Add early data support preparatory work

Add MBEDTLS_SSL_EARLY_DATA configuration option
Define early_data_enabled field in mbedtls_ssl_config
Add function mbedtls_ssl_conf_early_data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>

include/mbedtls/mbedtls_config.h

@@ -1632,6 +1632,14 @@
  */
 #define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
 
+/**
+* \def MBEDTLS_SSL_EARLY_DATA
+*
+* Allows to add functionality for TLS/DTLS 1.3 early data.
+*
+*/
+//#define MBEDTLS_SSL_EARLY_DATA
+
 /**
  * \def MBEDTLS_SSL_PROTO_DTLS
  *

include/mbedtls/ssl.h

@@ -329,6 +329,12 @@
 #define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED       1
 #define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED      0
 
+#define MBEDTLS_SSL_EARLY_DATA_DISABLED        0
+#define MBEDTLS_SSL_EARLY_DATA_ENABLED         1
+
+#define MBEDTLS_SSL_EARLY_DATA_OFF        0
+#define MBEDTLS_SSL_EARLY_DATA_ON         1
+
 #define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED    0
 #define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED      1
 
@@ -1496,6 +1502,12 @@ struct mbedtls_ssl_config
                                      *   is not \c 0. */
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    int early_data_enabled;     /*!< Early data indication:
+                        *   - MBEDTLS_SSL_EARLY_DATA_DISABLED,
+                        *   - MBEDTLS_SSL_EARLY_DATA_ENABLED */
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
 #if defined(MBEDTLS_SSL_ALPN)
     const char **MBEDTLS_PRIVATE(alpn_list);         /*!< ordered list of protocols          */
 #endif
@@ -1905,6 +1917,32 @@ void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
  */
 void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
 
+/**
+* \brief          Set the early_data mode
+*                 Default: disabled on server and client
+*
+* \param ssl     SSL context
+* \param early_data can be:
+*
+*  MBEDTLS_SSL_EARLY_DATA_DISABLED:  early data functionality will not be used
+*                        (default on server)
+*                        (default on client)
+*
+*  MBEDTLS_SSL_EARLY_DATA_ENABLED:  early data functionality is enabled and
+*                        may be negotiated in the handshake. Application using
+*                        early data functionality needs to be aware of the
+*                        lack of replay protection of the early data application
+*                        payloads.
+*
+* \param max_early_data  Max number of bytes allowed for early data (server only).
+* \param early_data_callback Callback function when early data is received (server
+*                            only).
+*/
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA)
+void mbedtls_ssl_conf_early_data( mbedtls_ssl_config *conf,
+                                  int early_data_enabled );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA */
+
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 /**
  * \brief          Set the verification callback (Optional).

library/ssl_misc.h

@@ -243,6 +243,9 @@
 /* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */
 #define MBEDTLS_SSL_MAX_CURVE_LIST_LEN         65535
 
+/* Maximum amount of early data to buffer on the server. */
+#define MBEDTLS_SSL_MAX_EARLY_DATA             1024
+
 #define MBEDTLS_RECEIVED_SIG_ALGS_SIZE         20
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)

library/ssl_tls13_generic.c

@@ -1080,6 +1080,14 @@ cleanup:
 
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+void mbedtls_ssl_conf_early_data( mbedtls_ssl_config *conf,
+                                  int early_data_enabled )
+{
+    conf->early_data_enabled = early_data;
+}
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
 /*
  *
  * STATE HANDLING: Incoming Finished message.