From 01da35e2c868ee7f324bad239d835b1670759b27 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 12 Dec 2022 15:09:22 +0800 Subject: [PATCH 01/25] add early data extension of NST Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 69 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 66 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index bfe805f496..78a85633b9 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3195,6 +3195,49 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, return 0; } +#if defined(MBEDTLS_SSL_EARLY_DATA) +/* RFC 8446 section 4.2.10 + * + * struct { + * select ( Handshake.msg_type ) { + * case new_session_ticket: uint32 max_early_data_size; + * ... + * }; + * } EarlyDataIndication; + */ +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_write_early_data_ext_of_nst(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *out_len) +{ + unsigned char *p = buf; + *out_len = 0; + + if ((ssl->session->ticket_flags & + MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) { + MBEDTLS_SSL_DEBUG_MSG( + 4, ("Skip early_data extension in NST for it is not allowed.")); + return 0; + } + + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 8); + + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0); + MBEDTLS_PUT_UINT16_BE(4, p, 2); + MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4); + MBEDTLS_SSL_DEBUG_MSG( + 4, ("Sent max_early_data_size=%u", + (unsigned int) ssl->conf->max_early_data_size)); + + *out_len = 8; + + mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA); + + return 0; +} +#endif /* MBEDTLS_SSL_EARLY_DATA */ + /* This function creates a NewSessionTicket message in the following format: * * struct { @@ -3232,10 +3275,20 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, mbedtls_ssl_session *session = ssl->session; size_t ticket_len; uint32_t ticket_lifetime; + unsigned char *p_extensions_len; + size_t output_len; + + ((void) output_len); *out_len = 0; MBEDTLS_SSL_DEBUG_MSG(2, ("=> write NewSessionTicket msg")); +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { + session->ticket_flags |= MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA; + } +#endif /* MBEDTLS_SSL_EARLY_DATA */ + /* * ticket_lifetime 4 bytes * ticket_age_add 4 bytes @@ -3293,15 +3346,25 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, /* Ticket Extensions * - * Note: We currently don't have any extensions. - * Set length to zero. + * Extension extensions<0..2^16-2>; */ ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - MBEDTLS_PUT_UINT16_BE(0, p, 0); + p_extensions_len = p; p += 2; +#if defined(MBEDTLS_SSL_EARLY_DATA) + if ((ret = ssl_tls13_write_early_data_ext_of_nst( + ssl, p, end, &output_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_early_data_ext_of_nst", ret); + return ret; + } + p += output_len; +#endif /* MBEDTLS_SSL_EARLY_DATA */ + + MBEDTLS_PUT_UINT16_BE(p - p_extensions_len - 2, p_extensions_len, 0); + *out_len = p - buf; MBEDTLS_SSL_DEBUG_BUF(4, "ticket", buf, *out_len); MBEDTLS_SSL_DEBUG_MSG(2, ("<= write new session ticket")); From fceddb310e740605b389cf97035b8d9303fb4b58 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 12 Dec 2022 15:30:34 +0800 Subject: [PATCH 02/25] Add early data permission check Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 78a85633b9..e3ee95b1c0 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1845,6 +1845,14 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) } + if (mbedtls_ssl_session_get_ticket_flags( + ssl->session_negotiate, + MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) { + MBEDTLS_SSL_DEBUG_MSG( + 1, + ("EarlyData: rejected, denied by ticket permission bits.")); + return; + } ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; From 3c2b21ed0e182586caab4954517149f5ca44a147 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 8 Feb 2023 16:39:13 +0800 Subject: [PATCH 03/25] Enable multi max_early_data_size value for connections For test purpose, we set different value for each session Signed-off-by: Jerry Yu --- programs/ssl/ssl_server2.c | 61 +++++++++++++++++++++++++------------- 1 file changed, 41 insertions(+), 20 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c96128b94c..4ef2494682 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -122,7 +122,7 @@ int main(void) #define DFL_SNI NULL #define DFL_ALPN_STRING NULL #define DFL_GROUPS NULL -#define DFL_MAX_EARLY_DATA_SIZE 0 +#define DFL_MAX_EARLY_DATA_SIZE NULL #define DFL_SIG_ALGS NULL #define DFL_DHM_FILE NULL #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM @@ -427,11 +427,15 @@ int main(void) #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#define ARRAY_LENGTH(a) (sizeof(a)/sizeof(a[0])) #if defined(MBEDTLS_SSL_EARLY_DATA) + #define USAGE_EARLY_DATA \ - " max_early_data_size=%%d default: -1 (disabled)\n" \ - " options: -1 (disabled), " \ - " >= 0 (enabled, max amount of early data )\n" + " max_early_data_size=%%d default: -1 (disabled)\n" \ + " The max amount of 0-RTT data for 1st and 2nd connection\n" \ + " format: 1st_connection_value[,2nd_connection_value]\n" \ + " available values: < 0 (disabled), >= 0 (enabled).\n" \ + " The absolute value is the max amount of 0-RTT data.