TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 0fce958f17db2d450d23ea49dcb938c75a187f32 / . / docs / tls13-early-data.md
blob: 28a8cc6c1862ff9cb77eddcd48ab8bd1a94e8a26 [file] [log] [blame] [view]
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]1
2Writing and reading early or 0-RTT data
3---------------------------------------
4
5An application function to write and send a buffer of data to a server through
6TLS may plausibly look like:
7
8```
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]9int write_data(mbedtls_ssl_context *ssl,
10 const unsigned char *data_to_write,
11 size_t data_to_write_len,
12 size_t *data_written)
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]13{
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]14 int ret;
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]15 *data_written = 0;
16
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]17 while (*data_written < data_to_write_len) {
18 ret = mbedtls_ssl_write(ssl, data_to_write + *data_written,
19 data_to_write_len - *data_written);
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]20
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]21 if (ret < 0 &&
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]22 ret != MBEDTLS_ERR_SSL_WANT_READ &&
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]23 ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
24 return ret;
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]25 }
26
27 *data_written += ret;
28 }
29
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]30 return 0;
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]31}
32```
33where ssl is the SSL context to use, data_to_write the address of the data
34buffer and data_to_write_len the number of data bytes. The handshake may
35not be completed, not even started for the SSL context ssl when the function is
36called and in that case the mbedtls_ssl_write() API takes care transparently of
37completing the handshake before to write and send data to the server. The
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]38mbedtls_ssl_write() may not be able to write and send all data in one go thus
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]39the need for a loop calling it as long as there are still data to write and
40send.
41
42An application function to write and send early data and only early data,
43data sent during the first flight of client messages while the handshake is in
44its initial phase, would look completely similar but the call to
45mbedtls_ssl_write_early_data() instead of mbedtls_ssl_write().
46```
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]47int write_early_data(mbedtls_ssl_context *ssl,
48 const unsigned char *data_to_write,
49 size_t data_to_write_len,
50 size_t *data_written)
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]51{
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]52 int ret;
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]53 *data_written = 0;
54
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]55 while (*data_written < data_to_write_len) {
56 ret = mbedtls_ssl_write_early_data(ssl, data_to_write + *data_written,
57 data_to_write_len - *data_written);
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]58
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]59 if (ret < 0 &&
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]60 ret != MBEDTLS_ERR_SSL_WANT_READ &&
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]61 ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
62 return ret;
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]63 }
64
65 *data_written += ret;
66 }
67
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]68 return 0;
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]69}
70```
71Note that compared to write_data(), write_early_data() can also return
72MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA and that should be handled
73specifically by the user of write_early_data(). A fresh SSL context (typically
74just after a call to mbedtls_ssl_setup() or mbedtls_ssl_session_reset()) would
75be expected when calling `write_early_data`.
76
77All together, code to write and send a buffer of data as long as possible as
78early data and then as standard post-handshake application data could
79plausibly look like:
80
81```
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]82ret = write_early_data(ssl,
83 data_to_write,
84 data_to_write_len,
85 &early_data_written);
86if (ret < 0 &&
87 ret != MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA) {
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]88 goto error;
89}
90
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]91ret = write_data(ssl,
92 data_to_write + early_data_written,
93 data_to_write_len - early_data_written,
94 &data_written);
95if (ret < 0) {
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]96 goto error;
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]97}
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]98
99data_written += early_data_written;
100```
101
102Finally, taking into account that the server may reject early data, application
103code to write and send a buffer of data could plausibly look like:
104```
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]105ret = write_early_data(ssl,
106 data_to_write,
107 data_to_write_len,
108 &early_data_written);
109if (ret < 0 &&
110 ret != MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA) {
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]111 goto error;
112}
113
114/*
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]115 * Make sure the handshake is completed as it is a requisite of
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]116 * mbedtls_ssl_get_early_data_status().
117 */
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]118while (!mbedtls_ssl_is_handshake_over(ssl)) {
119 ret = mbedtls_ssl_handshake(ssl);
120 if (ret < 0 &&
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]121 ret != MBEDTLS_ERR_SSL_WANT_READ &&
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]122 ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]123 goto error;
124 }
125}
126
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]127ret = mbedtls_ssl_get_early_data_status(ssl);
128if (ret < 0) {
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]129 goto error;
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]130}
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]131
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]132if (ret == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) {
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]133 early_data_written = 0;
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]134}
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]135
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]136ret = write_data(ssl,
137 data_to_write + early_data_written,
138 data_to_write_len - early_data_written,
139 &data_written);
140if (ret < 0) {
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]141 goto error;
Ronald Cron0fce9582024-03-13 14:22:19 +0100[diff] [blame^]142}
Ronald Cronb372b2e2024-03-13 14:10:58 +0100[diff] [blame]143
144data_written += early_data_written;
145```
146
147Basically, the same holds for reading early data on the server side without the
148complication of possible rejection. An application function to read early data
149into a given buffer could plausibly look like:
150```
151int read_early_data( mbedtls_ssl_context *ssl,
152 unsigned char *buffer,
153 size_t buffer_size,
154 size_t *data_len )
155{
156 *data_len = 0;
157
158 while( *data_len < buffer_size )
159 {
160 ret = mbedtls_ssl_read_early_data( ssl, buffer + *data_len,
161 buffer_size - *data_len );
162
163 if( ret < 0 &&
164 ret != MBEDTLS_ERR_SSL_WANT_READ &&
165 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
166 {
167 return( ret );
168 }
169
170 *data_len += ret;
171 }
172
173 return( 0 );
174}
175```
176with again calls to read_early_data() expected to be done with a fresh SSL
177context.