Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tls13 add early data indication #6486

Merged
Merged
Show file tree
Hide file tree
Changes from 28 commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
0e97d4d
Add early data indication to client side
xkqian Oct 24, 2022
911c0cc
Fix format issues in comments
xkqian Oct 31, 2022
893ad81
Remove useless early_secrets field
xkqian Oct 31, 2022
b781a23
Move ssl_tls13_has_configured_ticket() back to tls13 client
xkqian Nov 1, 2022
338f727
Move EARLY_DATA_OFF/ON guard to ssl_misc.h
xkqian Nov 2, 2022
7633281
Define the EARLY_DATA_STATUS
xkqian Nov 2, 2022
ecc2948
Fix format issues
xkqian Nov 2, 2022
b0c32d8
Update early data test cases
xkqian Nov 2, 2022
01323a4
Add session ticket related check when send early data
xkqian Nov 3, 2022
a341225
Change function name ssl_tls13_early_data_has_valid_ticket
xkqian Nov 4, 2022
f447e8a
Address comments base on reviews
xkqian Nov 8, 2022
a042b84
Address some format issues
xkqian Nov 9, 2022
0977716
Update early data document and prerequisites check
xkqian Nov 9, 2022
50a4794
Update early data test case with gnutls
xkqian Nov 9, 2022
29ee43c
Update document base on comments
xkqian Nov 9, 2022
2d87a9e
Pend one alert in case wrong EXT_EARLY_DATA length
xkqian Nov 9, 2022
ae07cd9
Change ticket_flag base on review
xkqian Nov 9, 2022
fe3483f
Update early data doument and config dependencies
xkqian Nov 9, 2022
de95604
Update ticket_flags related macros
xkqian Nov 10, 2022
402bb1e
Update documents and check
xkqian Nov 10, 2022
9a0aafb
Enable/disable MBEDTLS_SSL_EARLY_DATA for cases in ssl-opt.sh
xkqian Nov 10, 2022
72b9b17
Add comments to fix mini format issue
xkqian Nov 11, 2022
2cd5ce0
Fix various issues cause rebase to latest code
xkqian Nov 15, 2022
2dbfeda
Update early data test cases with latest code message
xkqian Nov 15, 2022
f3cefb4
Move early data test cases to tls13-misc.sh
xkqian Nov 16, 2022
51c5a8b
Update ticket flag macros
xkqian Nov 16, 2022
0cc4320
Add EARLY_DATA guard to the early data extension in session ticket
xkqian Nov 16, 2022
e7bab00
Update enabled guards for early data cases
xkqian Nov 16, 2022
e9622ac
Remove the fore_tls13 option case from client side
xkqian Nov 17, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions include/mbedtls/check_config.h
Original file line number Diff line number Diff line change
Expand Up @@ -842,10 +842,10 @@
"but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
#endif

/* Early data requires PSK related mode defined */
#if defined(MBEDTLS_SSL_EARLY_DATA) && \
( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \
!defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED))
( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \
( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \
!defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) ) )
yuhaoth marked this conversation as resolved.
Show resolved Hide resolved
#error "MBEDTLS_SSL_EARLY_DATA defined, but not all prerequisites"
#endif

Expand Down
5 changes: 3 additions & 2 deletions include/mbedtls/mbedtls_config.h
Original file line number Diff line number Diff line change
Expand Up @@ -1637,7 +1637,8 @@
*
* Enable support for RFC 8446 TLS 1.3 early data.
*
* Requires: MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
* Requires: MBEDTLS_SSL_SESSION_TICKETS and either
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
yuhaoth marked this conversation as resolved.
Show resolved Hide resolved
ronald-cron-arm marked this conversation as resolved.
Show resolved Hide resolved
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
ronald-cron-arm marked this conversation as resolved.
Show resolved Hide resolved
*
* Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
Expand All @@ -1647,7 +1648,7 @@
* production.
*
*/
//#define MBEDTLS_SSL_EARLY_DATA
#define MBEDTLS_SSL_EARLY_DATA

