net: sockets_tls: add support for TLS 1.3

Enables TLS 1.3 sockets based on Mbed TLS.

Signed-off-by: Valerio Setti <[email protected]>

Author: valeriosetti

doc/releases/release-notes-4.0.rst

@@ -329,6 +329,18 @@ Libraries / Subsystems
     secure random sources when :kconfig:option:`CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG`
     is also enabled. This is only meant to be used for test purposes, not in production.
     (:github:`76408`)
+  * The Kconfig symbol :kconfig:option:`CONFIG_MBEDTLS_TLS_VERSION_1_3` was added to
+    enable TLS 1.3 support from Mbed TLS. When this is enabled the following
+    new Kconfig symbols can also be enabled:
+
+    * :kconfig:option:`CONFIG_MBEDTLS_TLS_SESSION_TICKETS` to enable session tickets
+      (RFC 5077);
+    * :kconfig:option:`CONFIG_MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED`
+      for TLS 1.3 PSK key exchange mode;
+    * :kconfig:option:`CONFIG_MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED`
+      for TLS 1.3 ephemeral key exchange mode;
+    * :kconfig:option:`CONFIG_MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED`
+      for TLS 1.3 PSK ephemeral key exchange mode.
 
 * CMSIS-NN
 

include/zephyr/net/net_ip.h

@@ -78,6 +78,7 @@ enum net_ip_protocol_secure {
 	IPPROTO_TLS_1_0 = 256,     /**< TLS 1.0 protocol */
 	IPPROTO_TLS_1_1 = 257,     /**< TLS 1.1 protocol */
 	IPPROTO_TLS_1_2 = 258,     /**< TLS 1.2 protocol */
+	IPPROTO_TLS_1_3 = 259,     /**< TLS 1.3 protocol */
 	IPPROTO_DTLS_1_0 = 272,    /**< DTLS 1.0 protocol */
 	IPPROTO_DTLS_1_2 = 273,    /**< DTLS 1.2 protocol */
 };

modules/mbedtls/Kconfig.tls-generic

@@ -19,10 +19,24 @@ if MBEDTLS_TLS_VERSION_1_2
 config MBEDTLS_DTLS
 	bool "Support for DTLS"
 
+endif # MBEDTLS_TLS_VERSION_1_2
+
+config MBEDTLS_TLS_VERSION_1_3
+	bool "Support for TLS 1.3"
+
+if MBEDTLS_TLS_VERSION_1_3
+
+config MBEDTLS_TLS_SESSION_TICKETS
+	bool "Support for RFC 5077 session tickets in TLS 1.3"
+
+endif # MBEDTLS_TLS_VERSION_1_3
+
+if MBEDTLS_TLS_VERSION_1_2 || MBEDTLS_TLS_VERSION_1_3
+
 config MBEDTLS_SSL_ALPN
 	bool "Support for setting the supported Application Layer Protocols"
 
-endif
+endif # MBEDTLS_TLS_VERSION_1_2 || MBEDTLS_TLS_VERSION_1_3
 
 endmenu # TLS
 
@@ -57,21 +71,12 @@ config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
 config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
 	bool "RSA-PSK based ciphersuite modes"
 
-config MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
-	bool
-	default y
-	depends on \
-		MBEDTLS_KEY_EXCHANGE_PSK_ENABLED || \
-		MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED || \
-		MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || \
-		MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-
 config MBEDTLS_PSK_MAX_LEN
 	int "Max size of TLS pre-shared keys"
 	default 32
-	depends on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
 	help
-	  Max size of TLS pre-shared keys, in bytes.
+	  Max size of TLS pre-shared keys, in bytes. It has no effect if no
+	  PSK key exchange is used.
 
 config MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
 	bool "RSA-only based ciphersuite modes"
@@ -91,7 +96,7 @@ config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 
 config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 	bool "ECDHE-ECDSA based ciphersuite modes"
-	depends on MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
+	depends on MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C || (PSA_WANT_ALG_ECDH && PSA_WANT_ALG_ECDSA)
 
 config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
 	bool "ECDH-ECDSA based ciphersuite modes"
@@ -108,6 +113,19 @@ config MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 	bool "ECJPAKE based ciphersuite modes"
 	depends on MBEDTLS_ECJPAKE_C
 