\n" #else #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -556,6 +560,7 @@ int main(void) USAGE_GROUPS \ USAGE_SIG_ALGS \ USAGE_KEY_OPAQUE_ALGS \ + USAGE_EARLY_DATA \ "\n" #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -693,7 +698,7 @@ struct options { const char *cid_val_renego; /* the CID to use for incoming messages * after renegotiation */ int reproducible; /* make communication reproducible */ - uint32_t max_early_data_size; /* max amount of early data */ + const char *max_early_data_size; /* max amount list of early data */ int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ int force_srtp_profile; /* SRTP protection profile to use or all */ @@ -1609,7 +1614,9 @@ int main(int argc, char *argv[]) #endif /* MBEDTLS_SSL_DTLS_SRTP */ #if defined(MBEDTLS_SSL_EARLY_DATA) - int tls13_early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; + long long max_early_data_size_list[2]; + size_t max_early_data_size_count = 0; + size_t tls13_connection_counter = 0; #endif #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); @@ -1979,12 +1986,23 @@ usage: #endif #if defined(MBEDTLS_SSL_EARLY_DATA) else if (strcmp(p, "max_early_data_size") == 0) { - long long value = atoll(q); - tls13_early_data_enabled = - value >= 0 ? MBEDTLS_SSL_EARLY_DATA_ENABLED : - MBEDTLS_SSL_EARLY_DATA_DISABLED; - if (tls13_early_data_enabled) { - opt.max_early_data_size = atoi(q); + char *endptr, *str; + opt.max_early_data_size = q; + str = endptr = q; + for (size_t early_data_size_iter = 0; + early_data_size_iter < ARRAY_LENGTH(max_early_data_size_list); + early_data_size_iter++) { + long long value = strtoll(str, &endptr, 0); + if (str == endptr || (*endptr != ',' && *endptr != '\0')) { + mbedtls_printf("fail\n illegal digital number for max_early_data_size %s\n", + endptr); + goto exit; + } + max_early_data_size_list[max_early_data_size_count++] = value; + if (*endptr == '\0') { + break; + } + str = endptr + 1; } } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -2806,14 +2824,6 @@ usage: mbedtls_ssl_conf_cert_req_ca_list(&conf, opt.cert_req_ca_list); } -#if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_conf_early_data(&conf, tls13_early_data_enabled); - if (tls13_early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { - mbedtls_ssl_conf_max_early_data_size( - &conf, opt.max_early_data_size); - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) /* exercise setting DN hints for server certificate request * (Intended for use where the client cert expected has been signed by @@ -3311,6 +3321,17 @@ usage: mbedtls_printf(" ok\n"); reset: + +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (tls13_connection_counter < max_early_data_size_count) { + long long max_early_data_size = max_early_data_size_list[tls13_connection_counter]; + mbedtls_ssl_conf_early_data( + &conf, max_early_data_size < 0 ? MBEDTLS_SSL_EARLY_DATA_DISABLED : + MBEDTLS_SSL_EARLY_DATA_ENABLED); + mbedtls_ssl_conf_max_early_data_size(&conf, (uint32_t) llabs(max_early_data_size)); + } + tls13_connection_counter++; +#endif /* MBEDTLS_SSL_EARLY_DATA */ #if !defined(_WIN32) if (received_sigterm) { mbedtls_printf(" interrupted by SIGTERM (not in net_accept())\n"); From 391c9433401a673b849e37ebbc4b5c985e650d1d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 15 Nov 2023 12:46:58 +0800 Subject: [PATCH 04/25] Add tests for ticket early data permission bit Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-misc.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index e4df1fe2f0..5b624b5ec8 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -502,7 +502,7 @@ run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \ 1 \ -s "ClientHello: early_data(42) extension exists." \ - -s "EncryptedExtensions: early_data(42) extension does not exist." \ + -s "EncryptedExtensions: early_data(42) extension does not exist." \ -s "NewSessionTicket: early_data(42) extension does not exist." \ -s "Last error was: -29056 - SSL - Verification of the message MAC failed" @@ -518,7 +518,10 @@ run_test "TLS 1.3 G->m: EarlyData: feature is enabled, good." \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:+KX-ALL \ -d 10 -r --earlydata $EARLY_DATA_INPUT " \ 0 \ + -s "NewSessionTicket: early_data(42) extension exists." \ + -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \ -s "ClientHello: early_data(42) extension exists." \ -s "EncryptedExtensions: early_data(42) extension exists." \ - -s "NewSessionTicket: early_data(42) extension does not exist." \ -s "$( tail -1 $EARLY_DATA_INPUT )" + + From 3db60dfe5e9b6b1a377f488b898a6facac3dd003 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 21 Nov 2023 16:39:10 +0800 Subject: [PATCH 05/25] rename nst early data write function Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e3ee95b1c0..9f4926a9fe 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3214,10 +3214,10 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, * } EarlyDataIndication; */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_early_data_ext_of_nst(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *out_len) +static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *out_len) { unsigned char *p = buf; *out_len = 0; @@ -3363,9 +3363,9 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, p += 2; #if defined(MBEDTLS_SSL_EARLY_DATA) - if ((ret = ssl_tls13_write_early_data_ext_of_nst( + if ((ret = ssl_tls13_write_nst_early_data_ext( ssl, p, end, &output_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_early_data_ext_of_nst", ret); + MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_nst_early_data_ext", ret); return ret; } p += output_len; From ea96ac3da97a3647b6d801a20ca524156c327757 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 21 Nov 2023 17:06:36 +0800 Subject: [PATCH 06/25] fix various issues - get ticket_flags with function. - improve output message and check it. - improve `ssl_server2` help message Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 10 ++++++---- programs/ssl/ssl_server2.c | 4 +++- tests/opt-testcases/tls13-misc.sh | 2 -- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 9f4926a9fe..7a02c71690 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1850,7 +1850,8 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) { MBEDTLS_SSL_DEBUG_MSG( 1, - ("EarlyData: rejected, denied by ticket permission bits.")); + ("EarlyData: rejected, early_data not allowed in ticket " + "permission bits.")); return; } @@ -3222,10 +3223,11 @@ static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl, unsigned char *p = buf; *out_len = 0; - if ((ssl->session->ticket_flags & - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) { + if (mbedtls_ssl_session_get_ticket_flags( + ssl->session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) { MBEDTLS_SSL_DEBUG_MSG( - 4, ("Skip early_data extension in NST for it is not allowed.")); + 4, ("early_data not allowed, skip early_data extension in " + "NewSessionTicket")); return 0; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 4ef2494682..28cd33b115 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -435,7 +435,9 @@ int main(void) " The max amount of 0-RTT data for 1st and 2nd connection\n" \ " format: 1st_connection_value[,2nd_connection_value]\n" \ " available values: < 0 (disabled), >= 0 (enabled).\n" \ - " The absolute value is the max amount of 0-RTT data.\n" + " The absolute value is the max amount of 0-RTT data \n" \ + " up to UINT32_MAX. \n" + #else #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA */ diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 5b624b5ec8..74b6aa2d01 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -523,5 +523,3 @@ run_test "TLS 1.3 G->m: EarlyData: feature is enabled, good." \ -s "ClientHello: early_data(42) extension exists." \ -s "EncryptedExtensions: early_data(42) extension exists." \ -s "$( tail -1 $EARLY_DATA_INPUT )" - - From 4da7c22cd67782f67f3fea523a474ce637b8194d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 21 Nov 2023 17:30:43 +0800 Subject: [PATCH 07/25] add early data flag check function Signed-off-by: Jerry Yu --- library/ssl_misc.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index eae192bacb..36f332f8cc 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2795,6 +2795,13 @@ static inline unsigned int mbedtls_ssl_session_ticket_allow_psk_ephemeral( MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION); } +static inline unsigned int mbedtls_ssl_session_ticket_allow_early_data( + mbedtls_ssl_session *session) +{ + return !mbedtls_ssl_session_check_ticket_flags(session, + MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); +} + static inline void mbedtls_ssl_session_set_ticket_flags( mbedtls_ssl_session *session, unsigned int flags) { From c2b1bc4fb62ef7acd9e82aceeb8b6c88109fae5f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Nov 2023 10:08:13 +0800 Subject: [PATCH 08/25] replace early data permission check Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 6 ++---- library/ssl_tls13_server.c | 7 ++----- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 052df7e66e..bc8b161282 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -695,10 +695,8 @@ static int ssl_tls13_early_data_has_valid_ticket(mbedtls_ssl_context *ssl) mbedtls_ssl_session *session = ssl->session_negotiate; return ssl->handshake->resume && session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - (session->ticket_flags & - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) && - mbedtls_ssl_tls13_cipher_suite_is_offered( - ssl, session->ciphersuite); + mbedtls_ssl_session_ticket_allow_early_data(session) && + mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, session->ciphersuite); } #endif diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 7a02c71690..dd2bb69427 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1845,9 +1845,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) } - if (mbedtls_ssl_session_get_ticket_flags( - ssl->session_negotiate, - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) { + if (!mbedtls_ssl_session_ticket_allow_early_data(ssl->session_negotiate)) { MBEDTLS_SSL_DEBUG_MSG( 1, ("EarlyData: rejected, early_data not allowed in ticket " @@ -3223,8 +3221,7 @@ static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl, unsigned char *p = buf; *out_len = 0; - if (mbedtls_ssl_session_get_ticket_flags( - ssl->session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) { + if (!mbedtls_ssl_session_ticket_allow_early_data(ssl->session)) { MBEDTLS_SSL_DEBUG_MSG( 4, ("early_data not allowed, skip early_data extension in " "NewSessionTicket")); From 10795a0c3b2b03e5dbfc82530fc855c43915bcb1 