/**
* \def MBEDTLS_SSL_PROTO_DTLS
Expand Down
27 changes: 27 additions & 0 deletions include/mbedtls/ssl.h
Original file line number Diff line number Diff line change
Expand Up @@ -801,6 +801,29 @@ typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
#endif

#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN 0
#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 1
#define MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT 2
#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 3
#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 4
yuhaoth marked this conversation as resolved.
Show resolved Hide resolved
#endif

#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
typedef uint8_t mbedtls_ssl_tls13_ticket_flags;

yuhaoth marked this conversation as resolved.
Show resolved Hide resolved
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK /* 1U << 0 */
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL /* 1U << 2 */
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ( 1U << 3 )

#define MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK \
( MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION | \
MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION | \
MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA )
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
yuhaoth marked this conversation as resolved.
Show resolved Hide resolved

/**
* \brief Callback type: server-side session cache getter
*
Expand Down Expand Up @@ -1783,6 +1806,10 @@ struct mbedtls_ssl_context
* and #MBEDTLS_SSL_CID_DISABLED. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */

#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
int MBEDTLS_PRIVATE(early_data_status);
yuhaoth marked this conversation as resolved.
Show resolved Hide resolved
#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */

/** Callback to export key block and master secret */
mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys);
void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
Expand Down
6 changes: 6 additions & 0 deletions library/ssl_misc.h
Original file line number Diff line number Diff line change
Expand Up @@ -2046,6 +2046,12 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
size_t *out_len );
#endif /* MBEDTLS_ECDH_C */

#if defined(MBEDTLS_SSL_EARLY_DATA)
int mbedtls_ssl_tls13_write_early_data_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
const unsigned char *end,
size_t *out_len );
#endif /* MBEDTLS_SSL_EARLY_DATA */

#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

Expand Down
53 changes: 53 additions & 0 deletions library/ssl_tls13_client.c
Original file line number Diff line number Diff line change
Expand Up @@ -700,6 +700,19 @@ static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl )
session != NULL && session->ticket != NULL );
}

#if defined(MBEDTLS_SSL_EARLY_DATA)
static int ssl_tls13_early_data_has_valid_ticket( mbedtls_ssl_context *ssl )
{
mbedtls_ssl_session *session = ssl->session_negotiate;
return( ssl->handshake->resume &&
ronald-cron-arm marked this conversation as resolved.
Show resolved Hide resolved
session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
( session->ticket_flags &
MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ) &&
mbedtls_ssl_tls13_cipher_suite_is_offered(
ssl, session->ciphersuite ) );
ronald-cron-arm marked this conversation as resolved.
Show resolved Hide resolved
}
#endif

MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl,
psa_algorithm_t *hash_alg,
Expand Down Expand Up @@ -1160,6 +1173,29 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
}
#endif

#if defined(MBEDTLS_SSL_EARLY_DATA)
if( mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) &&
ssl_tls13_early_data_has_valid_ticket( ssl ) &&
ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED )
{
ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, p, end, &ext_len );
if( ret != 0 )
return( ret );
p += ext_len;

/* Initializes the status to `indication sent`. It will be updated to
* `accepted` or `rejected` depending on whether the EncryptedExtension
* message will contain an early data indication extension or not.
*/
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT;
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write early_data extension" ) );
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
}
#endif /* MBEDTLS_SSL_EARLY_DATA */

