Skip to content

feat: added partial configuration for TLS 1.3 #815

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ccrugoPhilips wants to merge 4 commits into from
Closed

feat: added partial configuration for TLS 1.3 #815

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8f96a2f
feat: added partial configuration for TLS 1.3
ccrugoPhilips Jan 30, 2025
e9f45c6
feat: additional configuration for TLS 1.3
ccrugoPhilips Jan 30, 2025
f48f2bd
feat: additional configuration for TLS 1.3
ccrugoPhilips Jan 30, 2025
6c6aaf8
feat: removed comment from existing call
ccrugoPhilips Jan 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions external/crypto/mbedtls/mbedtls_emil_config.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -896,7 +896,7 @@
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
*/
//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED

/**
* \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
Expand Down Expand Up @@ -1449,7 +1449,7 @@
* Comment this macro to disable storing the peer's certificate
* after the handshake.
*/
//#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE

/**
* \def MBEDTLS_SSL_RENEGOTIATION
Expand Down Expand Up @@ -1507,7 +1507,7 @@
* Uncomment this macro to enable the support for TLS 1.3.
*
*/
//#define MBEDTLS_SSL_PROTO_TLS1_3
#define MBEDTLS_SSL_PROTO_TLS1_3

/**
* \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Expand Down Expand Up @@ -1769,7 +1769,7 @@
*
* Uncomment this to enable internal use of PSA Crypto and new associated APIs.
*/
//#define MBEDTLS_USE_PSA_CRYPTO
#define MBEDTLS_USE_PSA_CRYPTO

/**
* \def MBEDTLS_PSA_CRYPTO_CONFIG
Expand Down Expand Up @@ -2357,7 +2357,7 @@
* This module adds support for the Hashed Message Authentication Code
* (HMAC)-based key derivation function (HKDF).
*/
//#define MBEDTLS_HKDF_C
#define MBEDTLS_HKDF_C

/**
* \def MBEDTLS_HMAC_DRBG_C
Expand Down Expand Up @@ -2642,7 +2642,7 @@
* or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
*
*/
//#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_PSA_CRYPTO_C

/**
* \def MBEDTLS_PSA_CRYPTO_SE_C
Expand Down
2 changes: 2 additions & 0 deletions services/network/CertificatesMbedTls.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,13 +36,15 @@ namespace services
mbedtls_x509_crt_init(&caCertificates);
mbedtls_x509_crt_init(&ownCertificate);
mbedtls_pk_init(&privateKey);
psa_crypto_init();
}

CertificatesMbedTls::~CertificatesMbedTls()
{
mbedtls_pk_free(&privateKey);
mbedtls_x509_crt_free(&caCertificates);
mbedtls_x509_crt_free(&ownCertificate);
mbedtls_psa_crypto_free();
}

void CertificatesMbedTls::AddCertificateAuthority(infra::ConstByteRange certificate)
Expand Down
2 changes: 1 addition & 1 deletion services/network/Network.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,6 @@ message WiFiAccessPointWithPassword
message MbedTlsPersistedSession
{
bool clientSessionObtained = 1;
bytes serializedSession = 2 [(bytes_size) = 512];
bytes serializedSession = 2 [(bytes_size) = 2048];
bytes identifier = 3 [(bytes_size) = 32];
}
Loading