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Nov 2023 12:29:17 +0800 Subject: [PATCH 09/25] replace ticket permission set Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index dd2bb69427..900ed006ee 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3292,7 +3292,8 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { - session->ticket_flags |= MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA; + mbedtls_ssl_session_set_ticket_flags( + session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); } #endif /* MBEDTLS_SSL_EARLY_DATA */ From db6fda71e588a20e77e3dd61ba0d18682b24aa76 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Nov 2023 12:40:20 +0800 Subject: [PATCH 10/25] improve early data comments Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 900ed006ee..df10cc64fd 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3206,10 +3206,10 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, /* RFC 8446 section 4.2.10 * * struct { - * select ( Handshake.msg_type ) { - * case new_session_ticket: uint32 max_early_data_size; - * ... - * }; + * select (Handshake.msg_type) { + * case new_session_ticket: uint32 max_early_data_size; + * ... + * }; * } EarlyDataIndication; */ MBEDTLS_CHECK_RETURN_CRITICAL From 525990fb62a9b72cc59e37e4a3342e4285f3c2f2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 15 Nov 2023 14:51:18 +0800 Subject: [PATCH 11/25] set init value for max_early_data_size in session Signed-off-by: Jerry Yu --- library/ssl_tls.c | 3 +++ library/ssl_tls13_server.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4daf2e7eec..02e828e58c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1100,6 +1100,9 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) /* Initialize structures */ mbedtls_ssl_session_init(ssl->session_negotiate); ssl_handshake_params_init(ssl->handshake); +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) + ssl->session_negotiate->max_early_data_size = ssl->conf->max_early_data_size; +#endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) mbedtls_ssl_transform_init(ssl->transform_negotiate); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index df10cc64fd..c04b8bd461 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -564,6 +564,9 @@ static int ssl_tls13_parse_pre_shared_key_ext( #if defined(MBEDTLS_SSL_SESSION_TICKETS) mbedtls_ssl_session session; mbedtls_ssl_session_init(&session); +#if defined(MBEDTLS_SSL_EARLY_DATA) + session.max_early_data_size = ssl->conf->max_early_data_size; +#endif #endif MBEDTLS_SSL_CHK_BUF_READ_PTR(p_identity_len, identities_end, 2 + 1 + 4); From d450fd25ae5f2935e1a8ce98b606b1b1e1846d2c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Nov 2023 16:38:00 +0800 Subject: [PATCH 12/25] change max_early_data_size source Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index c04b8bd461..4ce9670f8d 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3235,10 +3235,10 @@ static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0); MBEDTLS_PUT_UINT16_BE(4, p, 2); - MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4); + MBEDTLS_PUT_UINT32_BE(ssl->session->max_early_data_size, p, 4); MBEDTLS_SSL_DEBUG_MSG( 4, ("Sent max_early_data_size=%u", - (unsigned int) ssl->conf->max_early_data_size)); + (unsigned int) ssl->session->max_early_data_size)); *out_len = 8; From 2f5d93b1c9908cfa4c175e5ccd60ea5228e91201 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Nov 2023 17:27:55 +0800 Subject: [PATCH 13/25] Revert "set init value for max_early_data_size in session" This reverts commit 8b02d75ed1af883e135979d24e38c0847e66fede. Signed-off-by: Jerry Yu --- library/ssl_tls.c | 3 --- library/ssl_tls13_server.c | 3 --- 2 files changed, 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 02e828e58c..4daf2e7eec 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1100,9 +1100,6 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) /* Initialize structures */ mbedtls_ssl_session_init(ssl->session_negotiate); ssl_handshake_params_init(ssl->handshake); -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) - ssl->session_negotiate->max_early_data_size = ssl->conf->max_early_data_size; -#endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) mbedtls_ssl_transform_init(ssl->transform_negotiate); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 4ce9670f8d..84129f729a 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -564,9 +564,6 @@ static int ssl_tls13_parse_pre_shared_key_ext( #if defined(MBEDTLS_SSL_SESSION_TICKETS) mbedtls_ssl_session session; mbedtls_ssl_session_init(&session); -#if defined(MBEDTLS_SSL_EARLY_DATA) - session.max_early_data_size = ssl->conf->max_early_data_size; -#endif #endif MBEDTLS_SSL_CHK_BUF_READ_PTR(p_identity_len, identities_end, 2 + 1 + 4); From 930ce4cfac0f149ea4b4b40a5266fbd55d0d8e59 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Nov 2023 17:28:01 +0800 Subject: [PATCH 14/25] Revert "change max_early_data_size source" This reverts commit 3d8d6a770f3a0f3045820970bc4a5d6ee7df8e10. Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 84129f729a..df10cc64fd 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3232,10 +3232,10 @@ static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0); MBEDTLS_PUT_UINT16_BE(4, p, 2); - MBEDTLS_PUT_UINT32_BE(ssl->session->max_early_data_size, p, 4); + MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4); MBEDTLS_SSL_DEBUG_MSG( 4, ("Sent max_early_data_size=%u", - (unsigned int) ssl->session->max_early_data_size)); + (unsigned int) ssl->conf->max_early_data_size)); *out_len = 8; From f135bac89cfd4e92698cb623ca545a145f5ed4cc Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Nov 2023 18:10:51 +0800 Subject: [PATCH 15/25] Add max_early_data_size check Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index df10cc64fd..d5f740e1e4 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3291,7 +3291,8 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("=> write NewSessionTicket msg")); #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { + if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && + ssl->conf->max_early_data_size > 0) { mbedtls_ssl_session_set_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); } @@ -3363,12 +3364,17 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, p += 2; #if defined(MBEDTLS_SSL_EARLY_DATA) - if ((ret = ssl_tls13_write_nst_early_data_ext( - ssl, p, end, &output_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_nst_early_data_ext", ret); - return ret; + if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && + ssl->conf->max_early_data_size > 0) { + if ((ret = mbedtls_ssl_tls13_write_early_data_ext( + ssl, p, end, &output_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET( + 1, "mbedtls_ssl_tls13_write_early_data_ext", ret); + return ret; + } + p += output_len; } - p += output_len; + #endif /* MBEDTLS_SSL_EARLY_DATA */ MBEDTLS_PUT_UINT16_BE(p - p_extensions_len - 2, p_extensions_len, 0); From 1a160703f86c23e49bdc71fb70e77fa7ee4ee312 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Nov 2023 18:17:38 +0800 Subject: [PATCH 16/25] set max_early_data_size of ticket to keep consistent Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index d5f740e1e4..18fbbc70da 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3295,6 +3295,9 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, ssl->conf->max_early_data_size > 0) { mbedtls_ssl_session_set_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); + /* In resumption connection, server get `max_early_data_size` from + * ticket. */ + session->max_early_data_size = ssl->conf->max_early_data_size; } #endif /* MBEDTLS_SSL_EARLY_DATA */ From 0069abc141fab9a262fa253c0cd2f34e9a167450 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Nov 2023 21:07:28 +0800 Subject: [PATCH 17/25] improve comments of new session ticket Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 18fbbc70da..133245baa6 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3262,12 +3262,13 @@ static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl, * The following fields are placed inside the ticket by the * f_ticket_write() function: * - * - creation time (start) - * - flags (flags) + * - creation time (ticket_creation_time) + * - flags (ticket_flags) * - age add (ticket_age_add) - * - key (key) - * - key length (key_len) + * - key (resumption_key) + * - key length (resumption_key_len) * - ciphersuite (ciphersuite) + * - max_early_data_size (max_early_data_size) */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, From 5233539d9f6c0eb7132d95cf58e0a853f30bb16b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Nov 2023 18:06:06 +0800 Subject: [PATCH 18/25] share write_early_data_ext function Signed-off-by: Jerry Yu --- library/ssl_misc.h | 3 ++- library/ssl_tls13_client.c | 4 +++- library/ssl_tls13_generic.c | 34 ++++++++++++++++++++------ library/ssl_tls13_server.c | 48 +++---------------------------------- 4 files changed, 35 insertions(+), 54 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 36f332f8cc..8c3da4902c 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2115,7 +2115,8 @@ int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, - size_t *out_len); + size_t *out_len, + const mbedtls_ssl_session *session); #if defined(MBEDTLS_SSL_SRV_C) #define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED \ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index bc8b161282..fa6c4c6936 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1174,7 +1174,9 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, if (mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) && ssl_tls13_early_data_has_valid_ticket(ssl) && ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { - ret = mbedtls_ssl_tls13_write_early_data_ext(ssl, p, end, &ext_len); + + ret = mbedtls_ssl_tls13_write_early_data_ext( + ssl, p, end, &ext_len, NULL); if (ret != 0) { return ret; } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index cc77a9438e..938bf808c8 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1402,28 +1402,48 @@ cleanup: * * struct { * select ( Handshake.msg_type ) { - * ... + * case new_session_ticket: uint32 max_early_data_size; * case client_hello: Empty; * case encrypted_extensions: Empty; * }; * } EarlyDataIndication; + * + * We use `mbedtls_ssl_is_handshake_over()` to decide if `max_early_data_size` + * should be sent for `new_session_ticket` is post-handshake message. */ #if defined(MBEDTLS_SSL_EARLY_DATA) int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, - size_t *out_len) + size_t *out_len, + const mbedtls_ssl_session *session) { unsigned char *p = buf; - *out_len = 0; - ((void) ssl); - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); +#if defined(MBEDTLS_SSL_SRV_C) + const size_t needed = session != NULL ? 