Add max_early_data_size option for ssl_sever2

- to set max_early_data_set Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-05 23:14:47 +08:00 · 2022-11-05 23:14:47 +08:00 · 7854a4e019
commit 7854a4e019
parent cc4e007ff6
1 changed files with 23 additions and 0 deletions
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -129,6 +129,7 @@ int main( void )
 #define DFL_SNI                 NULL
 #define DFL_ALPN_STRING         NULL
 #define DFL_CURVES              NULL
+#define DFL_MAX_EARLY_DATA_SIZE 0
 #define DFL_SIG_ALGS            NULL
 #define DFL_DHM_FILE            NULL
 #define DFL_TRANSPORT           MBEDTLS_SSL_TRANSPORT_STREAM
@ -424,6 +425,16 @@ int main( void )
 #define USAGE_ECJPAKE ""
 #endif

+#if defined(MBEDTLS_SSL_EARLY_DATA)
+#define USAGE_EARLY_DATA \
+    "    max_early_data_size=%%d default: 0 (disabled)\n"             \
+    "                            options: 0     (disabled), "           \
+    "                                     -1    (enabled, builtin max size), " \
+    "                                     n > 0 (enabled, max amount data for 0-RTT )\n"
+#else
+#define USAGE_EARLY_DATA ""
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
 #if defined(MBEDTLS_ECP_C)
 #define USAGE_CURVES \
    "    curves=a,b,c,d      default: \"default\" (library default)\n"  \
@ -680,6 +691,7 @@ struct options
    const char *cid_val_renego; /* the CID to use for incoming messages
                                 * after renegotiation                      */
    int reproducible;           /* make communication reproducible          */
+    uint32_t max_early_data_size; /* max amount early data                   */
    int query_config_mode;      /* whether to read config                   */
    int use_srtp;               /* Support SRTP                             */
    int force_srtp_profile;     /* SRTP protection profile to use or all    */
@ -1695,6 +1707,7 @@ int main( int argc, char *argv[] )
    opt.sni                 = DFL_SNI;
    opt.alpn_string         = DFL_ALPN_STRING;
    opt.curves              = DFL_CURVES;
+    opt.max_early_data_size = DFL_MAX_EARLY_DATA_SIZE;
    opt.sig_algs            = DFL_SIG_ALGS;
    opt.dhm_file            = DFL_DHM_FILE;
    opt.transport           = DFL_TRANSPORT;
@ -1891,6 +1904,12 @@ int main( int argc, char *argv[] )
        else if( strcmp( p, "sig_algs" ) == 0 )
            opt.sig_algs = q;
 #endif
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+        else if( strcmp( p, "max_early_data_size" ) == 0 )
+        {
+            opt.max_early_data_size = atoi( q );
+        }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
        else if( strcmp( p, "renegotiation" ) == 0 )
        {
            opt.renegotiation = (atoi( q )) ?
@ -2886,6 +2905,10 @@ int main( int argc, char *argv[] )
    if( opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST )
        mbedtls_ssl_conf_cert_req_ca_list( &conf, opt.cert_req_ca_list );

+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    mbedtls_ssl_tls13_conf_max_early_data_size( &conf, opt.max_early_data_size );
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
 #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
    /* exercise setting DN hints for server certificate request
     * (Intended for use where the client cert expected has been signed by