Add early data indication to client side

Add fields to mbedtls_ssl_context Add write early data indication function Add check whether write early data indication Add early data option to ssl_client2 Add test cases for early data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-24 11:12:51 +00:00 · 2022-10-24 11:12:51 +00:00 · 0e97d4d16d
commit 0e97d4d16d
parent aeb8bf2ab0
9 changed files with 172 additions and 11 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -693,13 +693,6 @@ static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg( int ciphersuite )
 }

 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl )
-{
-    mbedtls_ssl_session *session = ssl->session_negotiate;
-    return( ssl->handshake->resume &&
-            session != NULL && session->ticket != NULL );
-}
-
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl,
                                          psa_algorithm_t *hash_alg,
@ -708,7 +701,7 @@ static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl,
 {
    mbedtls_ssl_session *session = ssl->session_negotiate;

-    if( !ssl_tls13_has_configured_ticket( ssl ) )
+    if( !mbedtls_ssl_tls13_has_configured_ticket( ssl ) )
        return( -1 );

    *hash_alg = ssl_tls13_get_ciphersuite_hash_alg( session->ciphersuite );
@ -726,7 +719,7 @@ static int ssl_tls13_ticket_get_psk( mbedtls_ssl_context *ssl,

    mbedtls_ssl_session *session = ssl->session_negotiate;

-    if( !ssl_tls13_has_configured_ticket( ssl ) )
+    if( !mbedtls_ssl_tls13_has_configured_ticket( ssl ) )
        return( -1 );

    *hash_alg = ssl_tls13_get_ciphersuite_hash_alg( session->ciphersuite );
@ -773,7 +766,7 @@ static int ssl_tls13_get_configured_psk_count( mbedtls_ssl_context *ssl )
 {
    int configured_psk_count = 0;
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( ssl_tls13_has_configured_ticket( ssl ) )
+    if( mbedtls_ssl_tls13_has_configured_ticket( ssl ) )
    {
        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Ticket is configured" ) );
        configured_psk_count++;
@ -1093,7 +1086,8 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl,
    }

 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( selected_identity == 0 && ssl_tls13_has_configured_ticket( ssl ) )
+    if( selected_identity == 0 &&
+        mbedtls_ssl_tls13_has_configured_ticket( ssl ) )
    {
        ret = ssl_tls13_ticket_get_psk( ssl, &hash_alg, &psk, &psk_len );
    }
@ -1160,6 +1154,29 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
    }
 #endif

+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    if( mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) &&
+        ( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 1 ||
+          mbedtls_ssl_tls13_has_configured_ticket( ssl ) ) &&
+        ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED )
+    {
+        ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, p, end, &ext_len );
+        if( ret != 0 )
+            return( ret );
+        p += ext_len;
+
+        ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_ON;
+        /* We're using rejected once we send the EarlyData extension,
+           and change it to accepted upon receipt of the server extension. */
+        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_REJECTED;
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write early_data extension" ) );
+        ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_OFF;
+    }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
    /* For PSK-based key exchange we need the pre_shared_key extension
     * and the psk_key_exchange_modes extension.