8 : 4; +#else + const size_t needed = 4; + ((void) session); +#endif + + *out_len = 0; + + MBEDTLS_SSL_CHK_BUF_PTR(p, end, needed); MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0); - MBEDTLS_PUT_UINT16_BE(0, p, 2); + MBEDTLS_PUT_UINT16_BE(needed - 4, p, 2); - *out_len = 4; +#if defined(MBEDTLS_SSL_SRV_C) + if (session != NULL) { + MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 4); + MBEDTLS_SSL_DEBUG_MSG( + 4, ("Sent max_early_data_size=%u", + (unsigned int) session->max_early_data_size)); + } +#endif + + *out_len = needed; mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 133245baa6..addbbe1885 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2524,7 +2524,8 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { - ret = mbedtls_ssl_tls13_write_early_data_ext(ssl, p, end, &output_len); + ret = mbedtls_ssl_tls13_write_early_data_ext( + ssl, p, end, &output_len, NULL); if (ret != 0) { return ret; } @@ -3202,49 +3203,6 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, return 0; } -#if defined(MBEDTLS_SSL_EARLY_DATA) -/* RFC 8446 section 4.2.10 - * - * struct { - * select (Handshake.msg_type) { - * case new_session_ticket: uint32 max_early_data_size; - * ... - * }; - * } EarlyDataIndication; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - *out_len = 0; - - if (!mbedtls_ssl_session_ticket_allow_early_data(ssl->session)) { - MBEDTLS_SSL_DEBUG_MSG( - 4, ("early_data not allowed, skip early_data extension in " - "NewSessionTicket")); - return 0; - } - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 8); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0); - MBEDTLS_PUT_UINT16_BE(4, p, 2); - MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4); - MBEDTLS_SSL_DEBUG_MSG( - 4, ("Sent max_early_data_size=%u", - (unsigned int) ssl->conf->max_early_data_size)); - - *out_len = 8; - - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA); - - return 0; -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - /* This function creates a NewSessionTicket message in the following format: * * struct { @@ -3371,7 +3329,7 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && ssl->conf->max_early_data_size > 0) { if ((ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, p, end, &output_len)) != 0) { + ssl, p, end, &output_len, session)) != 0) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_write_early_data_ext", ret); return ret; From db97163ac7fc1c81672d6a37846d24c60049811a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 27 Nov 2023 15:27:59 +0800 Subject: [PATCH 19/25] add ticket max_early_data_size check Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index addbbe1885..e0cdf23232 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -247,6 +247,11 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( #endif /* MBEDTLS_HAVE_TIME */ +#if defined(MBEDTLS_SSL_EARLY_DATA) + MBEDTLS_SSL_DEBUG_MSG(2, ("ticket->max_early_data_size=%u", + (unsigned int) session->max_early_data_size)); +#endif + exit: if (ret != 0) { mbedtls_ssl_session_free(session); From 9e7f9bc253cb45c8a6a18700d28fcd9bcee2138c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 27 Nov 2023 16:52:07 +0800 Subject: [PATCH 20/25] Add missing debug message Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e0cdf23232..22f8ab726a 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3340,6 +3340,10 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, return ret; } p += output_len; + } else { + MBEDTLS_SSL_DEBUG_MSG( + 4, ("early_data not allowed, " + "skip early_data extension in NewSessionTicket")); } #endif /* MBEDTLS_SSL_EARLY_DATA */ From ebe1de62f92ac41313830f21ee13ca611c122b9a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 28 Nov 2023 15:16:35 +0800 Subject: [PATCH 21/25] fix various issue - rename connection time variable - remove unnecessary comments Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 938bf808c8..f711e97474 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1407,9 +1407,6 @@ cleanup: * case encrypted_extensions: Empty; * }; * } EarlyDataIndication; - * - * We use `mbedtls_ssl_is_handshake_over()` to decide if `max_early_data_size` - * should be sent for `new_session_ticket` is post-handshake message. */ #if defined(MBEDTLS_SSL_EARLY_DATA) int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, From 163e12f7ffacae88b27ca164ac9c654b3f5f8b0f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 5 Dec 2023 10:37:23 +0800 Subject: [PATCH 22/25] remove assignment for `session->max_early_data_size` Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 22f8ab726a..6c49f8d524 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -247,11 +247,6 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( #endif /* MBEDTLS_HAVE_TIME */ -#if defined(MBEDTLS_SSL_EARLY_DATA) - MBEDTLS_SSL_DEBUG_MSG(2, ("ticket->max_early_data_size=%u", - (unsigned int) session->max_early_data_size)); -#endif - exit: if (ret != 0) { mbedtls_ssl_session_free(session); @@ -3259,9 +3254,6 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, ssl->conf->max_early_data_size > 0) { mbedtls_ssl_session_set_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); - /* In resumption connection, server get `max_early_data_size` from - * ticket. */ - session->max_early_data_size = ssl->conf->max_early_data_size; } #endif /* MBEDTLS_SSL_EARLY_DATA */ From c59c586ac4c761230107f2c58b57df6228d955ad Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 5 Dec 2023 10:40:49 +0800 Subject: [PATCH 23/25] change prototype of `write_early_data_ext` Signed-off-by: Jerry Yu --- library/ssl_misc.h | 4 ++-- library/ssl_tls13_client.c | 2 +- library/ssl_tls13_generic.c | 14 +++++++------- library/ssl_tls13_server.c | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 8c3da4902c..b9801a06c3 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2113,10 +2113,10 @@ int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( #if defined(MBEDTLS_SSL_EARLY_DATA) int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, + int in_new_session_ticket, unsigned char *buf, const unsigned char *end, - size_t *out_len, - const mbedtls_ssl_session *session); + size_t *out_len); #if defined(MBEDTLS_SSL_SRV_C) #define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED \ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index fa6c4c6936..ae1136431e 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1176,7 +1176,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, p, end, &ext_len, NULL); + ssl, 0, p, end, &ext_len); if (ret != 0) { return ret; } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index f711e97474..fe2a2eba78 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1410,18 +1410,18 @@ cleanup: */ #if defined(MBEDTLS_SSL_EARLY_DATA) int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, + int in_new_session_ticket, unsigned char *buf, const unsigned char *end, - size_t *out_len, - const mbedtls_ssl_session *session) + size_t *out_len) { unsigned char *p = buf; #if defined(MBEDTLS_SSL_SRV_C) - const size_t needed = session != NULL ? 8 : 4; + const size_t needed = in_new_session_ticket ? 8 : 4; #else const size_t needed = 4; - ((void) session); + ((void) in_new_session_ticket); #endif *out_len = 0; @@ -1432,11 +1432,11 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE(needed - 4, p, 2); #if defined(MBEDTLS_SSL_SRV_C) - if (session != NULL) { - MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 4); + if (in_new_session_ticket) { + MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4); MBEDTLS_SSL_DEBUG_MSG( 4, ("Sent max_early_data_size=%u", - (unsigned int) session->max_early_data_size)); + (unsigned int) ssl->conf->max_early_data_size)); } #endif diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6c49f8d524..39caa9baaf 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2525,7 +2525,7 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, p, end, &output_len, NULL); + ssl, 0, p, end, &output_len); if (ret != 0) { return ret; } @@ -3326,7 +3326,7 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && ssl->conf->max_early_data_size > 0) { if ((ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, p, end, &output_len, session)) != 0) { + ssl, 1, p, end, &output_len)) != 0) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_write_early_data_ext", ret); return ret; From 95648b0134d555e9c26c61eb7ace331f749a7ca7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 6 Dec 2023 15:03:34 +0800 Subject: [PATCH 24/25] Some minor improvement - move early data check to `prepare` - avoid `((void) output_len) - replace check with `session_ticket_allow` in 2nd place Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 39caa9baaf..fe7a674d66 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3137,6 +3137,15 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, mbedtls_ssl_session_set_ticket_flags( session, ssl->handshake->tls13_kex_modes); #endif + +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && + ssl->conf->max_early_data_size > 0) { + mbedtls_ssl_session_set_ticket_flags( + session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); + } +#endif /* MBEDTLS_SSL_EARLY_DATA */ + MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags); /* Generate ticket_age_add */ @@ -3242,21 +3251,10 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, size_t ticket_len; uint32_t ticket_lifetime; unsigned char *p_extensions_len; - size_t output_len; - - ((void) output_len); *out_len = 0; MBEDTLS_SSL_DEBUG_MSG(2, ("=> write NewSessionTicket msg")); -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && - ssl->conf->max_early_data_size > 0) { - mbedtls_ssl_session_set_ticket_flags( - session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - /* * ticket_lifetime 4 bytes * ticket_age_add 4 bytes @@ -3323,8 +3321,9 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, p += 2; #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && - ssl->conf->max_early_data_size > 0) { + if (mbedtls_ssl_session_ticket_allow_early_data(session)) { + size_t output_len; + if ((ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, 1, p, end, &output_len)) != 0) { MBEDTLS_SSL_DEBUG_RET( From 750e06743f4ecbb929dc28779bfb1081575589de Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 6 Dec 2023 15:43:23 +0800 Subject: [PATCH 25/25] remove