Layer 3 (Message handling) - - Layer 4 (Retransmission State Machine) - - Reader (Abstracted pointer arithmetic and reassembly logic for incoming data) - - Writer (Abstracted pointer arithmetic and fragmentation logic for outgoing data) - - Of those components, the following have been upstreamed - as part of `MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL`: - - - Reader ([`library/mps_reader.h`](../../library/mps_reader.h)) - MVP definition -------------- @@ -227,6 +178,57 @@ MVP definition response to the MVP ClientHello, server sending a CertificateRequest message ... + +Status +------ + +The following lists which parts of the TLS 1.3 prototype have already been upstreamed +together with their level of testing: + +* TLS 1.3 record protection mechanisms + + The record protection routines `mbedtls_ssl_{encrypt|decrypt}_buf()` have been extended + to support the modified TLS 1.3 record protection mechanism, including modified computation + of AAD, IV, and the introduction of a flexible padding. + + Those record protection routines have unit tests in `test_suite_ssl` alongside the + tests for the other record protection routines. + + TODO: Add some test vectors from RFC 8448. + +- The HKDF key derivation function on which the TLS 1.3 key schedule is based, + is already present as an independent module controlled by `MBEDTLS_HKDF_C` + independently of the development of the TLS 1.3 prototype. + +- The TLS 1.3-specific HKDF-based key derivation functions (see RFC 8446): + * HKDF-Expand-Label + * Derive-Secret + - Secret evolution + * The traffic {Key,IV} generation from secret + Those functions are implemented in `library/ssl_tls13_keys.c` and + tested in `test_suite_ssl` using test vectors from RFC 8448 and + https://tls13.ulfheim.net/. + +- New TLS Message Processing Stack (MPS) + + The TLS 1.3 prototype is developed alongside a rewrite of the TLS messaging layer, + encompassing low-level details such as record parsing, handshake reassembly, and + DTLS retransmission state machine. + + MPS has the following components: + - Layer 1 (Datagram handling) + - Layer 2 (Record handling) + - Layer 3 (Message handling) + - Layer 4 (Retransmission State Machine) + - Reader (Abstracted pointer arithmetic and reassembly logic for incoming data) + - Writer (Abstracted pointer arithmetic and fragmentation logic for outgoing data) + + Of those components, the following have been upstreamed + as part of `MBEDTLS_SSL_PROTO_TLS1_3`: + + - Reader ([`library/mps_reader.h`](../../library/mps_reader.h)) + + Coding rules checklist for TLS 1.3 ----------------------------------