yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

share write_early_data_ext function

Browse source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2023-11-23 18:06:06 +08:00
parent 0069abc141
commit 5233539d9f
4 changed files with 35 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
library/ssl_misc.h
View file

@ -2115,7 +2115,8 @@ int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange(
int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
size_t *out_len); size_t *out_len,
const mbedtls_ssl_session *session);
#if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SRV_C)
#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED \ #define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED \

4
library/ssl_tls13_client.c
View file

@ -1174,7 +1174,9 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl,
if (mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) && if (mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) &&
ssl_tls13_early_data_has_valid_ticket(ssl) && ssl_tls13_early_data_has_valid_ticket(ssl) &&
ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) {
ret = mbedtls_ssl_tls13_write_early_data_ext(ssl, p, end, &ext_len);
ret = mbedtls_ssl_tls13_write_early_data_ext(
ssl, p, end, &ext_len, NULL);
if (ret != 0) { if (ret != 0) {
return ret; return ret;
} }

34
library/ssl_tls13_generic.c
View file

@ -1402,28 +1402,48 @@ cleanup:
* *
* struct { * struct {
* select ( Handshake.msg_type ) { * select ( Handshake.msg_type ) {
* ... * case new_session_ticket: uint32 max_early_data_size;
* case client_hello: Empty; * case client_hello: Empty;
* case encrypted_extensions: Empty; * case encrypted_extensions: Empty;
* }; * };
* } EarlyDataIndication; * } EarlyDataIndication;
*
* We use `mbedtls_ssl_is_handshake_over()` to decide if `max_early_data_size`
* should be sent for `new_session_ticket` is post-handshake message.
*/ */
#if defined(MBEDTLS_SSL_EARLY_DATA) #if defined(MBEDTLS_SSL_EARLY_DATA)
int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
size_t *out_len) size_t *out_len,
const mbedtls_ssl_session *session)
{ {
unsigned char *p = buf; unsigned char *p = buf;
*out_len = 0;
((void) ssl);
MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); #if defined(MBEDTLS_SSL_SRV_C)
const size_t needed = session != NULL ? 8 : 4;
#else
const size_t needed = 4;
((void) session);
#endif
*out_len = 0;
MBEDTLS_SSL_CHK_BUF_PTR(p, end, needed);
MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0); MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0);
MBEDTLS_PUT_UINT16_BE(0, p, 2); MBEDTLS_PUT_UINT16_BE(needed - 4, p, 2);
*out_len = 4; #if defined(MBEDTLS_SSL_SRV_C)
if (session != NULL) {
MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 4);
MBEDTLS_SSL_DEBUG_MSG(
4, ("Sent max_early_data_size=%u",
(unsigned int) session->max_early_data_size));
}
#endif
*out_len = needed;
mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA); mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA);

48
library/ssl_tls13_server.c
View file

@ -2524,7 +2524,8 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_EARLY_DATA) #if defined(MBEDTLS_SSL_EARLY_DATA)
if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
ret = mbedtls_ssl_tls13_write_early_data_ext(ssl, p, end, &output_len); ret = mbedtls_ssl_tls13_write_early_data_ext(
ssl, p, end, &output_len, NULL);
if (ret != 0) { if (ret != 0) {
return ret; return ret;
} }
@ -3202,49 +3203,6 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl,
return 0; return 0;
} }
#if defined(MBEDTLS_SSL_EARLY_DATA)
/* RFC 8446 section 4.2.10
*
* struct {
* select (Handshake.msg_type) {
* case new_session_ticket: uint32 max_early_data_size;
* ...
* };
* } EarlyDataIndication;
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_nst_early_data_ext(mbedtls_ssl_context *ssl,
unsigned char *buf,
const unsigned char *end,
size_t *out_len)
{
unsigned char *p = buf;
*out_len = 0;
if (!mbedtls_ssl_session_ticket_allow_early_data(ssl->session)) {
MBEDTLS_SSL_DEBUG_MSG(
4, ("early_data not allowed, skip early_data extension in "
"NewSessionTicket"));
return 0;
}
MBEDTLS_SSL_CHK_BUF_PTR(p, end, 8);
MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0);
MBEDTLS_PUT_UINT16_BE(4, p, 2);
MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4);
MBEDTLS_SSL_DEBUG_MSG(
4, ("Sent max_early_data_size=%u",
(unsigned int) ssl->conf->max_early_data_size));
*out_len = 8;
mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA);
return 0;
}
#endif /* MBEDTLS_SSL_EARLY_DATA */
/* This function creates a NewSessionTicket message in the following format: /* This function creates a NewSessionTicket message in the following format:
* *
* struct { * struct {
@ -3371,7 +3329,7 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl,
if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED &&
ssl->conf->max_early_data_size > 0) { ssl->conf->max_early_data_size > 0) {
if ((ret = mbedtls_ssl_tls13_write_early_data_ext( if ((ret = mbedtls_ssl_tls13_write_early_data_ext(
ssl, p, end, &output_len)) != 0) { ssl, p, end, &output_len, session)) != 0) {
MBEDTLS_SSL_DEBUG_RET( MBEDTLS_SSL_DEBUG_RET(
1, "mbedtls_ssl_tls13_write_early_data_ext", ret); 1, "mbedtls_ssl_tls13_write_early_data_ext", ret);
return ret; return ret;