From 0e97d4d16dcf4d90fdac381a3c0ec7cd68fd29f2 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 24 Oct 2022 11:12:51 +0000 Subject: [PATCH 01/29] Add early data indication to client side Add fields to mbedtls_ssl_context Add write early data indication function Add check whether write early data indication Add early data option to ssl_client2 Add test cases for early data Signed-off-by: Xiaokang Qian --- include/mbedtls/build_info.h | 4 ++++ include/mbedtls/ssl.h | 16 ++++++++++++++ library/ssl_misc.h | 19 ++++++++++++++++ library/ssl_tls.c | 9 ++++++++ library/ssl_tls13_client.c | 39 +++++++++++++++++++++++---------- library/ssl_tls13_generic.c | 35 ++++++++++++++++++++++++++++++ programs/ssl/ssl_client2.c | 42 ++++++++++++++++++++++++++++++++++++ tests/configs/tls13-only.h | 1 + tests/ssl-opt.sh | 18 ++++++++++++++++ 9 files changed, 172 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 170cbebbe..f1bb52770 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -112,6 +112,10 @@ #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +#endif + +#if !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \ + !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) #undef MBEDTLS_SSL_EARLY_DATA #endif diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 01ede4088..47ce3c695 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -332,6 +332,9 @@ #define MBEDTLS_SSL_EARLY_DATA_DISABLED 0 #define MBEDTLS_SSL_EARLY_DATA_ENABLED 1 +#define MBEDTLS_SSL_EARLY_DATA_OFF 0 +#define MBEDTLS_SSL_EARLY_DATA_ON 1 + #define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0 #define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1 @@ -801,6 +804,11 @@ typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert; typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; #endif +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) +#define MBEDTLS_SSL_EARLY_DATA_NOT_SENT 0 +#define MBEDTLS_SSL_EARLY_DATA_REJECTED 1 +#define MBEDTLS_SSL_EARLY_DATA_ACCEPTED 2 +#endif /** * \brief Callback type: server-side session cache getter * @@ -1783,6 +1791,13 @@ struct mbedtls_ssl_context * and #MBEDTLS_SSL_CID_DISABLED. */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) + /* + * early data request state + */ + int MBEDTLS_PRIVATE(early_data_status); +#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */ + /** Callback to export key block and master secret */ mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys); void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */ @@ -1936,6 +1951,7 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); */ void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf, int early_data_enabled ); + #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA */ #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index ad8754cac..2b1f90f4f 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -987,6 +987,15 @@ struct mbedtls_ssl_handshake_params } tls13_master_secrets; mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets; + +#if defined(MBEDTLS_SSL_EARLY_DATA) + mbedtls_ssl_tls13_early_secrets early_secrets; + + int early_data; /*!< Early data indication: + * 0 -- MBEDTLS_SSL_EARLY_DATA_DISABLED (for no early data), and + * 1 -- MBEDTLS_SSL_EARLY_DATA_ENABLED (for use early data) + */ +#endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) @@ -1480,6 +1489,11 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, #endif /* !MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_TICKETS) +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl ); +#endif + #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) #if defined(MBEDTLS_SSL_CLI_C) MBEDTLS_CHECK_RETURN_CRITICAL @@ -2046,6 +2060,11 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( size_t *out_len ); #endif /* MBEDTLS_ECDH_C */ +#if defined(MBEDTLS_SSL_EARLY_DATA) +int mbedtls_ssl_tls13_write_early_data_ext( + mbedtls_ssl_context *ssl, + unsigned char *buf, const unsigned char *end, size_t *olen); +#endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index da90b2350..945a2e9bd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1872,6 +1872,15 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) +int mbedtls_ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl ) +{ + mbedtls_ssl_session *session = ssl->session_negotiate; + return( ssl->handshake->resume && + session != NULL && session->ticket != NULL ); +} +#endif + #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ) { diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 9940a0e5e..0d24474ec 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -693,13 +693,6 @@ static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg( int ciphersuite ) } #if defined(MBEDTLS_SSL_SESSION_TICKETS) -static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl ) -{ - mbedtls_ssl_session *session = ssl->session_negotiate; - return( ssl->handshake->resume && - session != NULL && session->ticket != NULL ); -} - MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl, psa_algorithm_t *hash_alg, @@ -708,7 +701,7 @@ static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl, { mbedtls_ssl_session *session = ssl->session_negotiate; - if( !ssl_tls13_has_configured_ticket( ssl ) ) + if( !mbedtls_ssl_tls13_has_configured_ticket( ssl ) ) return( -1 ); *hash_alg = ssl_tls13_get_ciphersuite_hash_alg( session->ciphersuite ); @@ -726,7 +719,7 @@ static int ssl_tls13_ticket_get_psk( mbedtls_ssl_context *ssl, mbedtls_ssl_session *session = ssl->session_negotiate; - if( !ssl_tls13_has_configured_ticket( ssl ) ) + if( !mbedtls_ssl_tls13_has_configured_ticket( ssl ) ) return( -1 ); *hash_alg = ssl_tls13_get_ciphersuite_hash_alg( session->ciphersuite ); @@ -773,7 +766,7 @@ static int ssl_tls13_get_configured_psk_count( mbedtls_ssl_context *ssl ) { int configured_psk_count = 0; #if defined(MBEDTLS_SSL_SESSION_TICKETS) - if( ssl_tls13_has_configured_ticket( ssl ) ) + if( mbedtls_ssl_tls13_has_configured_ticket( ssl ) ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "Ticket is configured" ) ); configured_psk_count++; @@ -1093,7 +1086,8 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_SESSION_TICKETS) - if( selected_identity == 0 && ssl_tls13_has_configured_ticket( ssl ) ) + if( selected_identity == 0 && + mbedtls_ssl_tls13_has_configured_ticket( ssl ) ) { ret = ssl_tls13_ticket_get_psk( ssl, &hash_alg, &psk, &psk_len ); } @@ -1160,6 +1154,29 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, } #endif +#if defined(MBEDTLS_SSL_EARLY_DATA) + if( mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) && + ( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 1 || + mbedtls_ssl_tls13_has_configured_ticket( ssl ) ) && + ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED ) + { + ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, p, end, &ext_len ); + if( ret != 0 ) + return( ret ); + p += ext_len; + + ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_ON; + /* We're using rejected once we send the EarlyData extension, + and change it to accepted upon receipt of the server extension. */ + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_REJECTED; + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write early_data extension" ) ); + ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_OFF; + } +#endif /* MBEDTLS_SSL_EARLY_DATA */ + #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /* For PSK-based key exchange we need the pre_shared_key extension * and the psk_key_exchange_modes extension. diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index f85499889..875748753 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1374,6 +1374,41 @@ cleanup: #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ +/* Early Data Extension + * + * struct {} Empty; + * + * struct { + * select ( Handshake.msg_type ) { + * case new_session_ticket: uint32 max_early_data_size; + * case client_hello: Empty; + * case encrypted_extensions: Empty; + * }; + * } EarlyDataIndication; + */ +#if defined(MBEDTLS_SSL_EARLY_DATA) +int mbedtls_ssl_tls13_write_early_data_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *out_len ) +{ + unsigned char *p = buf; + *out_len = 0; + ((void) ssl); + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "client hello, adding early_data extension" ) ); + + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EARLY_DATA, p, 0 ); + /* Write length of the early data indication extension */ + MBEDTLS_PUT_UINT16_BE( 0, p, 2 ); + + *out_len = 4; + return( 0 ); +} +#endif /* MBEDTLS_SSL_EARLY_DATA */ + /* Reset SSL context and update hash for handling HRR. * * Replace Transcript-Hash(X) by diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 56efb3c17..9685e69d4 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -344,6 +344,14 @@ int main( void ) #define USAGE_SERIALIZATION "" #endif +#if defined(MBEDTLS_SSL_EARLY_DATA) +#define USAGE_EARLY_DATA \ + " early_data=%%d default: 0 (disabled)\n" \ + " options: 0 (disabled), 1 (enabled)\n" +#else +#define USAGE_EARLY_DATA "" +#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ + #define USAGE_KEY_OPAQUE_ALGS \ " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \ " comma-separated pair of values among the following:\n" \ @@ -533,6 +541,7 @@ struct options * after renegotiation */ int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ + int early_data; /* support for early data */ int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ int force_srtp_profile; /* SRTP protection profile to use or all */ @@ -1189,7 +1198,24 @@ int main( int argc, char *argv[] ) default: goto usage; } } + #if defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_SSL_EARLY_DATA) + else if( strcmp( p, "early_data" ) == 0 ) + { + switch( atoi( q ) ) + { + case 0: + opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + break; + case 1: + opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + break; + default: goto usage; + } + } +#endif /* MBEDTLS_SSL_EARLY_DATA */ + else if( strcmp( p, "tls13_kex_modes" ) == 0 ) { if( strcmp( q, "psk" ) == 0 ) @@ -2091,6 +2117,10 @@ int main( int argc, char *argv[] ) if( opt.max_version != DFL_MAX_VERSION ) mbedtls_ssl_conf_max_tls_version( &conf, opt.max_version ); +#if defined(MBEDTLS_SSL_EARLY_DATA) + mbedtls_ssl_tls13_conf_early_data( &conf, opt.early_data ); +#endif /* MBEDTLS_SSL_EARLY_DATA */ + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", @@ -2467,6 +2497,12 @@ int main( int argc, char *argv[] ) } } +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) + /* TODO: We can log the actual early data status after we define + * the API mbedtls_ssl_get_early_data_status. + */ +#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */ + #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) /* * 5. Verify the server certificate @@ -3177,6 +3213,12 @@ reconnect: mbedtls_printf( " ok\n" ); +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) + /* TODO: We can log the actual early data status when reconnect + * after we define the API mbedtls_ssl_get_early_data_status. + */ +#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */ + goto send_request; } diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index 7483f1cd9..a4dcb92ba 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -24,6 +24,7 @@ /* Enable TLS 1.3 and core 1.3 features */ #define MBEDTLS_SSL_PROTO_TLS1_3 +#define MBEDTLS_SSL_EARLY_DATA #define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE /* Disable TLS 1.2 and 1.2-specific features */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9eb925aa1..14123fa9a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -80,12 +80,14 @@ fi if [ -n "${OPENSSL_NEXT:-}" ]; then O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key" + O_NEXT_SRV_NO_WWW="$OPENSSL_NEXT s_server -cert data_files/server5.crt -key data_files/server5.key" O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www " O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile data_files/test-ca_cat12.crt" O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client" else O_NEXT_SRV=false O_NEXT_SRV_NO_CERT=false + O_NEXT_SRV_NO_WWW=false O_NEXT_CLI_NO_CERT=false O_NEXT_CLI=false fi @@ -1690,6 +1692,7 @@ fi if [ -n "${OPENSSL_NEXT:-}" ]; then O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT" + O_NEXT_SRV_NO_WWW="$O_NEXT_SRV_NO_WWW -accept $SRV_PORT" O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT" O_NEXT_CLI_NO_CERT="$O_NEXT_CLI_NO_CERT -connect 127.0.0.1:+SRV_PORT" fi @@ -13039,6 +13042,21 @@ run_test "TLS 1.3: NewSessionTicket: servername negative check, m->m" \ -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \ -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" +requires_openssl_next +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_EARLY_DATA +run_test "TLS 1.3, ext PSK, early data" \ + "$O_NEXT_SRV_NO_WWW -msg -debug -tls1_3 -early_data -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ + "$P_CLI nbio=2 debug_level=5 force_version=tls13 tls13_kex_modes=psk early_data=1 psk=010203 psk_identity=0a0b0c" \ + 1 \ + -c "=> write client hello" \ + -c "client hello, adding early_data extension" \ + -c "<= write client hello" \ + -c "client state: MBEDTLS_SSL_SERVER_HELLO" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 911c0cc4f0971e0cc77685359cc8b649bb147e4f Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 31 Oct 2022 09:35:32 +0000 Subject: [PATCH 02/29] Fix format issues in comments Signed-off-by: Xiaokang Qian --- include/mbedtls/ssl.h | 2 +- library/ssl_tls13_generic.c | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 47ce3c695..6369de0a9 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1793,7 +1793,7 @@ struct mbedtls_ssl_context #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) /* - * early data request state + * early data request status */ int MBEDTLS_PRIVATE(early_data_status); #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 875748753..a27315102 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1375,8 +1375,6 @@ cleanup: #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ /* Early Data Extension - * - * struct {} Empty; * * struct { * select ( Handshake.msg_type ) { From 893ad8196689e0c75ec3a318bee1270da724222e Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 31 Oct 2022 10:38:10 +0000 Subject: [PATCH 03/29] Remove useless early_secrets field Signed-off-by: Xiaokang Qian --- library/ssl_misc.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2b1f90f4f..52dbb3b17 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -989,8 +989,6 @@ struct mbedtls_ssl_handshake_params mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets; #if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_tls13_early_secrets early_secrets; - int early_data; /*!< Early data indication: * 0 -- MBEDTLS_SSL_EARLY_DATA_DISABLED (for no early data), and * 1 -- MBEDTLS_SSL_EARLY_DATA_ENABLED (for use early data) From b781a2323c8aa878b3370a6335479940b6d9483c Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Tue, 1 Nov 2022 07:39:46 +0000 Subject: [PATCH 04/29] Move ssl_tls13_has_configured_ticket() back to tls13 client Signed-off-by: Xiaokang Qian --- library/ssl_misc.h | 5 ----- library/ssl_tls.c | 9 --------- library/ssl_tls13_client.c | 18 +++++++++++++----- 3 files changed, 13 insertions(+), 19 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 52dbb3b17..901c1049d 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1487,11 +1487,6 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, #endif /* !MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl ); -#endif - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) #if defined(MBEDTLS_SSL_CLI_C) MBEDTLS_CHECK_RETURN_CRITICAL diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 945a2e9bd..da90b2350 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1872,15 +1872,6 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -int mbedtls_ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl ) -{ - mbedtls_ssl_session *session = ssl->session_negotiate; - return( ssl->handshake->resume && - session != NULL && session->ticket != NULL ); -} -#endif - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ) { diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 0d24474ec..bb7e14bea 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -693,6 +693,14 @@ static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg( int ciphersuite ) } #if defined(MBEDTLS_SSL_SESSION_TICKETS) +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl ) +{ + mbedtls_ssl_session *session = ssl->session_negotiate; + return( ssl->handshake->resume && + session != NULL && session->ticket != NULL ); +} + MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl, psa_algorithm_t *hash_alg, @@ -701,7 +709,7 @@ static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl, { mbedtls_ssl_session *session = ssl->session_negotiate; - if( !mbedtls_ssl_tls13_has_configured_ticket( ssl ) ) + if( !ssl_tls13_has_configured_ticket( ssl ) ) return( -1 ); *hash_alg = ssl_tls13_get_ciphersuite_hash_alg( session->ciphersuite ); @@ -719,7 +727,7 @@ static int ssl_tls13_ticket_get_psk( mbedtls_ssl_context *ssl, mbedtls_ssl_session *session = ssl->session_negotiate; - if( !mbedtls_ssl_tls13_has_configured_ticket( ssl ) ) + if( !ssl_tls13_has_configured_ticket( ssl ) ) return( -1 ); *hash_alg = ssl_tls13_get_ciphersuite_hash_alg( session->ciphersuite ); @@ -766,7 +774,7 @@ static int ssl_tls13_get_configured_psk_count( mbedtls_ssl_context *ssl ) { int configured_psk_count = 0; #if defined(MBEDTLS_SSL_SESSION_TICKETS) - if( mbedtls_ssl_tls13_has_configured_ticket( ssl ) ) + if( ssl_tls13_has_configured_ticket( ssl ) ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "Ticket is configured" ) ); configured_psk_count++; @@ -1087,7 +1095,7 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_SESSION_TICKETS) if( selected_identity == 0 && - mbedtls_ssl_tls13_has_configured_ticket( ssl ) ) + ssl_tls13_has_configured_ticket( ssl ) ) { ret = ssl_tls13_ticket_get_psk( ssl, &hash_alg, &psk, &psk_len ); } @@ -1157,7 +1165,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) if( mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) && ( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 1 || - mbedtls_ssl_tls13_has_configured_ticket( ssl ) ) && + ssl_tls13_has_configured_ticket( ssl ) ) && ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED ) { ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, p, end, &ext_len ); From 338f7276835fa1543de883017c8dc7802b567521 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 2 Nov 2022 07:18:30 +0000 Subject: [PATCH 05/29] Move EARLY_DATA_OFF/ON guard to ssl_misc.h Signed-off-by: Xiaokang Qian --- include/mbedtls/ssl.h | 3 --- library/ssl_misc.h | 4 ++++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6369de0a9..8c4985987 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -332,9 +332,6 @@ #define MBEDTLS_SSL_EARLY_DATA_DISABLED 0 #define MBEDTLS_SSL_EARLY_DATA_ENABLED 1 -#define MBEDTLS_SSL_EARLY_DATA_OFF 0 -#define MBEDTLS_SSL_EARLY_DATA_ON 1 - #define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0 #define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1 diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 901c1049d..d454ebb51 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -77,6 +77,10 @@ /* Faked handshake message identity for HelloRetryRequest. */ #define MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST ( -MBEDTLS_SSL_HS_SERVER_HELLO ) +/* Early data indication sent or not */ +#define MBEDTLS_SSL_EARLY_DATA_OFF 0 +#define MBEDTLS_SSL_EARLY_DATA_ON 