Merge pull request #6719 from yuhaoth/pr/tls13-early-data-add-early-data-of-client-hello

TLS 1.3: EarlyData SRV: Add early data extension parser.
2025-08-08 17:42:09 +03:00 · 2023-10-26 08:31:53 +00:00
parent 5d055f8206 53a332d970
commit 95b735530c
6 changed files with 54 additions and 4 deletions
--- a/tests/data_files/tls13_early_data.txt
+++ b/tests/data_files/tls13_early_data.txt
@@ -0,0 +1,3 @@
+EarlyData context: line 0                                                    lf
+EarlyData context: line 1                                                    lf
+EarlyData context: If it appears, that means early_data received.
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -493,3 +493,18 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \
         -S "No suitable key exchange mode" \
         -s "found matched identity"

+requires_gnutls_next
+requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS     \
+                             MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME    \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+                             MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \
+         "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=-1" \
+         "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \
+         1 \
+         -s "ClientHello: early_data(42) extension exists."                     \
+         -s "EncryptedExtensions: early_data(42) extension does not exist."    \
+         -s "NewSessionTicket: early_data(42) extension does not exist."        \
+         -s "Last error was: -29056 - SSL - Verification of the message MAC failed"
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -72,6 +72,7 @@ guess_config_name() {
 : ${MBEDTLS_TEST_OUTCOME_FILE=}
 : ${MBEDTLS_TEST_CONFIGURATION:="$(guess_config_name)"}
 : ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
+: ${EARLY_DATA_INPUT:=data_files/tls13_early_data.txt}

 O_SRV="$OPENSSL s_server -www -cert data_files/server5.crt -key data_files/server5.key"
 O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL s_client"