Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tls13 parse early data indication ee #6490

Conversation

xkqian
Copy link
Contributor

@xkqian xkqian commented Oct 27, 2022

Parse early data indication in encrypted extentions.
Empty to indicate that early data supported by server side.

Part of adding early data support in TLS 1.3. No need for a change log.

@xkqian xkqian linked an issue Oct 27, 2022 that may be closed by this pull request
1 task
@xkqian xkqian force-pushed the tls13_parse_early_data_indication_ee branch from 68e5af4 to b4e4ec7 Compare October 27, 2022 10:45
@daverodgman daverodgman added priority-medium Medium priority - this can be reviewed as time permits priority-high High priority - will be reviewed soon and removed priority-medium Medium priority - this can be reviewed as time permits labels Oct 27, 2022
@xkqian xkqian force-pushed the tls13_parse_early_data_indication_ee branch 2 times, most recently from 9557318 to f35dbb6 Compare November 3, 2022 02:51
@xkqian xkqian force-pushed the tls13_parse_early_data_indication_ee branch 2 times, most recently from 9f313c0 to f0e5687 Compare November 18, 2022 03:32
@xkqian xkqian added needs-review Every commit must be reviewed by at least two team members, and removed needs-work labels Nov 18, 2022
Copy link
Contributor

@yuhaoth yuhaoth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some changes to meet latest code

Comment on lines 1338 to 1384
#if defined(MBEDTLS_SSL_EARLY_DATA)
/*
* ssl_tls13_parse_ee_early_data_ext()
* Parse early data indication extension in EncryptedExtensions.
*
* struct {} Empty;
*
* struct {
* select (Handshake.msg_type) {
* ...
* case client_hello: Empty;
* case encrypted_extensions: Empty;
* };
* } EarlyDataIndication;
*
*/

MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_ee_early_data_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t len )
{
if( ssl->early_data_status < MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT )
{
/* The server must not send the EarlyDataIndication if the
* client hasn't indicated the use of early data. */
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}

if( len != 0 )
{
/* The message must be empty. */
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
MBEDTLS_ERR_SSL_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}

/* Nothing to parse */
((void) buf);

ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
return( 0 );
}
#endif /* MBEDTLS_SSL_EARLY_DATA */

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#6170 has been merged, it is not needed.

Suggested change
#if defined(MBEDTLS_SSL_EARLY_DATA)
/*
* ssl_tls13_parse_ee_early_data_ext()
* Parse early data indication extension in EncryptedExtensions.
*
* struct {} Empty;
*
* struct {
* select (Handshake.msg_type) {
* ...
* case client_hello: Empty;
* case encrypted_extensions: Empty;
* };
* } EarlyDataIndication;
*
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_ee_early_data_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t len )
{
if( ssl->early_data_status < MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT )
{
/* The server must not send the EarlyDataIndication if the
* client hasn't indicated the use of early data. */
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
if( len != 0 )
{
/* The message must be empty. */
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
MBEDTLS_ERR_SSL_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
/* Nothing to parse */
((void) buf);
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
return( 0 );
}
#endif /* MBEDTLS_SSL_EARLY_DATA */

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not addressed. Although the code is changed. This point is not addressed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not addressed. Although the code is changed. This point is not addressed

Which point is not addressed? What I can see is remove all of the code realted with parsing. Do I miss something?

library/ssl_tls13_client.c Outdated Show resolved Hide resolved
/* Nothing to parse */
((void) buf);

ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
Copy link
Contributor

@yuhaoth yuhaoth Nov 18, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Put below code in postprocess_encrypted_extesion

Suggested change
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
if( ssl->handshake->received_extension & MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) )
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't find the function postprocess_encrypted_extesion(), so I put ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; in the ssl_tls13_parse_encrypted_extensions().

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

line 2132.
Not Addressed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure why we should put the status change in line 2132.
Seems it's more readable and directly if we put the status change "ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;" just follow up the early data extension here.
And, we have no need of the if( ssl->handshake->received_extension & MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) ), which can save the code size.

@@ -1335,6 +1335,53 @@ static int ssl_tls13_is_downgrade_negotiation( mbedtls_ssl_context *ssl,
return( 0 );
}

#if defined(MBEDTLS_SSL_EARLY_DATA)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The early data indication extension is very similar in NewSessionTicket, ClientHello and EncryptedExtensions thus in that case it would be good to have only one parsing function for the three cases. The function should just do the parsing though thus all the code related to early_data_status currently in this function should be moved to ssl_tls13_parse_encrypted_extensions().

@xkqian xkqian force-pushed the tls13_parse_early_data_indication_ee branch from f0e5687 to 30dd204 Compare November 22, 2022 10:06
Copy link
Contributor

@yuhaoth yuhaoth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some feedback is not addressed. Do you forget push code?

Comment on lines 2066 to 2073
if( ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT )
{
/* The server must not send the EarlyDataIndication if the
* client hasn't indicated the use of early data. */
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The case has been processed by mbedtls_ssl_tls13_check_received_extension

Suggested change
if( ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT )
{
/* The server must not send the EarlyDataIndication if the
* client hasn't indicated the use of early data. */
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}

Copy link
Contributor Author

@xkqian xkqian Nov 23, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems the code if( ( extension_mask & hs_msg_allowed_extensions_mask ) == 0 ) has processed it.

return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}

ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move to line 2132

Suggested change
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
if( ssl->handshake->received_extension & MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) )
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;

Comment on lines 1338 to 1384
#if defined(MBEDTLS_SSL_EARLY_DATA)
/*
* ssl_tls13_parse_ee_early_data_ext()
* Parse early data indication extension in EncryptedExtensions.
*
* struct {} Empty;
*
* struct {
* select (Handshake.msg_type) {
* ...
* case client_hello: Empty;
* case encrypted_extensions: Empty;
* };
* } EarlyDataIndication;
*
*/

MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_ee_early_data_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t len )
{
if( ssl->early_data_status < MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT )
{
/* The server must not send the EarlyDataIndication if the
* client hasn't indicated the use of early data. */
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}

if( len != 0 )
{
/* The message must be empty. */
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
MBEDTLS_ERR_SSL_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}

/* Nothing to parse */
((void) buf);

ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
return( 0 );
}
#endif /* MBEDTLS_SSL_EARLY_DATA */

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not addressed. Although the code is changed. This point is not addressed

/* Nothing to parse */
((void) buf);

ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

line 2132.
Not Addressed

@xkqian xkqian force-pushed the tls13_parse_early_data_indication_ee branch from 30dd204 to ca09afc Compare November 23, 2022 02:17
Copy link
Contributor

@yuhaoth yuhaoth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Contributor

@ronald-cron-arm ronald-cron-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ronald-cron-arm ronald-cron-arm merged commit 1d1d536 into Mbed-TLS:development Nov 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component-tls13 needs-ci Needs to pass CI tests needs-review Every commit must be reviewed by at least two team members, priority-high High priority - will be reviewed soon
Projects
None yet
Development

Successfully merging this pull request may close these issues.

TLS 1.3 client: Parsing of the early data indication extension
4 participants