Mbed-TLS
Add functions to export TLS traffic keys and sequence numbers for KTLS integration
Description
This pull request introduces new public APIs that allow external components (such as Kernel TLS) to access TLS traffic secrets and sequence numbers in a controlled manner.
These additions make it possible to implement KTLS handover or other advanced integrations without modifying Mbed TLS internals.
See: #10425
PR checklist
- [x] changelog provided
- [x] development PR provided
- [x] TF-PSA-Crypto PR — not required (no changes)
- [x] framework PR — not required (no changes)
- [ ] 3.6 PR — planned for backport after this merge
- [x] tests provided
Thank you very much for contributing this feature! Due to the size, I'm afraid it might take a while for us to review it. Unfortunately, review bandwidth is a major bottleneck for us.
A small note: this is a new feature of significant size, so we will not backport it to a long-time support branch.
Hi @HaniAmmar, thanks so much for contributing this!
We've looked at it and discussed internally. We won't have enough bandwidth to review this whole PR at once because it is quite large. Would you mind splitting it out into 2 smaller PRs, one containing the new functions and tests and the other adding the example program?
One other minor thing - I notice that you've written test functions with all of the possible test cases inside them - would you be able to refactor that so that the test functionality is in the .function file and the different sets of test data are in the .data file? See here for an explanation of our test framework. You can also use the magic data_t type to supply a hex string to a test function which appears as a buffer of binary data to the test function. If you have any questions feel free to ask for help!
Once the PR is split we can schedule it for review on the community board.
That won’t be a problem. I’ll address it once I’m back from my current vacation. Thank you.