misbehavior tests and code Signed-off-by: Jerry Yu --- programs/ssl/ssl_server2.c | 62 ++++++++++--------------------- tests/opt-testcases/tls13-misc.sh | 16 -------- 2 files changed, 20 insertions(+), 58 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 28cd33b115..e6ebd8e1df 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -122,7 +122,7 @@ int main(void) #define DFL_SNI NULL #define DFL_ALPN_STRING NULL #define DFL_GROUPS NULL -#define DFL_MAX_EARLY_DATA_SIZE NULL +#define DFL_MAX_EARLY_DATA_SIZE 0 #define DFL_SIG_ALGS NULL #define DFL_DHM_FILE NULL #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM @@ -427,17 +427,11 @@ int main(void) #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#define ARRAY_LENGTH(a) (sizeof(a)/sizeof(a[0])) #if defined(MBEDTLS_SSL_EARLY_DATA) - #define USAGE_EARLY_DATA \ - " max_early_data_size=%%d default: -1 (disabled)\n" \ - " The max amount of 0-RTT data for 1st and 2nd connection\n" \ - " format: 1st_connection_value[,2nd_connection_value]\n" \ - " available values: < 0 (disabled), >= 0 (enabled).\n" \ - " The absolute value is the max amount of 0-RTT data \n" \ - " up to UINT32_MAX. \n" - + " max_early_data_size=%%d default: -1 (disabled)\n" \ + " options: -1 (disabled), " \ + " >= 0 (enabled, max amount of early data )\n" #else #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -700,7 +694,7 @@ struct options { const char *cid_val_renego; /* the CID to use for incoming messages * after renegotiation */ int reproducible; /* make communication reproducible */ - const char *max_early_data_size; /* max amount list of early data */ + uint32_t max_early_data_size; /* max amount of early data */ int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ int force_srtp_profile; /* SRTP protection profile to use or all */ @@ -1616,9 +1610,7 @@ int main(int argc, char *argv[]) #endif /* MBEDTLS_SSL_DTLS_SRTP */ #if defined(MBEDTLS_SSL_EARLY_DATA) - long long max_early_data_size_list[2]; - size_t max_early_data_size_count = 0; - size_t tls13_connection_counter = 0; + int tls13_early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; #endif #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); @@ -1988,23 +1980,12 @@ usage: #endif #if defined(MBEDTLS_SSL_EARLY_DATA) else if (strcmp(p, "max_early_data_size") == 0) { - char *endptr, *str; - opt.max_early_data_size = q; - str = endptr = q; - for (size_t early_data_size_iter = 0; - early_data_size_iter < ARRAY_LENGTH(max_early_data_size_list); - early_data_size_iter++) { - long long value = strtoll(str, &endptr, 0); - if (str == endptr || (*endptr != ',' && *endptr != '\0')) { - mbedtls_printf("fail\n illegal digital number for max_early_data_size %s\n", - endptr); - goto exit; - } - max_early_data_size_list[max_early_data_size_count++] = value; - if (*endptr == '\0') { - break; - } - str = endptr + 1; + long long value = atoll(q); + tls13_early_data_enabled = + value >= 0 ? MBEDTLS_SSL_EARLY_DATA_ENABLED : + MBEDTLS_SSL_EARLY_DATA_DISABLED; + if (tls13_early_data_enabled) { + opt.max_early_data_size = atoi(q); } } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -2826,6 +2807,14 @@ usage: mbedtls_ssl_conf_cert_req_ca_list(&conf, opt.cert_req_ca_list); } +#if defined(MBEDTLS_SSL_EARLY_DATA) + mbedtls_ssl_conf_early_data(&conf, tls13_early_data_enabled); + if (tls13_early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { + mbedtls_ssl_conf_max_early_data_size( + &conf, opt.max_early_data_size); + } +#endif /* MBEDTLS_SSL_EARLY_DATA */ + #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) /* exercise setting DN hints for server certificate request * (Intended for use where the client cert expected has been signed by @@ -3323,17 +3312,6 @@ usage: mbedtls_printf(" ok\n"); reset: - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (tls13_connection_counter < max_early_data_size_count) { - long long max_early_data_size = max_early_data_size_list[tls13_connection_counter]; - mbedtls_ssl_conf_early_data( - &conf, max_early_data_size < 0 ? MBEDTLS_SSL_EARLY_DATA_DISABLED : - MBEDTLS_SSL_EARLY_DATA_ENABLED); - mbedtls_ssl_conf_max_early_data_size(&conf, (uint32_t) llabs(max_early_data_size)); - } - tls13_connection_counter++; -#endif /* MBEDTLS_SSL_EARLY_DATA */ #if !defined(_WIN32) if (received_sigterm) { mbedtls_printf(" interrupted by SIGTERM (not in net_accept())\n"); diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 74b6aa2d01..a4742030bc 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -490,22 +490,6 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \ EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 )) EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 )) -requires_gnutls_next -requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ - MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \ - "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=-1" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \ - 1 \ - -s "ClientHello: early_data(42) extension exists." \ - -s "EncryptedExtensions: early_data(42) extension does not exist." \ - -s "NewSessionTicket: early_data(42) extension does not exist." \ - -s "Last error was: -29056 - SSL - Verification of the message MAC failed" - requires_gnutls_next requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \