aboutsummaryrefslogtreecommitdiff
path: root/lib/mbedtls-2.27.0/docs/architecture/tls13-experimental.md
diff options
context:
space:
mode:
authorAdam Harrison <adamdharrison@gmail.com>2022-11-26 16:20:59 -0500
committerAdam Harrison <adamdharrison@gmail.com>2022-11-29 18:39:46 -0500
commitfc0c4ed9a3103e0e6534311923668879fc8e0875 (patch)
tree6e7723c3f45d39f06c243d9c18a3c038da948793 /lib/mbedtls-2.27.0/docs/architecture/tls13-experimental.md
parent3836606e2b735ba7b2dc0f580231843660587fb4 (diff)
downloadlite-xl-plugin-manager-fc0c4ed9a3103e0e6534311923668879fc8e0875.tar.gz
lite-xl-plugin-manager-fc0c4ed9a3103e0e6534311923668879fc8e0875.zip
Removed openssl, and curl, and added mbedded tls.curl-removal
Almost fully removed curl, needs more testing. Fixed most issues, now trying to cross compile. Fix? Sigh.
Diffstat (limited to 'lib/mbedtls-2.27.0/docs/architecture/tls13-experimental.md')
-rw-r--r--lib/mbedtls-2.27.0/docs/architecture/tls13-experimental.md68
1 files changed, 68 insertions, 0 deletions
diff --git a/lib/mbedtls-2.27.0/docs/architecture/tls13-experimental.md b/lib/mbedtls-2.27.0/docs/architecture/tls13-experimental.md
new file mode 100644
index 0000000..10cbfa1
--- /dev/null
+++ b/lib/mbedtls-2.27.0/docs/architecture/tls13-experimental.md
@@ -0,0 +1,68 @@
+TLS 1.3 Experimental Developments
+=================================
+
+Overview
+--------
+
+Mbed TLS doesn't support the TLS 1.3 protocol yet, but a prototype is in development.
+Stable parts of this prototype that can be independently tested are being successively
+upstreamed under the guard of the following macro:
+
+```
+MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+```
+
+This macro will likely be renamed to `MBEDTLS_SSL_PROTO_TLS1_3` once a minimal viable
+implementation of the TLS 1.3 protocol is available.
+
+See the [documentation of `MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL`](../../include/mbedtls/config.h)
+for more information.
+
+Status
+------
+
+The following lists which parts of the TLS 1.3 prototype have already been upstreamed
+together with their level of testing:
+
+* TLS 1.3 record protection mechanisms
+
+ The record protection routines `mbedtls_ssl_{encrypt|decrypt}_buf()` have been extended
+ to support the modified TLS 1.3 record protection mechanism, including modified computation
+ of AAD, IV, and the introduction of a flexible padding.
+
+ Those record protection routines have unit tests in `test_suite_ssl` alongside the
+ tests for the other record protection routines.
+
+ TODO: Add some test vectors from RFC 8448.
+
+- The HKDF key derivation function on which the TLS 1.3 key schedule is based,
+ is already present as an independent module controlled by `MBEDTLS_HKDF_C`
+ independently of the development of the TLS 1.3 prototype.
+
+- The TLS 1.3-specific HKDF-based key derivation functions (see RFC 8446):
+ * HKDF-Expand-Label
+ * Derive-Secret
+ - Secret evolution
+ * The traffic {Key,IV} generation from secret
+ Those functions are implemented in `library/ssl_tls13_keys.c` and
+ tested in `test_suite_ssl` using test vectors from RFC 8448 and
+ https://tls13.ulfheim.net/.
+
+- New TLS Message Processing Stack (MPS)
+
+ The TLS 1.3 prototype is developed alongside a rewrite of the TLS messaging layer,
+ encompassing low-level details such as record parsing, handshake reassembly, and
+ DTLS retransmission state machine.
+
+ MPS has the following components:
+ - Layer 1 (Datagram handling)
+ - Layer 2 (Record handling)
+ - Layer 3 (Message handling)
+ - Layer 4 (Retransmission State Machine)
+ - Reader (Abstracted pointer arithmetic and reassembly logic for incoming data)
+ - Writer (Abstracted pointer arithmetic and fragmentation logic for outgoing data)
+
+ Of those components, the following have been upstreamed
+ as part of `MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL`:
+
+ - Reader ([`library/mps_reader.h`](../../library/mps_reader.h))