1 + /* * Internal identity of handshake extensions */ From 76332816c7a29d2f5f3e8a623fd4b9712caead08 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 2 Nov 2022 07:22:48 +0000 Subject: [PATCH 06/29] Define the EARLY_DATA_STATUS Signed-off-by: Xiaokang Qian --- include/mbedtls/ssl.h | 7 ++++--- library/ssl_tls13_client.c | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8c4985987..92ab1a390 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -802,9 +802,10 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; #endif #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) -#define MBEDTLS_SSL_EARLY_DATA_NOT_SENT 0 -#define MBEDTLS_SSL_EARLY_DATA_REJECTED 1 -#define MBEDTLS_SSL_EARLY_DATA_ACCEPTED 2 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN 0 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 1 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 2 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 3 #endif /** * \brief Callback type: server-side session cache getter diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index bb7e14bea..8879c44af 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1176,7 +1176,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_ON; /* We're using rejected once we send the EarlyData extension, and change it to accepted upon receipt of the server extension. */ - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_REJECTED; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; } else { From ecc2948f211627acb21d4d9b7b003543f84f0692 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 2 Nov 2022 07:52:47 +0000 Subject: [PATCH 07/29] Fix format issues Signed-off-by: Xiaokang Qian --- include/mbedtls/ssl.h | 1 - library/ssl_misc.h | 7 ++++--- library/ssl_tls13_client.c | 8 +++----- library/ssl_tls13_generic.c | 5 ++--- 4 files changed, 9 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 92ab1a390..f1d16bc60 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1949,7 +1949,6 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); */ void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf, int early_data_enabled ); - #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA */ #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index d454ebb51..581e1534c 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2058,9 +2058,10 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( #endif /* MBEDTLS_ECDH_C */ #if defined(MBEDTLS_SSL_EARLY_DATA) -int mbedtls_ssl_tls13_write_early_data_ext( - mbedtls_ssl_context *ssl, - unsigned char *buf, const unsigned char *end, size_t *olen); +int mbedtls_ssl_tls13_write_early_data_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *out_len ); #endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 8879c44af..c019db2fa 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -693,7 +693,6 @@ static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg( int ciphersuite ) } #if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl ) { mbedtls_ssl_session *session = ssl->session_negotiate; @@ -1094,8 +1093,7 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_SESSION_TICKETS) - if( selected_identity == 0 && - ssl_tls13_has_configured_ticket( ssl ) ) + if( selected_identity == 0 && ssl_tls13_has_configured_ticket( ssl ) ) { ret = ssl_tls13_ticket_get_psk( ssl, &hash_alg, &psk, &psk_len ); } @@ -1174,8 +1172,8 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, p += ext_len; ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_ON; - /* We're using rejected once we send the EarlyData extension, - and change it to accepted upon receipt of the server extension. */ + /* Initializes the status to `rejected`. Changes it to `accepted` + * when `early_data` is received in EncryptedExtesion. */ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index a27315102..04790387a 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1374,11 +1374,11 @@ cleanup: #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ -/* Early Data Extension +/* Early Data Indication Extension * * struct { * select ( Handshake.msg_type ) { - * case new_session_ticket: uint32 max_early_data_size; + * ... * case client_hello: Empty; * case encrypted_extensions: Empty; * }; @@ -1399,7 +1399,6 @@ int mbedtls_ssl_tls13_write_early_data_ext( mbedtls_ssl_context *ssl, 3, ( "client hello, adding early_data extension" ) ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EARLY_DATA, p, 0 ); - /* Write length of the early data indication extension */ MBEDTLS_PUT_UINT16_BE( 0, p, 2 ); *out_len = 4; From b0c32d8b20d729cad83cb786bf2c1cca7a8fde4c Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 2 Nov 2022 10:51:13 +0000 Subject: [PATCH 08/29] Update early data test cases Signed-off-by: Xiaokang Qian --- tests/ssl-opt.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 14123fa9a..868de81d2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -80,14 +80,14 @@ fi if [ -n "${OPENSSL_NEXT:-}" ]; then O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key" - O_NEXT_SRV_NO_WWW="$OPENSSL_NEXT s_server -cert data_files/server5.crt -key data_files/server5.key" + O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert data_files/server5.crt -key data_files/server5.key" O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www " O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile data_files/test-ca_cat12.crt" O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client" else O_NEXT_SRV=false O_NEXT_SRV_NO_CERT=false - O_NEXT_SRV_NO_WWW=false + O_NEXT_SRV_EARLY_DATA=false O_NEXT_CLI_NO_CERT=false O_NEXT_CLI=false fi @@ -1692,7 +1692,7 @@ fi if [ -n "${OPENSSL_NEXT:-}" ]; then O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT" - O_NEXT_SRV_NO_WWW="$O_NEXT_SRV_NO_WWW -accept $SRV_PORT" + O_NEXT_SRV_EARLY_DATA="$O_NEXT_SRV_EARLY_DATA -accept $SRV_PORT" O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT" O_NEXT_CLI_NO_CERT="$O_NEXT_CLI_NO_CERT -connect 127.0.0.1:+SRV_PORT" fi @@ -13049,8 +13049,8 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_EARLY_DATA run_test "TLS 1.3, ext PSK, early data" \ - "$O_NEXT_SRV_NO_WWW -msg -debug -tls1_3 -early_data -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ - "$P_CLI nbio=2 debug_level=5 force_version=tls13 tls13_kex_modes=psk early_data=1 psk=010203 psk_identity=0a0b0c" \ + "$O_NEXT_SRV_EARLY_DATA -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ + "$P_CLI debug_level=5 force_version=tls13 tls13_kex_modes=psk early_data=1 psk=010203 psk_identity=0a0b0c" \ 1 \ -c "=> write client hello" \ -c "client hello, adding early_data extension" \ From 01323a46c6f7e8a2b39b78a3458b456d88c41be6 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 3 Nov 2022 02:27:35 +0000 Subject: [PATCH 09/29] Add session ticket related check when send early data Signed-off-by: Xiaokang Qian --- library/ssl_tls13_client.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index c019db2fa..9434c2b08 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -700,6 +700,18 @@ static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl ) session != NULL && session->ticket != NULL ); } +#if defined(MBEDTLS_SSL_EARLY_DATA) +static int ssl_tls13_early_data_ticket_verify( mbedtls_ssl_context *ssl ) +{ + mbedtls_ssl_session *session = ssl->session_negotiate; + return( ssl->handshake->resume && + session != NULL && session->ticket != NULL && + session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && + mbedtls_ssl_tls13_cipher_suite_is_offered( + ssl, session->ciphersuite ) ); +} +#endif + MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl, psa_algorithm_t *hash_alg, @@ -1162,8 +1174,11 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) if( mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) && - ( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 1 || - ssl_tls13_has_configured_ticket( ssl ) ) && + ( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 1 +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + || ssl_tls13_early_data_ticket_verify( ssl ) +#endif + ) && ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED ) { ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, p, end, &ext_len ); From a341225fd03a96051b482e0fd64623c464885864 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Fri, 4 Nov 2022 10:13:19 +0000 Subject: [PATCH 10/29] Change function name ssl_tls13_early_data_has_valid_ticket Signed-off-by: Xiaokang Qian --- library/ssl_tls13_client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 9434c2b08..b539f8ff4 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -701,7 +701,7 @@ static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_EARLY_DATA) -static int ssl_tls13_early_data_ticket_verify( mbedtls_ssl_context *ssl ) +static int ssl_tls13_early_data_has_valid_ticket( mbedtls_ssl_context *ssl ) { mbedtls_ssl_session *session = ssl->session_negotiate; return( ssl->handshake->resume && @@ -1176,7 +1176,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, if( mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) && ( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 1 #if defined(MBEDTLS_SSL_SESSION_TICKETS) - || ssl_tls13_early_data_ticket_verify( ssl ) + || ssl_tls13_early_data_has_valid_ticket( ssl ) #endif ) && ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED ) From f447e8a8d38730cb0973888cfd1cce818942c290 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Tue, 8 Nov 2022 07:02:27 +0000 Subject: [PATCH 11/29] Address comments base on reviews Improve early data indication check Update test case to gnutls server Signed-off-by: Xiaokang Qian --- include/mbedtls/ssl.h | 23 ++++++++++++++++------- library/ssl_debug_helpers.h | 5 +++++ library/ssl_misc.h | 7 ------- library/ssl_tls13_client.c | 22 ++++++++++++---------- tests/ssl-opt.sh | 14 +++++++------- 