add early data extension of NST
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
parent
40f3f1c36f
commit
01da35e2c8
1 changed files with 66 additions and 3 deletions
|
@ -3195,6 +3195,49 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl,
|
|||
return 0;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
/* RFC 8446 section 4.2.10
|
||||
*
|
||||
* struct {
|
||||
* select ( Handshake.msg_type ) {
|
||||
* case new_session_ticket: uint32 max_early_data_size;
|
||||
* ...
|
||||
* };
|
||||
* } EarlyDataIndication;
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_write_early_data_ext_of_nst(mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
size_t *out_len)
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
*out_len = 0;
|
||||
|
||||
if ((ssl->session->ticket_flags &
|
||||
MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) == 0) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(
|
||||
4, ("Skip early_data extension in NST for it is not allowed."));
|
||||
return 0;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_PTR(p, end, 8);
|
||||
|
||||
MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0);
|
||||
MBEDTLS_PUT_UINT16_BE(4, p, 2);
|
||||
MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4);
|
||||
MBEDTLS_SSL_DEBUG_MSG(
|
||||
4, ("Sent max_early_data_size=%u",
|
||||
(unsigned int) ssl->conf->max_early_data_size));
|
||||
|
||||
*out_len = 8;
|
||||
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA);
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
|
||||
/* This function creates a NewSessionTicket message in the following format:
|
||||
*
|
||||
* struct {
|
||||
|
@ -3232,10 +3275,20 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl,
|
|||
mbedtls_ssl_session *session = ssl->session;
|
||||
size_t ticket_len;
|
||||
uint32_t ticket_lifetime;
|
||||
unsigned char *p_extensions_len;
|
||||
size_t output_len;
|
||||
|
||||
((void) output_len);
|
||||
|
||||
*out_len = 0;
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write NewSessionTicket msg"));
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) {
|
||||
session->ticket_flags |= MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
|
||||
/*
|
||||
* ticket_lifetime 4 bytes
|
||||
* ticket_age_add 4 bytes
|
||||
|
@ -3293,15 +3346,25 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl,
|
|||
|
||||
/* Ticket Extensions
|
||||
*
|
||||
* Note: We currently don't have any extensions.
|
||||
* Set length to zero.
|
||||
* Extension extensions<0..2^16-2>;
|
||||
*/
|
||||
ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
|
||||
MBEDTLS_PUT_UINT16_BE(0, p, 0);
|
||||
p_extensions_len = p;
|
||||
p += 2;
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
if ((ret = ssl_tls13_write_early_data_ext_of_nst(
|
||||
ssl, p, end, &output_len)) != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_early_data_ext_of_nst", ret);
|
||||
return ret;
|
||||
}
|
||||
p += output_len;
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
|
||||
MBEDTLS_PUT_UINT16_BE(p - p_extensions_len - 2, p_extensions_len, 0);
|
||||
|
||||
*out_len = p - buf;
|
||||
MBEDTLS_SSL_DEBUG_BUF(4, "ticket", buf, *out_len);
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("<= write new session ticket"));
|
||||
|
|
Loading…
Reference in a new issue