Skip to content

Commit

Permalink
Add early data indication to client side
Browse files Browse the repository at this point in the history
Add fields to mbedtls_ssl_context
Add write early data indication function
Add early data option to ssl_client2
Add test cases for early data

Signed-off-by: Xiaokang Qian <[email protected]>
  • Loading branch information
xkqian committed Oct 27, 2022
1 parent 72dbfef commit 9233497
Show file tree
Hide file tree
Showing 7 changed files with 193 additions and 0 deletions.
29 changes: 29 additions & 0 deletions include/mbedtls/ssl.h
Original file line number Diff line number Diff line change
Expand Up @@ -332,6 +332,9 @@
#define MBEDTLS_SSL_EARLY_DATA_DISABLED 0
#define MBEDTLS_SSL_EARLY_DATA_ENABLED 1

#define MBEDTLS_SSL_EARLY_DATA_OFF 0
#define MBEDTLS_SSL_EARLY_DATA_ON 1

#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0
#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1

Expand Down Expand Up @@ -801,6 +804,12 @@ typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
#endif

#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
#define MBEDTLS_SSL_EARLY_DATA_NOT_SENT 0
#define MBEDTLS_SSL_EARLY_DATA_REJECTED 1
#define MBEDTLS_SSL_EARLY_DATA_ACCEPTED 2
#endif
/**
* \brief Callback type: server-side session cache getter
*
Expand Down Expand Up @@ -1783,6 +1792,21 @@ struct mbedtls_ssl_context
* and #MBEDTLS_SSL_CID_DISABLED. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */

#if defined(MBEDTLS_SSL_EARLY_DATA)
#if defined(MBEDTLS_SSL_CLI_C)
const unsigned char* MBEDTLS_PRIVATE(early_data_buf); /*!< Pointer to early data buffer to send */
size_t MBEDTLS_PRIVATE(early_data_len); /*!< Length of early data to send */
#endif /* MBEDTLS_SSL_CLI_C */
#endif /* MBEDTLS_SSL_EARLY_DATA */

#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
/*
* early data request state
*/
int MBEDTLS_PRIVATE(early_data_status);
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */

/** Callback to export key block and master secret */
mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys);
void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
Expand Down Expand Up @@ -1936,6 +1960,11 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
*/
void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf,
int early_data_enabled );

#if defined(MBEDTLS_SSL_CLI_C)
int mbedtls_ssl_set_early_data( mbedtls_ssl_context* ssl, const unsigned char* buffer,
size_t len );
#endif /* MBEDTLS_SSL_CLI_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA */

#if defined(MBEDTLS_X509_CRT_PARSE_C)
Expand Down
14 changes: 14 additions & 0 deletions library/ssl_misc.h
Original file line number Diff line number Diff line change
Expand Up @@ -875,6 +875,15 @@ struct mbedtls_ssl_handshake_params
} tls13_master_secrets;

mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets;

#if defined(MBEDTLS_SSL_EARLY_DATA)
mbedtls_ssl_tls13_early_secrets early_secrets;

int early_data; /*!< Early data indication:
* 0 -- MBEDTLS_SSL_EARLY_DATA_DISABLED (for no early data), and
* 1 -- MBEDTLS_SSL_EARLY_DATA_ENABLED (for use early data)
*/
#endif /* MBEDTLS_SSL_EARLY_DATA */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
Expand Down Expand Up @@ -1916,6 +1925,11 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
size_t *out_len );
#endif /* MBEDTLS_ECDH_C */

#if defined(MBEDTLS_SSL_EARLY_DATA)
int mbedtls_ssl_tls13_write_early_data_ext(
mbedtls_ssl_context *ssl,
unsigned char *buf, const unsigned char *end, size_t *olen);
#endif /* MBEDTLS_SSL_EARLY_DATA */

#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

Expand Down
7 changes: 7 additions & 0 deletions library/ssl_tls13_client.c
Original file line number Diff line number Diff line change
Expand Up @@ -1153,6 +1153,13 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
}
#endif