+if MBEDTLS_TLS_VERSION_1_3
+
+config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+	bool "TLS 1.3 PSK key exchange mode"
+
+config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+	bool "TLS 1.3 ephemeral key exchange mode"
+
+config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+	bool "TLS 1.3 PSK ephemeral key exchange mode"
+
+endif # MBEDTLS_TLS_VERSION_1_3
+
 config MBEDTLS_HKDF_C
 	bool "HMAC-based Extract-and-Expand Key Derivation Function"
 

modules/mbedtls/configs/config-tls-generic.h

@@ -57,14 +57,32 @@
 #define MBEDTLS_SSL_PROTO_TLS1_2
 #endif
 
-#if defined(CONFIG_MBEDTLS_TLS_VERSION_1_2)
+#if defined(CONFIG_MBEDTLS_TLS_VERSION_1_3)
+#define MBEDTLS_SSL_PROTO_TLS1_3
+#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+#endif
 
-/* Modules required for TLS */
+#if defined(CONFIG_MBEDTLS_TLS_VERSION_1_2) || \
+	defined(CONFIG_MBEDTLS_TLS_VERSION_1_3)
+
+/* Common modules required for TLS 1.2 and 1.3 */
 #define MBEDTLS_SSL_TLS_C
 #define MBEDTLS_SSL_SRV_C
 #define MBEDTLS_SSL_CLI_C
+
+/* This is not supported by Mbed TLS in TLS 1.3 mode
+ * (see modules/crypto/mbedtls/docs/architecture/tls13-support.md).
+ */
+#if !defined(CONFIG_MBEDTLS_TLS_VERSION_1_3)
 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+#endif
 
+#endif /* CONFIG_MBEDTLS_TLS_VERSION_1_2 || CONFIG_MBEDTLS_TLS_VERSION_1_3 */
+
+#if defined(CONFIG_MBEDTLS_TLS_SESSION_TICKETS)
+#define MBEDTLS_SSL_SESSION_TICKETS
+#define MBEDTLS_SSL_TICKET_C
 #endif
 
 #if defined(CONFIG_MBEDTLS_DTLS)
@@ -128,6 +146,20 @@
 #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 #endif
 
+#if defined(CONFIG_MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+#define MBEDTLS_SSL_EARLY_DATA
+#endif
+
+#if defined(CONFIG_MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+#endif
+
+#if defined(CONFIG_MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+#define MBEDTLS_SSL_EARLY_DATA
+#endif
+
 #if defined(CONFIG_MBEDTLS_HKDF_C)
 #define MBEDTLS_HKDF_C
 #endif
@@ -353,12 +385,13 @@
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
+	defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
+	defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+	defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+	defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+	defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
+	defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+	defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
 #define MBEDTLS_X509_CRT_PARSE_C
 #endif
 
@@ -423,7 +456,7 @@
 #endif
 
 #if defined(CONFIG_MBEDTLS_SERVER_NAME_INDICATION) && \
-    defined(MBEDTLS_X509_CRT_PARSE_C)
+	defined(MBEDTLS_X509_CRT_PARSE_C)
 #define MBEDTLS_SSL_SERVER_NAME_INDICATION
 #endif
 

subsys/net/lib/sockets/sockets_tls.c

@@ -1056,7 +1056,7 @@ static int tls_set_psk(struct tls_context *tls,
 		       struct tls_credential *psk,
 		       struct tls_credential *psk_id)
 {
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
 	int err = mbedtls_ssl_conf_psk(&tls->config,
 				       psk->buf, psk->len,
 				       (const unsigned char *)psk_id->buf,
@@ -1421,6 +1421,10 @@ static int tls_mbedtls_init(struct tls_context *context, bool is_server)
 	}
 #endif
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+	mbedtls_ssl_conf_early_data(&context->config, MBEDTLS_SSL_EARLY_DATA_ENABLED);
+#endif
+
 	ret = mbedtls_ssl_setup(&context->ssl,
 				&context->config);
 	if (ret != 0) {
@@ -2034,7 +2038,7 @@ static int protocol_check(int family, int type, int *proto)
 		return -EAFNOSUPPORT;
 	}
 
-	if (*proto >= IPPROTO_TLS_1_0 && *proto <= IPPROTO_TLS_1_2) {
+	if (*proto >= IPPROTO_TLS_1_0 && *proto <= IPPROTO_TLS_1_3) {
 		if (type != SOCK_STREAM) {
 			return -EPROTOTYPE;
 		}
@@ -2600,7 +2604,8 @@ static ssize_t recv_tls(struct tls_context *ctx, void *buf,
 			if (ret == MBEDTLS_ERR_SSL_WANT_READ ||
 			    ret == MBEDTLS_ERR_SSL_WANT_WRITE ||
 			    ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ||
-			    ret ==  MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+			    ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ||
+			    ret == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET) {
 				int timeout_ms;
 
 				if (!is_block) {