Merge pull request #6719 from yuhaoth/pr/tls13-early-data-add-early-data-of-client-hello
TLS 1.3: EarlyData SRV: Add early data extension parser.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index debb1cc..03a8b1f 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1840,7 +1840,7 @@
* and #MBEDTLS_SSL_CID_DISABLED. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_EARLY_DATA)
int MBEDTLS_PRIVATE(early_data_status);
#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */
@@ -5013,6 +5013,10 @@
#if defined(MBEDTLS_SSL_EARLY_DATA)
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 0
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 1
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 2
+
#if defined(MBEDTLS_SSL_SRV_C)
/**
* \brief Read at most 'len' application data bytes while performing
@@ -5122,9 +5126,6 @@
int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len);
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 0
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 1
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 2
/**
* \brief Get the status of the negotiation of the use of early data.
*
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index a99bb33..2d78fd4 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2129,6 +2129,12 @@
unsigned char *buf,
const unsigned char *end,
size_t *out_len);
+
+#if defined(MBEDTLS_SSL_SRV_C)
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED \
+ MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT
+#endif /* MBEDTLS_SSL_SRV_C */
+
#endif /* MBEDTLS_SSL_EARLY_DATA */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index b8201f0..6445a00 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1749,6 +1749,25 @@
return hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK;
}
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl)
+{
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ if ((handshake->received_extensions &
+ MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ("EarlyData: no early data extension received."));
+ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED;
+ return;
+ }
+
+ /* We do not accept early data for the time being */
+ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
+
+}
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
/* Update the handshake state machine */
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -1775,6 +1794,11 @@
return ret;
}
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ /* There is enough information, update early data state. */
+ ssl_tls13_update_early_data_status(ssl);
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
return 0;
}
diff --git a/tests/data_files/tls13_early_data.txt b/tests/data_files/tls13_early_data.txt
new file mode 100644
index 0000000..0c84b07
--- /dev/null
+++ b/tests/data_files/tls13_early_data.txt
@@ -0,0 +1,3 @@
+EarlyData context: line 0 lf
+EarlyData context: line 1 lf
+EarlyData context: If it appears, that means early_data received.
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
index f30384d..d5efc9e 100755
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -493,3 +493,18 @@
-S "No suitable key exchange mode" \
-s "found matched identity"
+requires_gnutls_next
+requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \
+ "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=-1" \
+ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \
+ 1 \
+ -s "ClientHello: early_data(42) extension exists." \
+ -s "EncryptedExtensions: early_data(42) extension does not exist." \
+ -s "NewSessionTicket: early_data(42) extension does not exist." \
+ -s "Last error was: -29056 - SSL - Verification of the message MAC failed"
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 51d59bb..0dd7fe6 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -72,6 +72,7 @@
: ${MBEDTLS_TEST_OUTCOME_FILE=}
: ${MBEDTLS_TEST_CONFIGURATION:="$(guess_config_name)"}
: ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
+: ${EARLY_DATA_INPUT:=data_files/tls13_early_data.txt}
O_SRV="$OPENSSL s_server -www -cert data_files/server5.crt -key data_files/server5.key"
O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL s_client"