#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/* For PSK-based key exchange we need the pre_shared_key extension
* and the psk_key_exchange_modes extension.
Expand Down Expand Up @@ -2505,6 +2541,23 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl,

switch( extension_type )
{
#if defined(MBEDTLS_SSL_EARLY_DATA)
case MBEDTLS_TLS_EXT_EARLY_DATA:
yuhaoth marked this conversation as resolved.
Show resolved Hide resolved
if( extension_data_len != 4 )
{
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
MBEDTLS_ERR_SSL_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
if( ssl->session != NULL )
{
ssl->session->ticket_flags |=
MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA;
yuhaoth marked this conversation as resolved.
Show resolved Hide resolved
}
yuhaoth marked this conversation as resolved.
Show resolved Hide resolved
break;
#endif /* MBEDTLS_SSL_EARLY_DATA */

yuhaoth marked this conversation as resolved.
Show resolved Hide resolved
default:
MBEDTLS_SSL_PRINT_EXT(
3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
Expand Down
33 changes: 33 additions & 0 deletions library/ssl_tls13_generic.c
Original file line number Diff line number Diff line change
Expand Up @@ -1374,6 +1374,39 @@ int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl )

#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */

/* Early Data Indication Extension
*
* struct {
* select ( Handshake.msg_type ) {
* ...
* case client_hello: Empty;
* case encrypted_extensions: Empty;
* };
* } EarlyDataIndication;
*/
#if defined(MBEDTLS_SSL_EARLY_DATA)
int mbedtls_ssl_tls13_write_early_data_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
const unsigned char *end,
size_t *out_len )
{
unsigned char *p = buf;
*out_len = 0;
((void) ssl);

MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );

MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EARLY_DATA, p, 0 );
MBEDTLS_PUT_UINT16_BE( 0, p, 2 );

*out_len = 4;
yuhaoth marked this conversation as resolved.
Show resolved Hide resolved

mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_EARLY_DATA );

return( 0 );
}
#endif /* MBEDTLS_SSL_EARLY_DATA */

/* Reset SSL context and update hash for handling HRR.
*
* Replace Transcript-Hash(X) by
Expand Down
37 changes: 37 additions & 0 deletions programs/ssl/ssl_client2.c
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ int main( void )
#define DFL_KEY_OPAQUE 0
#define DFL_KEY_PWD ""
#define DFL_PSK ""
#define DFL_EARLY_DATA MBEDTLS_SSL_EARLY_DATA_DISABLED
#define DFL_PSK_OPAQUE 0
#define DFL_PSK_IDENTITY "Client_identity"
#define DFL_ECJPAKE_PW NULL
Expand Down Expand Up @@ -344,6 +345,14 @@ int main( void )
#define USAGE_SERIALIZATION ""
#endif

#if defined(MBEDTLS_SSL_EARLY_DATA)
#define USAGE_EARLY_DATA \
" early_data=%%d default: 0 (disabled)\n" \
" options: 0 (disabled), 1 (enabled)\n"
yuhaoth marked this conversation as resolved.
Show resolved Hide resolved
#else
#define USAGE_EARLY_DATA ""
#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */

#define USAGE_KEY_OPAQUE_ALGS \
" key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
" comma-separated pair of values among the following:\n" \
Expand Down Expand Up @@ -422,6 +431,7 @@ int main( void )
USAGE_REPRODUCIBLE \
USAGE_CURVES \
USAGE_SIG_ALGS \
USAGE_EARLY_DATA \
USAGE_DHMLEN \
USAGE_KEY_OPAQUE_ALGS \
"\n"
Expand Down Expand Up @@ -533,6 +543,9 @@ struct options
* after renegotiation */
int reproducible; /* make communication reproducible */
int skip_close_notify; /* skip sending the close_notify alert */
#if defined(MBEDTLS_SSL_EARLY_DATA)
int early_data; /* support for early data */
#endif
int query_config_mode; /* whether to read config */
int use_srtp; /* Support SRTP */
int force_srtp_profile; /* SRTP protection profile to use or all */
Expand Down Expand Up @@ -932,6 +945,9 @@ int main( int argc, char *argv[] )
opt.alpn_string = DFL_ALPN_STRING;
opt.curves = DFL_CURVES;
opt.sig_algs = DFL_SIG_ALGS;
#if defined(MBEDTLS_SSL_EARLY_DATA)
opt.early_data = DFL_EARLY_DATA;
#endif
opt.transport = DFL_TRANSPORT;
opt.hs_to_min = DFL_HS_TO_MIN;
opt.hs_to_max = DFL_HS_TO_MAX;
Expand Down Expand Up @@ -1189,7 +1205,24 @@ int main( int argc, char *argv[] )
default: goto usage;
}
}