#if defined(MBEDTLS_SSL_EARLY_DATA)
ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, p, end, &ext_len );
if( ret != 0 )
return( ret );
p += ext_len;
#endif /* MBEDTLS_SSL_EARLY_DATA */

#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/* For PSK-based key exchange we need the pre_shared_key extension
* and the psk_key_exchange_modes extension.
Expand Down
70 changes: 70 additions & 0 deletions library/ssl_tls13_generic.c
Original file line number Diff line number Diff line change
Expand Up @@ -1328,6 +1328,76 @@ int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl )

#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */

/* Early Data Extension
*
* struct {} Empty;
*
* struct {
* select ( Handshake.msg_type ) {
* case new_session_ticket: uint32 max_early_data_size;
* case client_hello: Empty;
* case encrypted_extensions: Empty;
* };
* } EarlyDataIndication;
*/
#if defined(MBEDTLS_SSL_EARLY_DATA)
int mbedtls_ssl_tls13_write_early_data_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
const unsigned char *end,
size_t *out_len )
{
unsigned char *p = buf;

*out_len = 0;

#if defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
if( !mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) ||
mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 0 ||
ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write early_data extension" ) );
ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_OFF;
return( 0 );
}
}
#endif /* MBEDTLS_SSL_CLI_C */

MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );

#if defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding early_data extension" ) );
/* We're using rejected once we send the EarlyData extension,
and change it to accepted upon receipt of the server extension. */
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_REJECTED;
}
#endif /* MBEDTLS_SSL_CLI_C */

ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_ON;

MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EARLY_DATA, p, 0 );
/* Write length of the early data indication extension */
MBEDTLS_PUT_UINT16_BE( 0, p, 2 );

*out_len = 4;
return( 0 );
}

int mbedtls_ssl_set_early_data( mbedtls_ssl_context *ssl,
const unsigned char *buffer, size_t len )
{
if( buffer == NULL || len == 0 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );

ssl->early_data_buf = buffer;
ssl->early_data_len = len;
return( 0 );
}
#endif /* MBEDTLS_SSL_EARLY_DATA */

/* Reset SSL context and update hash for handling HRR.
*
* Replace Transcript-Hash(X) by
Expand Down
54 changes: 54 additions & 0 deletions programs/ssl/ssl_client2.c
Original file line number Diff line number Diff line change
Expand Up @@ -343,6 +343,14 @@ int main( void )
#define USAGE_SERIALIZATION ""
#endif

#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define USAGE_EARLY_DATA \
" early_data=%%d default: 0 (disabled)\n" \
" options: 0 (disabled), 1 (enabled)\n"
#else
#define USAGE_EARLY_DATA ""
#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */

#define USAGE_KEY_OPAQUE_ALGS \
" key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
" comma-separated pair of values among the following:\n" \
Expand Down Expand Up @@ -530,6 +538,7 @@ struct options
* after renegotiation */
int reproducible; /* make communication reproducible */
int skip_close_notify; /* skip sending the close_notify alert */
int early_data; /* support for early data */
int query_config_mode; /* whether to read config */
int use_srtp; /* Support SRTP */
int force_srtp_profile; /* SRTP protection profile to use or all */
Expand Down Expand Up @@ -769,6 +778,9 @@ int main( int argc, char *argv[] )
rng_context_t rng;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
#if defined(MBEDTLS_SSL_EARLY_DATA)
char early_data[] = "early data test";
#endif /* MBEDTLS_SSL_EARLY_DATA */
mbedtls_ssl_session saved_session;
unsigned char *session_data = NULL;
size_t session_data_len = 0;
Expand Down Expand Up @@ -1176,7 +1188,24 @@ int main( int argc, char *argv[] )
default: goto usage;
}
}