5 files changed, 40 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index f1d16bc60..080474613 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -802,11 +802,23 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; #endif #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) -#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN 0 -#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 1 -#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 2 -#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 3 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN 0 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 1 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT 2 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 3 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 4 #endif + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) + +typedef enum +{ + MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA = 1, + MBEDTLS_SSL_TICKET_ALLOW_DHE_RESUMPTION = 2, + MBEDTLS_SSL_TICKET_ALLOW_PSK_RESUMPTION = 4, +} mbedtls_ssl_ticket_flags; + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ /** * \brief Callback type: server-side session cache getter * @@ -1790,9 +1802,6 @@ struct mbedtls_ssl_context #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) - /* - * early data request status - */ int MBEDTLS_PRIVATE(early_data_status); #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */ diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 4412f8e21..9efbbbcd2 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -33,6 +33,11 @@ const char *mbedtls_ssl_states_str( mbedtls_ssl_states in ); +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) +const char *mbedtls_ssl_ticket_flags_str( mbedtls_ssl_ticket_flags in ); +#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_3) && + defined(MBEDTLS_SSL_SESSION_TICKETS) */ + const char *mbedtls_ssl_protocol_version_str( mbedtls_ssl_protocol_version in ); const char *mbedtls_tls_prf_types_str( mbedtls_tls_prf_types in ); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 581e1534c..342cabb3a 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -991,13 +991,6 @@ struct mbedtls_ssl_handshake_params } tls13_master_secrets; mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - int early_data; /*!< Early data indication: - * 0 -- MBEDTLS_SSL_EARLY_DATA_DISABLED (for no early data), and - * 1 -- MBEDTLS_SSL_EARLY_DATA_ENABLED (for use early data) - */ -#endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index b539f8ff4..46c7c4589 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -705,8 +705,8 @@ static int ssl_tls13_early_data_has_valid_ticket( mbedtls_ssl_context *ssl ) { mbedtls_ssl_session *session = ssl->session_negotiate; return( ssl->handshake->resume && - session != NULL && session->ticket != NULL && session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && + ( session->ticket_flags & MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA ) && mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, session->ciphersuite ) ); } @@ -1174,11 +1174,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) if( mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) && - ( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 1 -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - || ssl_tls13_early_data_has_valid_ticket( ssl ) -#endif - ) && + ssl_tls13_early_data_has_valid_ticket( ssl ) && ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED ) { ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, p, end, &ext_len ); @@ -1186,15 +1182,14 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, return( ret ); p += ext_len; - ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_ON; - /* Initializes the status to `rejected`. Changes it to `accepted` + /* Initializes the status to `indication sent`. Changes it to `accepted` * when `early_data` is received in EncryptedExtesion. */ - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT; } else { MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write early_data extension" ) ); - ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_OFF; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -2543,6 +2538,13 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, switch( extension_type ) { + case MBEDTLS_TLS_EXT_EARLY_DATA: + MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) ); + if( extension_data_len == 4 && ssl->session != NULL) + ssl->session->ticket_flags |= + MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA; + break; + default: MBEDTLS_SSL_PRINT_EXT( 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 868de81d2..b6c3982d8 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13042,15 +13042,15 @@ run_test "TLS 1.3: NewSessionTicket: servername negative check, m->m" \ -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \ -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" -requires_openssl_next -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -run_test "TLS 1.3, ext PSK, early data" \ - "$O_NEXT_SRV_EARLY_DATA -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ - "$P_CLI debug_level=5 force_version=tls13 tls13_kex_modes=psk early_data=1 psk=010203 psk_identity=0a0b0c" \ +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3: NewSessionTicket: early data, m->G" \ + "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+PSK --earlydata --disable-client-cert" \ + "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \ 1 \ -c "=> write client hello" \ -c "client hello, adding early_data extension" \ From a042b8406d0ec8489eceff88e27c5583577bab26 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 9 Nov 2022 01:59:33 +0000 Subject: [PATCH 12/29] Address some format issues Signed-off-by: Xiaokang Qian --- library/ssl_misc.h | 4 ---- library/ssl_tls13_client.c | 8 +++++--- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 342cabb3a..4d7f63547 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -77,10 +77,6 @@ /* Faked handshake message identity for HelloRetryRequest. */ #define MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST ( -MBEDTLS_SSL_HS_SERVER_HELLO ) -/* Early data indication sent or not */ -#define MBEDTLS_SSL_EARLY_DATA_OFF 0 -#define MBEDTLS_SSL_EARLY_DATA_ON 1 - /* * Internal identity of handshake extensions */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 46c7c4589..f68b24080 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1182,8 +1182,10 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, return( ret ); p += ext_len; - /* Initializes the status to `indication sent`. Changes it to `accepted` - * when `early_data` is received in EncryptedExtesion. */ + /* Initializes the status to `indication sent`. It will be updated to + * `accepted` or `rejected` depend on whether the EncryptedExtension + * message will contain an early data indication extension or not. + */ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT; } else @@ -2540,7 +2542,7 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, { case MBEDTLS_TLS_EXT_EARLY_DATA: MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) ); - if( extension_data_len == 4 && ssl->session != NULL) + if( extension_data_len == 4 && ssl->session != NULL ) ssl->session->ticket_flags |= MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA; break; From 097771672d0923b10d7eb44bc689e3f0ff717bce Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 9 Nov 2022 03:46:23 +0000 Subject: [PATCH 13/29] Update early data document and prerequisites check Signed-off-by: Xiaokang Qian --- include/mbedtls/build_info.h | 4 ++++ include/mbedtls/check_config.h | 5 +++-- include/mbedtls/mbedtls_config.h | 5 ++++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index f1bb52770..71f5bffd2 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -119,6 +119,10 @@ #undef MBEDTLS_SSL_EARLY_DATA #endif +#if !defined(MBEDTLS_SSL_SESSION_TICKETS) +#undef MBEDTLS_SSL_EARLY_DATA +#endif + #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index d36db4a9e..4eb1528bb 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -844,8 +844,9 @@ /* Early data requires PSK related mode defined */ #if defined(MBEDTLS_SSL_EARLY_DATA) && \ - ( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \ - !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)) + ( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \ + ( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \ + !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) ) ) #error "MBEDTLS_SSL_EARLY_DATA defined, but not all prerequisites" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index b4c863521..93ca9b58a 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1641,7 +1641,10 @@ * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED * * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3 -* is not enabled, this option does not have any effect on the build. +* is not enabled or both MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED and +* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED are disabled or +* MBEDTLS_SSL_SESSION_TICKETS is not enabled, this option does not have any +* effect on the build. * * This feature is experimental, not completed and thus not ready for * production. From 50a47940b60d0dcb104bfcd3d0300df95e6e95d8 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 9 Nov 2022 03:58:41 +0000 Subject: [PATCH 14/29] Update early data test case with gnutls Signed-off-by: Xiaokang Qian --- tests/ssl-opt.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b6c3982d8..ccca83b73 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13048,14 +13048,15 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: NewSessionTicket: early data, m->G" \ +run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+PSK --earlydata --disable-client-cert" \ "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \ 1 \ - -c "=> write client hello" \ - -c "client hello, adding early_data extension" \ - -c "<= write client hello" \ - -c "client state: MBEDTLS_SSL_SERVER_HELLO" + -c "client hello, adding early_data extension" \ + -c "Reconnecting with saved session" \ + -c "unsupported extension found: 42" \ + -s "Parsing extension 'Early Data/42' (0 bytes)" \ + -s "Sending extension Early Data/42 (0 bytes)" # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 From 29ee43c0e17d4c1a7bf3b1c47d54e14d8ae73bb7 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 9 Nov 2022 07:39:57 +0000 Subject: [PATCH 15/29] Update document base on comments Signed-off-by: Xiaokang Qian --- include/mbedtls/mbedtls_config.h | 3 ++- include/mbedtls/ssl.h | 9 +++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 93ca9b58a..e3bae2cf8 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1637,7 +1637,8 @@ * * Enable support for RFC 8446 TLS 1.3 early data. * -* Requires: MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or +* Requires: MBEDTLS_SSL_SESSION_TICKETS and either +* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED * * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 080474613..1ae441caa 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -802,6 +802,15 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; #endif #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) +/* Define the status of early data. + * MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN : Initilized. + * MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT: Have sent early data + * indication in client hello successfully. + * MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT: Have sent client hello without + * data indication. + * MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED: Server side reject the early data. + * MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED: Server side accept the early data. + */ #define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN 0 #define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 1 #define MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT 2 From 2d87a9eeb551fe6d5c447374283eb163f33ab4a9 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 9 Nov 2022 07:55:48 +0000 Subject: [PATCH 16/29] Pend one alert in case wrong EXT_EARLY_DATA length Signed-off-by: Xiaokang Qian --- library/ssl_tls13_client.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index f68b24080..4935fbf4e 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2542,9 +2542,18 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, { case MBEDTLS_TLS_EXT_EARLY_DATA: MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) ); - if( extension_data_len == 4 && ssl->session != NULL ) + if( extension_data_len != 4 ) + { + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, + MBEDTLS_ERR_SSL_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + } + if( ssl->session != NULL ) + { ssl->session->ticket_flags |= MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA; + } break; default: From ae07cd995a7cb20f570a00dfaaf4d03cdc1ae422 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 9 Nov 2022 08:09:47 +0000 Subject: [PATCH 17/29] Change ticket_flag base on review Signed-off-by: Xiaokang Qian --- include/mbedtls/ssl.h | 10 ++++------ library/ssl_debug_helpers.h | 5 ----- library/ssl_tls13_client.c | 5 +++-- 3 files changed, 7 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1ae441caa..8b1ed23d1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -820,12 +820,10 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -typedef enum -{ - MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA = 1, - MBEDTLS_SSL_TICKET_ALLOW_DHE_RESUMPTION = 2, - MBEDTLS_SSL_TICKET_ALLOW_PSK_RESUMPTION = 4, -} mbedtls_ssl_ticket_flags; +typedef uint8_t mbedtls_ssl_tls13_ticket_flags; +#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION ( 1u << 0 ) +#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION ( 1u << 2 ) +#define MBEDTLS_SSL_TLS1_3_TICKET_HAS_EARLY_DATA_INDACTION ( 1u << 3 ) #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ /** diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 9efbbbcd2..4412f8e21 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -33,11 +33,6 @@ const char *mbedtls_ssl_states_str( mbedtls_ssl_states in ); -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -const char *mbedtls_ssl_ticket_flags_str( mbedtls_ssl_ticket_flags in ); -#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_3) && - defined(MBEDTLS_SSL_SESSION_TICKETS) */ - const char *mbedtls_ssl_protocol_version_str( mbedtls_ssl_protocol_version in ); const char *mbedtls_tls_prf_types_str( mbedtls_tls_prf_types in ); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 4935fbf4e..aea7adab0 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -706,7 +706,8 @@ static int ssl_tls13_early_data_has_valid_ticket( mbedtls_ssl_context *ssl ) mbedtls_ssl_session *session = ssl->session_negotiate; return( ssl->handshake->resume && session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - ( session->ticket_flags & MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA ) && + ( session->ticket_flags & + MBEDTLS_SSL_TLS1_3_TICKET_HAS_EARLY_DATA_INDACTION ) && mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, session->ciphersuite ) ); } @@ -2552,7 +2553,7 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, if( ssl->session != NULL ) { ssl->session->ticket_flags |= - MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA; + MBEDTLS_SSL_TLS1_3_TICKET_HAS_EARLY_DATA_INDACTION; } break; From fe3483f9a142ca019c5371d04a3b83e084289cf7 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 9 Nov 2022 10:45:23 +0000 Subject: [PATCH 18/29] Update early data doument and config dependencies Signed-off-by: Xiaokang Qian --- include/mbedtls/build_info.h | 4 ---- include/mbedtls/check_config.h | 7 ++----- include/mbedtls/mbedtls_config.h | 9 +++------ include/mbedtls/ssl.h | 13 ++----------- library/ssl_tls13_client.c | 6 +++--- 5 files changed, 10 insertions(+), 29 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 71f5bffd2..f1bb52770 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -119,10 +119,6 @@ #undef MBEDTLS_SSL_EARLY_DATA #endif -#if !defined(MBEDTLS_SSL_SESSION_TICKETS) -#undef MBEDTLS_SSL_EARLY_DATA -#endif - #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 4eb1528bb..4c4bde49b 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -842,11 +842,8 @@ "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx" #endif -/* Early data requires PSK related mode defined */ -#if defined(MBEDTLS_SSL_EARLY_DATA) && \ - ( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \ - ( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \ - !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) ) ) +/* Early data requires MBEDTLS_SSL_SESSION_TICKETS defined */ +#if defined(MBEDTLS_SSL_EARLY_DATA) && !defined(MBEDTLS_SSL_SESSION_TICKETS) #error "MBEDTLS_SSL_EARLY_DATA defined, but not all prerequisites" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index e3bae2cf8..3c4697175 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1637,15 +1637,12 @@ * * Enable support for RFC 8446 TLS 1.3 early data. * -* Requires: MBEDTLS_SSL_SESSION_TICKETS and either -* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or -* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +* Requires: MBEDTLS_SSL_SESSION_TICKETS * * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3 * is not enabled or both MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED and -* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED are disabled or -* MBEDTLS_SSL_SESSION_TICKETS is not enabled, this option does not have any -* effect on the build. +* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED are disabled, +* this option does not have any effect on the build. * * This feature is experimental, not completed and thus not ready for * production. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8b1ed23d1..16de0f806 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -802,15 +802,6 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; #endif #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) -/* Define the status of early data. - * MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN : Initilized. - * MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT: Have sent early data - * indication in client hello successfully. - * MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT: Have sent client hello without - * data indication. - * MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED: Server side reject the early data. - * MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED: Server side accept the early data. - */ #define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN 0 #define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 1 #define MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT 2 @@ -822,8 +813,8 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; typedef uint8_t mbedtls_ssl_tls13_ticket_flags; #define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION ( 1u << 0 ) -#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION ( 1u << 2 ) -#define MBEDTLS_SSL_TLS1_3_TICKET_HAS_EARLY_DATA_INDACTION ( 1u << 3 ) +#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION ( 1u << 1 ) +#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ( 1u << 2 ) #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ /** diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index aea7adab0..405cce031 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -707,7 +707,7 @@ static int ssl_tls13_early_data_has_valid_ticket( mbedtls_ssl_context *ssl ) return( ssl->handshake->resume && session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && ( session->ticket_flags & - MBEDTLS_SSL_TLS1_3_TICKET_HAS_EARLY_DATA_INDACTION ) && + MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ) && mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, session->ciphersuite ) ); } @@ -1184,7 +1184,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, p += ext_len; /* Initializes the status to `indication sent`. It will be updated to - * `accepted` or `rejected` depend on whether the EncryptedExtension + * `accepted` or `rejected` depending on whether the EncryptedExtension * message will contain an early data indication extension or not. */ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT; @@ -2553,7 +2553,7 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, if( ssl->session != NULL ) { ssl->session->ticket_flags |= - MBEDTLS_SSL_TLS1_3_TICKET_HAS_EARLY_DATA_INDACTION; + MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA; } break; From de95604f6c144807b315f3b3625b540729cbf7b7 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 10 Nov 2022 03:11:54 +0000 Subject: [PATCH 19/29] Update ticket_flags related macros Signed-off-by: Xiaokang Qian --- include/mbedtls/ssl.