#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_EARLY_DATA)
else if( strcmp( p, "early_data" ) == 0 )
{
switch( atoi( q ) )
{
case 0:
opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
break;
case 1:
opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
break;
default: goto usage;
}
}
#endif /* MBEDTLS_SSL_EARLY_DATA */

else if( strcmp( p, "tls13_kex_modes" ) == 0 )
{
if( strcmp( q, "psk" ) == 0 )
Expand Down Expand Up @@ -2091,6 +2124,10 @@ int main( int argc, char *argv[] )
if( opt.max_version != DFL_MAX_VERSION )
mbedtls_ssl_conf_max_tls_version( &conf, opt.max_version );

#if defined(MBEDTLS_SSL_EARLY_DATA)
mbedtls_ssl_tls13_conf_early_data( &conf, opt.early_data );
#endif /* MBEDTLS_SSL_EARLY_DATA */

if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
Expand Down
80 changes: 80 additions & 0 deletions tests/opt-testcases/tls13-misc.sh
Original file line number Diff line number Diff line change
Expand Up @@ -282,3 +282,83 @@ run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \
0 \
-s "key exchange mode: ephemeral$"

requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
MBEDTLS_SSL_EARLY_DATA
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: EarlyData: basic check, good" \
"$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \
"$P_CLI debug_level=4 force_version=tls13 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We try usually to force the TLS 1.3 version only on the server side thus like in the following test. That way when both TLS 1.2 and TLS 1.3 are enabled in the build the "hybrid" test is run and when only TLS 1.3 is enabled the test corresponding to TLS 1.3 being forced on the client side is run. Thus, I think we should just remove this one.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just remember in kex exchange mode tests, we remove the force_version=tls13 in client side. To keep aligned, I prefer to remove this case. How about your opinion? @yuhaoth

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For this PR, it is okay to remove it for me.
It should be added in Write APP data

https://datatracker.ietf.org/doc/html/rfc8446#appendix-A.2 shows early data can be sent after ClientHello. It is Okay for TLS1.3 only. But for hybrid mode, it might cause problem. That's why suggest add hybrid tests.

And I do not think we should postpone write app data like prototype, it does not match RFC. This point has been raised in GnuTLS https://gitlab.com/gnutls/gnutls/-/issues/1146.

Copy link
Contributor Author

@xkqian xkqian Nov 17, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For this PR, it is okay to remove it for me. It should be added in Write APP data

So I will remove the test case with -force_version=tls13, and only leave the test case which you said "hibrid case" as basic case.

https://datatracker.ietf.org/doc/html/rfc8446#appendix-A.2 shows early data can be sent after ClientHello. It is Okay for TLS1.3 only. But for hybrid mode, it might cause problem. That's why suggest add hybrid tests.

We will leave the "hibrid case" there. Can you eleborate the problems?

And I do not think we should postpone write app data like prototype, it does not match RFC. This point has been raised in GnuTLS https://gitlab.com/gnutls/gnutls/-/issues/1146.

Seems it's related with wrte early data, can we leave the comment to this PR #6542

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I will remove the test case with -force_version=tls13, and only leave the test case which you said "hibrid case" as basic case.

Okay.

Seems it's related with wrte early data, can we leave the comment to this PR #6542

Sure.

We will leave the "hibrid case". Can you eleborate the problems?

From RFC 8446, we should send early data after ClientHello immediately. So we must switch outbound traffic after ClientHello ASAP.

If switch in CLIENT_HELLO and send early data, it match RFC. But if the server select TLS 1.2, I am not sure what will happen.

To avoid the issue, I think we should postpone the traffic switch, just after TLS 1.3 is selected at this moment. And in ClientHello, we should only switch traffic if it is configured as tls1.3 only.

For the test side, we should have tls1.3 only and hybrid mode test to cover the cases.

Copy link
Contributor Author

@xkqian xkqian Nov 17, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From RFC 8446, we should send early data after ClientHello immediately. So we must switch outbound traffic after ClientHello ASAP.

If switch in CLIENT_HELLO and send early data, it match RFC. But if the server select TLS 1.2, I am not sure what will happen.

To avoid the issue, I think we should postpone the traffic switch, just after TLS 1.3 is selected at this moment. And in ClientHello, we should only switch traffic if it is configured as tls1.3 only.

For the test side, we should have tls1.3 only and hybrid mode test to cover the cases.

Seems it's one issue we should trade off when and in which case to change transform key.
Currently we only support session tikets psk, which means we only send out early data in resumption with tickets, maybe weI can make use of the tls_version in seriealized session to detect whether we only send out tls13 version, and then server will only have one tls13 choice. I am not sure whether the design work or not, maybe we can solve it in some ways.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes that's a key point. A TLS 1.3 handshake proposing early data can only be done with a PSK (external or obtained through a ticket) which is TLS 1.3 specific. Thus in that case we are not going to propose TLS 1.2 to the server: "TLS 1.3 only ClientHello".

1 \
-c "Reconnecting with saved session" \
-c "NewSessionTicket: early_data(42) extension received." \
-c "ClientHello: early_data(42) extension exists." \
-c "EncryptedExtensions: early_data(42) extension received." \
-c "EncryptedExtensions: early_data(42) extension ( ignored )." \
-s "Parsing extension 'Early Data/42' (0 bytes)" \
-s "Sending extension Early Data/42 (0 bytes)" \
-s "early data accepted"

requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
MBEDTLS_SSL_EARLY_DATA
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: EarlyData: hybrid check, good" \
ronald-cron-arm marked this conversation as resolved.
Show resolved Hide resolved
"$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \
"$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \
1 \
-c "Reconnecting with saved session" \
-c "NewSessionTicket: early_data(42) extension received." \
-c "ClientHello: early_data(42) extension exists." \
-c "EncryptedExtensions: early_data(42) extension received." \
-c "EncryptedExtensions: early_data(42) extension ( ignored )." \
-s "Parsing extension 'Early Data/42' (0 bytes)" \
-s "Sending extension Early Data/42 (0 bytes)" \
-s "early data accepted"

requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
MBEDTLS_SSL_EARLY_DATA
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good." \
ronald-cron-arm marked this conversation as resolved.
Show resolved Hide resolved
"$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \
"$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=2" \
0 \
-c "Reconnecting with saved session" \
-C "NewSessionTicket: early_data(42) extension received." \
-c "ClientHello: early_data(42) extension does not exist." \
-C "EncryptedExtensions: early_data(42) extension received." \
-C "EncryptedExtensions: early_data(42) extension ( ignored )."

#TODO: OpenSSL tests don't work now. It might be openssl options issue, cause GnuTLS has worked.
skip_next_test
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
MBEDTLS_SSL_EARLY_DATA
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3, ext PSK, early data" \
"$O_NEXT_SRV_EARLY_DATA -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
"$P_CLI debug_level=5 force_version=tls13 tls13_kex_modes=psk early_data=1 psk=010203 psk_identity=0a0b0c" \
1 \
-c "Reconnecting with saved session" \
-c "NewSessionTicket: early_data(42) extension received." \
-c "ClientHello: early_data(42) extension exists." \
-c "EncryptedExtensions: early_data(42) extension received." \
-c "EncryptedExtensions: early_data(42) extension ( ignored )."

1 change: 1 addition & 0 deletions tests/scripts/all.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3253,6 +3253,7 @@ component_test_tls13_only_ephemeral () {
msg "build: TLS 1.3 only from default, only ephemeral key exchange mode"
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"

msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode"
Expand Down
Loading