#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_EARLY_DATA)
else if( strcmp( p, "early_data" ) == 0 )
{
switch( atoi( q ) )
{
case 0:
opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
break;
case 1:
opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
break;
default: goto usage;
}
}
#endif /* MBEDTLS_SSL_EARLY_DATA */

else if( strcmp( p, "tls13_kex_modes" ) == 0 )
{
if( strcmp( q, "psk" ) == 0 )
Expand Down Expand Up @@ -2073,6 +2102,12 @@ int main( int argc, char *argv[] )
if( opt.max_version != DFL_MAX_VERSION )
mbedtls_ssl_conf_max_tls_version( &conf, opt.max_version );

#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA)
mbedtls_ssl_tls13_conf_early_data( &conf, opt.early_data );
mbedtls_ssl_set_early_data( &ssl, (const unsigned char*) early_data,
strlen( early_data ) );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA */

if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
Expand Down Expand Up @@ -2446,6 +2481,13 @@ int main( int argc, char *argv[] )
}
}

#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
/* TODO: We can log the actual early data status after we define
* the API mbedtls_ssl_get_early_data_status.
*/
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */

#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/*
* 5. Verify the server certificate
Expand Down Expand Up @@ -3120,6 +3162,11 @@ int main( int argc, char *argv[] )
}
#endif

#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA)
mbedtls_ssl_set_early_data( &ssl, (const unsigned char*) early_data,
strlen( early_data ) );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA */

if( ( ret = mbedtls_net_connect( &server_fd,
opt.server_addr, opt.server_port,
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
Expand Down Expand Up @@ -3155,6 +3202,13 @@ int main( int argc, char *argv[] )

mbedtls_printf( " ok\n" );

#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
/* TODO: We can log the actual early data status when reconnect
* after we define the API mbedtls_ssl_get_early_data_status.
*/
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */

goto send_request;
}

Expand Down
1 change: 1 addition & 0 deletions tests/configs/tls13-only.h
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
*/

#define MBEDTLS_SSL_PROTO_TLS1_3
#define MBEDTLS_SSL_EARLY_DATA
#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE

#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
Expand Down
18 changes: 18 additions & 0 deletions tests/ssl-opt.sh
Original file line number Diff line number Diff line change
Expand Up @@ -80,12 +80,14 @@ fi

if [ -n "${OPENSSL_NEXT:-}" ]; then
O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
O_NEXT_SRV_NO_WWW="$OPENSSL_NEXT s_server -cert data_files/server5.crt -key data_files/server5.key"
O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www "
O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile data_files/test-ca_cat12.crt"
O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
else
O_NEXT_SRV=false
O_NEXT_SRV_NO_CERT=false
O_NEXT_SRV_NO_WWW=false
O_NEXT_CLI_NO_CERT=false
O_NEXT_CLI=false
fi
Expand Down Expand Up @@ -1680,6 +1682,7 @@ fi
if [ -n "${OPENSSL_NEXT:-}" ]; then
O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT"
O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT"
O_NEXT_SRV_NO_WWW="$O_NEXT_SRV_NO_WWW -accept $SRV_PORT"
O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT"
O_NEXT_CLI_NO_CERT="$O_NEXT_CLI_NO_CERT -connect 127.0.0.1:+SRV_PORT"
fi
Expand Down Expand Up @@ -13029,6 +13032,21 @@ run_test "TLS 1.3: NewSessionTicket: servername negative check, m->m" \
-s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \
-s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH"

requires_openssl_next
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_EARLY_DATA
run_test "TLS 1.3, ext PSK, early data" \
"$O_NEXT_SRV_NO_WWW -msg -debug -tls1_3 -early_data -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
"$P_CLI nbio=2 debug_level=5 force_version=tls13 tls13_kex_modes=psk early_data=1 psk=010203 psk_identity=0a0b0c" \
1 \
-c "=> write client hello" \
-c "client hello, adding early_data extension" \
-c "<= write client hello" \
-c "client state: MBEDTLS_SSL_SERVER_HELLO"

# Test heap memory usage after handshake
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_MEMORY_DEBUG
Expand Down

0 comments on commit 9233497

Please sign in to comment.