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 16de0f806..02685e1f8 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -812,9 +812,12 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) typedef uint8_t mbedtls_ssl_tls13_ticket_flags; -#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION ( 1u << 0 ) -#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION ( 1u << 1 ) -#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ( 1u << 2 ) +#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK +#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL +#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA \ + MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION << 1 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ /** From 402bb1ee905e43410ddb442b8070f901677e7416 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 10 Nov 2022 10:38:17 +0000 Subject: [PATCH 20/29] Update documents and check Signed-off-by: Xiaokang Qian --- include/mbedtls/build_info.h | 4 ---- include/mbedtls/check_config.h | 9 +++++++-- include/mbedtls/mbedtls_config.h | 8 ++++---- tests/configs/tls13-only.h | 1 - 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index f1bb52770..170cbebbe 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -112,10 +112,6 @@ #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -#endif - -#if !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \ - !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) #undef MBEDTLS_SSL_EARLY_DATA #endif diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 4c4bde49b..f932901ec 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -842,8 +842,13 @@ "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx" #endif -/* Early data requires MBEDTLS_SSL_SESSION_TICKETS defined */ -#if defined(MBEDTLS_SSL_EARLY_DATA) && !defined(MBEDTLS_SSL_SESSION_TICKETS) +/* Early data requires MBEDTLS_SSL_SESSION_TICKETS and SOME_PSK related + * mode defined + */ +#if defined(MBEDTLS_SSL_EARLY_DATA) && \ + ( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \ + ( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \ + !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) ) ) #error "MBEDTLS_SSL_EARLY_DATA defined, but not all prerequisites" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 3c4697175..12d503e38 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1637,12 +1637,12 @@ * * Enable support for RFC 8446 TLS 1.3 early data. * -* Requires: MBEDTLS_SSL_SESSION_TICKETS +* Requires: MBEDTLS_SSL_SESSION_TICKETS and either +* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or +* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED * * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3 -* is not enabled or both MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED and -* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED are disabled, -* this option does not have any effect on the build. +* is not enabled, this option does not have any effect on the build. * * This feature is experimental, not completed and thus not ready for * production. diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index a4dcb92ba..7483f1cd9 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -24,7 +24,6 @@ /* Enable TLS 1.3 and core 1.3 features */ #define MBEDTLS_SSL_PROTO_TLS1_3 -#define MBEDTLS_SSL_EARLY_DATA #define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE /* Disable TLS 1.2 and 1.2-specific features */ From 9a0aafbe79dc362aecd284a6e24ff3c52949bc89 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 10 Nov 2022 10:45:43 +0000 Subject: [PATCH 21/29] Enable/disable MBEDTLS_SSL_EARLY_DATA for cases in ssl-opt.sh Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 7 +++++++ tests/scripts/all.sh | 3 +++ tests/ssl-opt.sh | 9 +++++---- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 9685e69d4..186ac18de 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -64,6 +64,7 @@ int main( void ) #define DFL_KEY_OPAQUE 0 #define DFL_KEY_PWD "" #define DFL_PSK "" +#define DFL_EARLY_DATA MBEDTLS_SSL_EARLY_DATA_DISABLED #define DFL_PSK_OPAQUE 0 #define DFL_PSK_IDENTITY "Client_identity" #define DFL_ECJPAKE_PW NULL @@ -430,6 +431,7 @@ int main( void ) USAGE_REPRODUCIBLE \ USAGE_CURVES \ USAGE_SIG_ALGS \ + USAGE_EARLY_DATA \ USAGE_DHMLEN \ USAGE_KEY_OPAQUE_ALGS \ "\n" @@ -541,7 +543,9 @@ struct options * after renegotiation */ int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ +#if defined(MBEDTLS_SSL_EARLY_DATA) int early_data; /* support for early data */ +#endif int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ int force_srtp_profile; /* SRTP protection profile to use or all */ @@ -941,6 +945,9 @@ int main( int argc, char *argv[] ) opt.alpn_string = DFL_ALPN_STRING; opt.curves = DFL_CURVES; opt.sig_algs = DFL_SIG_ALGS; +#if defined(MBEDTLS_SSL_EARLY_DATA) + opt.early_data = DFL_EARLY_DATA; +#endif opt.transport = DFL_TRANSPORT; opt.hs_to_min = DFL_HS_TO_MIN; opt.hs_to_max = DFL_HS_TO_MAX; diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9295c9d00..32e920d22 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2105,6 +2105,7 @@ component_test_psa_crypto_config_accel_hash_use_psa () { scripts/config.py unset MBEDTLS_HKDF_C # has independent PSA implementation scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC + scripts/config.py unset MBEDTLS_SSL_EARLY_DATA scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_DETERMINISTIC_ECDSA loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" @@ -3221,6 +3222,7 @@ component_build_armcc () { component_test_tls13_only () { msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2" + scripts/config.py set MBEDTLS_SSL_EARLY_DATA make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test: TLS 1.3 only, all key exchange modes enabled" @@ -3300,6 +3302,7 @@ component_test_tls13_only_psk_all () { component_test_tls13_only_ephemeral_all () { msg "build: TLS 1.3 only from default, without PSK key exchange mode" scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED + scripts/config.py set MBEDTLS_SSL_EARLY_DATA make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ccca83b73..20c1b0f4d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13047,14 +13047,15 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_EARLY_DATA run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ - "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+PSK --earlydata --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \ + "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ + "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ 1 \ -c "client hello, adding early_data extension" \ -c "Reconnecting with saved session" \ - -c "unsupported extension found: 42" \ + -c "EncryptedExtensions: early_data(42) extension is unsupported" \ -s "Parsing extension 'Early Data/42' (0 bytes)" \ -s "Sending extension Early Data/42 (0 bytes)" From 72b9b17e1120f5c4c8ff7911697c57d73a26f8ee Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Fri, 11 Nov 2022 06:08:51 +0000 Subject: [PATCH 22/29] Add comments to fix mini format issue Signed-off-by: Xiaokang Qian --- include/mbedtls/ssl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 02685e1f8..5294ec28b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -813,9 +813,9 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; typedef uint8_t mbedtls_ssl_tls13_ticket_flags; #define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK /* 1U << 0 */ #define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL /* 1U << 2 */ #define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA \ MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION << 1 From 2cd5ce0c6b41dbe69c39c3cda2bd491a04d9effb Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Tue, 15 Nov 2022 10:33:53 +0000 Subject: [PATCH 23/29] Fix various issues cause rebase to latest code Signed-off-by: Xiaokang Qian --- include/mbedtls/check_config.h | 3 --- include/mbedtls/mbedtls_config.h | 2 +- include/mbedtls/ssl.h | 7 +++++-- library/ssl_tls13_client.c | 1 - library/ssl_tls13_generic.c | 5 +++-- programs/ssl/ssl_client2.c | 12 ------------ 6 files changed, 9 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index f932901ec..391863971 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -842,9 +842,6 @@ "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx" #endif -/* Early data requires MBEDTLS_SSL_SESSION_TICKETS and SOME_PSK related - * mode defined - */ #if defined(MBEDTLS_SSL_EARLY_DATA) && \ ( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \ ( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \ diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 12d503e38..3f869b9ff 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1648,7 +1648,7 @@ * production. * */ -//#define MBEDTLS_SSL_EARLY_DATA +#define MBEDTLS_SSL_EARLY_DATA /** * \def MBEDTLS_SSL_PROTO_DTLS diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 5294ec28b..6829fd7b6 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -816,9 +816,12 @@ typedef uint8_t mbedtls_ssl_tls13_ticket_flags; MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK /* 1U << 0 */ #define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL /* 1U << 2 */ -#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA \ - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION << 1 +#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ( 1U << 3 ) +#define MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK \ + ( MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION | \ + MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION | \ + MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ) #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ /** * \brief Callback type: server-side session cache getter diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 405cce031..d276a9566 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2542,7 +2542,6 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, switch( extension_type ) { case MBEDTLS_TLS_EXT_EARLY_DATA: - MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) ); if( extension_data_len != 4 ) { MBEDTLS_SSL_PEND_FATAL_ALERT( diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 04790387a..761c00ec5 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1395,13 +1395,14 @@ int mbedtls_ssl_tls13_write_early_data_ext( mbedtls_ssl_context *ssl, ((void) ssl); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "client hello, adding early_data extension" ) ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EARLY_DATA, p, 0 ); MBEDTLS_PUT_UINT16_BE( 0, p, 2 ); *out_len = 4; + + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_EARLY_DATA ); + return( 0 ); } #endif /* MBEDTLS_SSL_EARLY_DATA */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 186ac18de..6aa295d66 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2504,12 +2504,6 @@ int main( int argc, char *argv[] ) } } -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) - /* TODO: We can log the actual early data status after we define - * the API mbedtls_ssl_get_early_data_status. - */ -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */ - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) /* * 5. Verify the server certificate @@ -3220,12 +3214,6 @@ reconnect: mbedtls_printf( " ok\n" ); -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) - /* TODO: We can log the actual early data status when reconnect - * after we define the API mbedtls_ssl_get_early_data_status. - */ -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */ - goto send_request; } From 2dbfedae4a269c72438f6fff8e5cf6974e37c1ea Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Tue, 15 Nov 2022 10:52:57 +0000 Subject: [PATCH 24/29] Update early data test cases with latest code message Signed-off-by: Xiaokang Qian --- tests/scripts/all.sh | 3 +-- tests/ssl-opt.sh | 61 +++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 59 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 32e920d22..4b6a4cbb9 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3222,7 +3222,6 @@ component_build_armcc () { component_test_tls13_only () { msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2" - scripts/config.py set MBEDTLS_SSL_EARLY_DATA make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test: TLS 1.3 only, all key exchange modes enabled" @@ -3255,6 +3254,7 @@ component_test_tls13_only_ephemeral () { msg "build: TLS 1.3 only from default, only ephemeral key exchange mode" scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED + scripts/config.py unset MBEDTLS_SSL_EARLY_DATA make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode" @@ -3302,7 +3302,6 @@ component_test_tls13_only_psk_all () { component_test_tls13_only_ephemeral_all () { msg "build: TLS 1.3 only from default, without PSK key exchange mode" scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - scripts/config.py set MBEDTLS_SSL_EARLY_DATA make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 20c1b0f4d..5576320ff 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13050,14 +13050,69 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ MBEDTLS_SSL_EARLY_DATA run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ + "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ + "$P_CLI debug_level=4 force_version=tls13 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ + 1 \ + -c "Reconnecting with saved session" \ + -c "NewSessionTicket: early_data(42) extension received." \ + -c "ClientHello: early_data(42) extension exists." \ + -c "EncryptedExtensions: early_data(42) extension received." \ + -c "EncryptedExtensions: early_data(42) extension ( ignored )." \ + -s "Parsing extension 'Early Data/42' (0 bytes)" \ + -s "Sending extension Early Data/42 (0 bytes)" \ + -s "early data accepted" + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_EARLY_DATA +run_test "TLS 1.3 m->G: EarlyData: hybrid check, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ 1 \ - -c "client hello, adding early_data extension" \ -c "Reconnecting with saved session" \ - -c "EncryptedExtensions: early_data(42) extension is unsupported" \ + -c "NewSessionTicket: early_data(42) extension received." \ + -c "ClientHello: early_data(42) extension exists." \ + -c "EncryptedExtensions: early_data(42) extension received." \ + -c "EncryptedExtensions: early_data(42) extension ( ignored )." \ -s "Parsing extension 'Early Data/42' (0 bytes)" \ - -s "Sending extension Early Data/42 (0 bytes)" + -s "Sending extension Early Data/42 (0 bytes)" \ + -s "early data accepted" + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_EARLY_DATA +run_test "TLS 1.3 m->G: EarlyData: negative check, fail" \ + "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ + "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ + 0 \ + -c "Reconnecting with saved session" \ + -C "NewSessionTicket: early_data(42) extension received." \ + -c "ClientHello: early_data(42) extension does not exist." \ + -C "EncryptedExtensions: early_data(42) extension received." \ + -C "EncryptedExtensions: early_data(42) extension ( ignored )." + +#TODO openssl compatible mode can't work currently, it will need external psk. +skip_next_test +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_EARLY_DATA +run_test "TLS 1.3, ext PSK, early data" \ + "$O_NEXT_SRV_EARLY_DATA -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ + "$P_CLI debug_level=5 force_version=tls13 tls13_kex_modes=psk early_data=1 psk=010203 psk_identity=0a0b0c" \ + 1 \ + -c "Reconnecting with saved session" \ + -c "NewSessionTicket: early_data(42) extension received." \ + -c "ClientHello: early_data(42) extension exists." \ + -c "EncryptedExtensions: early_data(42) extension received." \ + -c "EncryptedExtensions: early_data(42) extension ( ignored )." # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 From f3cefb4f4cf3b0720a6f56fe70371ba6889aefac Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 16 Nov 2022 03:23:46 +0000 Subject: [PATCH 25/29] Move early data test cases to tls13-misc.sh Signed-off-by: Xiaokang Qian --- tests/opt-testcases/tls13-misc.sh | 72 +++++++++++++++++++++++++++++++ tests/ssl-opt.sh | 72 ------------------------------- 2 files changed, 72 insertions(+), 72 deletions(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 4ad6faa48..cc650c1e1 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -282,3 +282,75 @@ run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \ 0 \ -s "key exchange mode: ephemeral$" +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_EARLY_DATA +run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ + "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ + "$P_CLI debug_level=4 force_version=tls13 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ + 1 \ + -c "Reconnecting with saved session" \ + -c "NewSessionTicket: early_data(42) extension received." \ + -c "ClientHello: early_data(42) extension exists." \ + -c "EncryptedExtensions: early_data(42) extension received." \ + -c "EncryptedExtensions: early_data(42) extension ( ignored )." \ + -s "Parsing extension 'Early Data/42' (0 bytes)" \ + -s "Sending extension Early Data/42 (0 bytes)" \ + -s "early data accepted" + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_EARLY_DATA +run_test "TLS 1.3 m->G: EarlyData: hybrid check, good" \ + "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ + "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ + 1 \ + -c "Reconnecting with saved session" \ + -c "NewSessionTicket: early_data(42) extension received." \ + -c "ClientHello: early_data(42) extension exists." \ + -c "EncryptedExtensions: early_data(42) extension received." \ + -c "EncryptedExtensions: early_data(42) extension ( ignored )." \ + -s "Parsing extension 'Early Data/42' (0 bytes)" \ + -s "Sending extension Early Data/42 (0 bytes)" \ + -s "early data accepted" + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_EARLY_DATA +run_test "TLS 1.3 m->G: EarlyData: negative check, fail" \ + "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ + "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ + 0 \ + -c "Reconnecting with saved session" \ + -C "NewSessionTicket: early_data(42) extension received." \ + -c "ClientHello: early_data(42) extension does not exist." \ + -C "EncryptedExtensions: early_data(42) extension received." \ + -C "EncryptedExtensions: early_data(42) extension ( ignored )." + +#TODO openssl compatible mode can't work currently, it will need external psk. +skip_next_test +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_EARLY_DATA +run_test "TLS 1.3, ext PSK, early data" \ + "$O_NEXT_SRV_EARLY_DATA -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ + "$P_CLI debug_level=5 force_version=tls13 tls13_kex_modes=psk early_data=1 psk=010203 psk_identity=0a0b0c" \ + 1 \ + -c "Reconnecting with saved session" \ + -c "NewSessionTicket: early_data(42) extension received." \ + -c "ClientHello: early_data(42) extension exists." \ + -c "EncryptedExtensions: early_data(42) extension received." \ + -c "EncryptedExtensions: early_data(42) extension ( ignored )." + diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5576320ff..fdbb31050 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13042,78 +13042,6 @@ run_test "TLS 1.3: NewSessionTicket: servername negative check, m->m" \ -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \ -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_EARLY_DATA -run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ - "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ - "$P_CLI debug_level=4 force_version=tls13 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ - 1 \ - -c "Reconnecting with saved session" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension exists." \ - -c "EncryptedExtensions: early_data(42) extension received." \ - -c "EncryptedExtensions: early_data(42) extension ( ignored )." \ - -s "Parsing extension 'Early Data/42' (0 bytes)" \ - -s "Sending extension Early Data/42 (0 bytes)" \ - -s "early data accepted" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_EARLY_DATA -run_test "TLS 1.3 m->G: EarlyData: hybrid check, good" \ - "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ - 1 \ - -c "Reconnecting with saved session" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension exists." \ - -c "EncryptedExtensions: early_data(42) extension received." \ - -c "EncryptedExtensions: early_data(42) extension ( ignored )." \ - -s "Parsing extension 'Early Data/42' (0 bytes)" \ - -s "Sending extension Early Data/42 (0 bytes)" \ - -s "early data accepted" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_EARLY_DATA -run_test "TLS 1.3 m->G: EarlyData: negative check, fail" \ - "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ - 0 \ - -c "Reconnecting with saved session" \ - -C "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension does not exist." \ - -C "EncryptedExtensions: early_data(42) extension received." \ - -C "EncryptedExtensions: early_data(42) extension ( ignored )." - -#TODO openssl compatible mode can't work currently, it will need external psk. -skip_next_test -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -run_test "TLS 1.3, ext PSK, early data" \ - "$O_NEXT_SRV_EARLY_DATA -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ - "$P_CLI debug_level=5 force_version=tls13 tls13_kex_modes=psk early_data=1 psk=010203 psk_identity=0a0b0c" \ - 1 \ - -c "Reconnecting with saved session" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension exists." \ - -c "EncryptedExtensions: early_data(42) extension received." \ - -c "EncryptedExtensions: early_data(42) extension ( ignored )." - # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 51c5a8b561f4e509ed69ea3761c89248410146a9 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 16 Nov 2022 08:32:51 +0000 Subject: [PATCH 26/29] Update ticket flag macros Define the ALLOW_PSK_RESUMPTION and ALLOW_PSK_EPHEMERAL_RESUMPTION to the key exchange mode EXCHANGE_MODE_PSK and EXCHANGE_MODE_PSK_EPHEMERAL to facilate later check. Since they are 1( 1u<<0 ) and 4( 1u<<2 ), so define ALLOW_EARLY_DATA to 8( 1u<<3 ). Signed-off-by: Xiaokang Qian --- include/mbedtls/ssl.h | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6829fd7b6..d0558511a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -810,19 +810,20 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) - typedef uint8_t mbedtls_ssl_tls13_ticket_flags; -#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK /* 1U << 0 */ -#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL /* 1U << 2 */ -#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ( 1U << 3 ) -#define MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK \ - ( MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION | \ - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION | \ +#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK /* 1U << 0 */ +#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL /* 1U << 2 */ +#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ( 1U << 3 ) + +#define MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK \ + ( MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION | \ + MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION | \ MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ) #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ + /** * \brief Callback type: server-side session cache getter * From 0cc4320e16fc58dfab6dbe277e4115032b9c0220 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 16 Nov 2022 08:43:50 +0000 Subject: [PATCH 27/29] Add EARLY_DATA guard to the early data extension in session ticket Signed-off-by: Xiaokang Qian --- library/ssl_tls13_client.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index d276a9566..0372f2d98 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2541,6 +2541,7 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, switch( extension_type ) { +#if defined(MBEDTLS_SSL_EARLY_DATA) case MBEDTLS_TLS_EXT_EARLY_DATA: if( extension_data_len != 4 ) { @@ -2555,6 +2556,7 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA; } break; +#endif /* MBEDTLS_SSL_EARLY_DATA */ default: MBEDTLS_SSL_PRINT_EXT( From e7bab00825c42bb39ed63d42a98c306cb9869edd Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 16 Nov 2022 08:51:01 +0000 Subject: [PATCH 28/29] Update enabled guards for early data cases Signed-off-by: Xiaokang Qian --- tests/opt-testcases/tls13-misc.sh | 22 +++++++++++++++------- tests/scripts/all.sh | 1 - 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index cc650c1e1..8b9d5750f 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -287,8 +287,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ MBEDTLS_SSL_EARLY_DATA +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ "$P_CLI debug_level=4 force_version=tls13 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ @@ -307,8 +308,9 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ MBEDTLS_SSL_EARLY_DATA +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "TLS 1.3 m->G: EarlyData: hybrid check, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ @@ -327,9 +329,10 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ MBEDTLS_SSL_EARLY_DATA -run_test "TLS 1.3 m->G: EarlyData: negative check, fail" \ +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good." \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ 0 \ @@ -339,11 +342,16 @@ run_test "TLS 1.3 m->G: EarlyData: negative check, fail" \ -C "EncryptedExtensions: early_data(42) extension received." \ -C "EncryptedExtensions: early_data(42) extension ( ignored )." -#TODO openssl compatible mode can't work currently, it will need external psk. +#TODO: OpenSSL tests don't work now. It might be openssl options issue, cause GnuTLS has worked. skip_next_test -requires_config_enabled MBEDTLS_SSL_SRV_C +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_EARLY_DATA +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "TLS 1.3, ext PSK, early data" \ "$O_NEXT_SRV_EARLY_DATA -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ "$P_CLI debug_level=5 force_version=tls13 tls13_kex_modes=psk early_data=1 psk=010203 psk_identity=0a0b0c" \ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4b6a4cbb9..245324a5f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2105,7 +2105,6 @@ component_test_psa_crypto_config_accel_hash_use_psa () { scripts/config.py unset MBEDTLS_HKDF_C # has independent PSA implementation scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC - scripts/config.py unset MBEDTLS_SSL_EARLY_DATA scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_DETERMINISTIC_ECDSA loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" From e9622ac4bac64a2c0b5550b30be5b23f63fa7f60 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 17 Nov 2022 09:23:32 +0000 Subject: [PATCH 29/29] Remove the fore_tls13 option case from client side Signed-off-by: Xiaokang Qian --- tests/opt-testcases/tls13-misc.sh | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 8b9d5750f..3e2fd0b20 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -291,27 +291,6 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ - "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ - "$P_CLI debug_level=4 force_version=tls13 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ - 1 \ - -c "Reconnecting with saved session" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension exists." \ - -c "EncryptedExtensions: early_data(42) extension received." \ - -c "EncryptedExtensions: early_data(42) extension ( ignored )." \ - -s "Parsing extension 'Early Data/42' (0 bytes)" \ - -s "Sending extension Early Data/42 (0 bytes)" \ - -s "early data accepted" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_EARLY_DATA -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->G: EarlyData: hybrid check, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ 1 \ @@ -332,7 +311,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_EARLY_DATA requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good." \ +run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \ 0 \