Add early data indication to client side

Add fields to mbedtls_ssl_context Add write early data indication function Add check whether write early data indication Add early data option to ssl_client2 Add test cases for early data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2025-07-29 11:41:15 +03:00 · 2022-10-24 11:12:51 +00:00
parent aeb8bf2ab0
commit 0e97d4d16d
9 changed files with 172 additions and 11 deletions
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -987,6 +987,15 @@ struct mbedtls_ssl_handshake_params
    } tls13_master_secrets;

    mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets;
+
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    mbedtls_ssl_tls13_early_secrets early_secrets;
+
+    int early_data;     /*!< Early data indication:
+                         * 0  -- MBEDTLS_SSL_EARLY_DATA_DISABLED (for no early data), and
+                         * 1  -- MBEDTLS_SSL_EARLY_DATA_ENABLED (for use early data)
+                         */
+#endif /* MBEDTLS_SSL_EARLY_DATA */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@ -1480,6 +1489,11 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl,
 #endif /* !MBEDTLS_USE_PSA_CRYPTO */
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */

+#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+MBEDTLS_CHECK_RETURN_CRITICAL
+int mbedtls_ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl );
+#endif
+
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
 #if defined(MBEDTLS_SSL_CLI_C)
 MBEDTLS_CHECK_RETURN_CRITICAL
@ -2046,6 +2060,11 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
                size_t *out_len );
 #endif /* MBEDTLS_ECDH_C */

+#if defined(MBEDTLS_SSL_EARLY_DATA)
+int mbedtls_ssl_tls13_write_early_data_ext(
+    mbedtls_ssl_context *ssl,
+    unsigned char *buf, const unsigned char *end, size_t *olen);
+#endif /* MBEDTLS_SSL_EARLY_DATA */

 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1872,6 +1872,15 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */

+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+int mbedtls_ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_session *session = ssl->session_negotiate;
+    return( ssl->handshake->resume &&
+            session != NULL && session->ticket != NULL );
+}
+#endif
+
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
 int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf )
 {
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -693,13 +693,6 @@ static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg( int ciphersuite )
 }

 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl )
-{
-    mbedtls_ssl_session *session = ssl->session_negotiate;
-    return( ssl->handshake->resume &&
-            session != NULL && session->ticket != NULL );
-}
-
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl,
                                          psa_algorithm_t *hash_alg,
@ -708,7 +701,7 @@ static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl,
 {
    mbedtls_ssl_session *session = ssl->session_negotiate;

-    if( !ssl_tls13_has_configured_ticket( ssl ) )
+    if( !mbedtls_ssl_tls13_has_configured_ticket( ssl ) )
        return( -1 );

    *hash_alg = ssl_tls13_get_ciphersuite_hash_alg( session->ciphersuite );
@ -726,7 +719,7 @@ static int ssl_tls13_ticket_get_psk( mbedtls_ssl_context *ssl,

    mbedtls_ssl_session *session = ssl->session_negotiate;

-    if( !ssl_tls13_has_configured_ticket( ssl ) )
+    if( !mbedtls_ssl_tls13_has_configured_ticket( ssl ) )
        return( -1 );

    *hash_alg = ssl_tls13_get_ciphersuite_hash_alg( session->ciphersuite );
@ -773,7 +766,7 @@ static int ssl_tls13_get_configured_psk_count( mbedtls_ssl_context *ssl )
 {
    int configured_psk_count = 0;
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( ssl_tls13_has_configured_ticket( ssl ) )
+    if( mbedtls_ssl_tls13_has_configured_ticket( ssl ) )
    {
        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Ticket is configured" ) );
        configured_psk_count++;
@ -1093,7 +1086,8 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl,
    }

 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( selected_identity == 0 && ssl_tls13_has_configured_ticket( ssl ) )
+    if( selected_identity == 0 &&
+        mbedtls_ssl_tls13_has_configured_ticket( ssl ) )
    {
        ret = ssl_tls13_ticket_get_psk( ssl, &hash_alg, &psk, &psk_len );
    }
@ -1160,6 +1154,29 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
    }
 #endif

+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    if( mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) &&
+        ( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 1 ||
+          mbedtls_ssl_tls13_has_configured_ticket( ssl ) ) &&
+        ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED )
+    {
+        ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, p, end, &ext_len );
+        if( ret != 0 )
+            return( ret );
+        p += ext_len;
+
+        ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_ON;
+        /* We're using rejected once we send the EarlyData extension,
+           and change it to accepted upon receipt of the server extension. */
+        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_REJECTED;
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write early_data extension" ) );
+        ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_OFF;
+    }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
    /* For PSK-based key exchange we need the pre_shared_key extension
     * and the psk_key_exchange_modes extension.
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@ -1374,6 +1374,41 @@ cleanup:

 #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */

+/* Early Data Extension
+ *
+ * struct {} Empty;
+ *
+ * struct {
+ *   select ( Handshake.msg_type ) {
+ *     case new_session_ticket:   uint32 max_early_data_size;
+ *     case client_hello:         Empty;
+ *     case encrypted_extensions: Empty;
+ *   };
+ * } EarlyDataIndication;
+ */
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+int mbedtls_ssl_tls13_write_early_data_ext( mbedtls_ssl_context *ssl,
+                                            unsigned char *buf,
+                                            const unsigned char *end,
+                                            size_t *out_len )
+{
+    unsigned char *p = buf;
+    *out_len = 0;
+    ((void) ssl);
+
+    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
+    MBEDTLS_SSL_DEBUG_MSG(
+            3, ( "client hello, adding early_data extension" ) );
+
+    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EARLY_DATA, p, 0 );
+    /* Write length of the early data indication extension */
+    MBEDTLS_PUT_UINT16_BE( 0, p, 2 );
+
+    *out_len = 4;
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
 /* Reset SSL context and update hash for handling HRR.
 *
 * Replace Transcript-Hash(X) by