-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tls13 parse early data indication ee #6490
Tls13 parse early data indication ee #6490
Conversation
68e5af4
to
b4e4ec7
Compare
9557318
to
f35dbb6
Compare
9f313c0
to
f0e5687
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some changes to meet latest code
library/ssl_tls13_client.c
Outdated
#if defined(MBEDTLS_SSL_EARLY_DATA) | ||
/* | ||
* ssl_tls13_parse_ee_early_data_ext() | ||
* Parse early data indication extension in EncryptedExtensions. | ||
* | ||
* struct {} Empty; | ||
* | ||
* struct { | ||
* select (Handshake.msg_type) { | ||
* ... | ||
* case client_hello: Empty; | ||
* case encrypted_extensions: Empty; | ||
* }; | ||
* } EarlyDataIndication; | ||
* | ||
*/ | ||
|
||
MBEDTLS_CHECK_RETURN_CRITICAL | ||
static int ssl_tls13_parse_ee_early_data_ext( mbedtls_ssl_context *ssl, | ||
const unsigned char *buf, | ||
size_t len ) | ||
{ | ||
if( ssl->early_data_status < MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT ) | ||
{ | ||
/* The server must not send the EarlyDataIndication if the | ||
* client hasn't indicated the use of early data. */ | ||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, | ||
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); | ||
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); | ||
} | ||
|
||
if( len != 0 ) | ||
{ | ||
/* The message must be empty. */ | ||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, | ||
MBEDTLS_ERR_SSL_DECODE_ERROR ); | ||
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); | ||
} | ||
|
||
/* Nothing to parse */ | ||
((void) buf); | ||
|
||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; | ||
return( 0 ); | ||
} | ||
#endif /* MBEDTLS_SSL_EARLY_DATA */ | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#6170 has been merged, it is not needed.
#if defined(MBEDTLS_SSL_EARLY_DATA) | |
/* | |
* ssl_tls13_parse_ee_early_data_ext() | |
* Parse early data indication extension in EncryptedExtensions. | |
* | |
* struct {} Empty; | |
* | |
* struct { | |
* select (Handshake.msg_type) { | |
* ... | |
* case client_hello: Empty; | |
* case encrypted_extensions: Empty; | |
* }; | |
* } EarlyDataIndication; | |
* | |
*/ | |
MBEDTLS_CHECK_RETURN_CRITICAL | |
static int ssl_tls13_parse_ee_early_data_ext( mbedtls_ssl_context *ssl, | |
const unsigned char *buf, | |
size_t len ) | |
{ | |
if( ssl->early_data_status < MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT ) | |
{ | |
/* The server must not send the EarlyDataIndication if the | |
* client hasn't indicated the use of early data. */ | |
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, | |
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); | |
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); | |
} | |
if( len != 0 ) | |
{ | |
/* The message must be empty. */ | |
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, | |
MBEDTLS_ERR_SSL_DECODE_ERROR ); | |
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); | |
} | |
/* Nothing to parse */ | |
((void) buf); | |
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; | |
return( 0 ); | |
} | |
#endif /* MBEDTLS_SSL_EARLY_DATA */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not addressed. Although the code is changed. This point is not addressed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not addressed. Although the code is changed. This point is not addressed
Which point is not addressed? What I can see is remove all of the code realted with parsing. Do I miss something?
library/ssl_tls13_client.c
Outdated
/* Nothing to parse */ | ||
((void) buf); | ||
|
||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Put below code in postprocess_encrypted_extesion
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; | |
if( ssl->handshake->received_extension & MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) ) | |
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't find the function postprocess_encrypted_extesion(), so I put ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; in the ssl_tls13_parse_encrypted_extensions().
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
line 2132.
Not Addressed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure why we should put the status change in line 2132.
Seems it's more readable and directly if we put the status change "ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;" just follow up the early data extension here.
And, we have no need of the if( ssl->handshake->received_extension & MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) ), which can save the code size.
library/ssl_tls13_client.c
Outdated
@@ -1335,6 +1335,53 @@ static int ssl_tls13_is_downgrade_negotiation( mbedtls_ssl_context *ssl, | |||
return( 0 ); | |||
} | |||
|
|||
#if defined(MBEDTLS_SSL_EARLY_DATA) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The early data indication extension is very similar in NewSessionTicket, ClientHello and EncryptedExtensions thus in that case it would be good to have only one parsing function for the three cases. The function should just do the parsing though thus all the code related to early_data_status
currently in this function should be moved to ssl_tls13_parse_encrypted_extensions()
.
Signed-off-by: Xiaokang Qian <[email protected]>
f0e5687
to
30dd204
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some feedback is not addressed. Do you forget push code?
library/ssl_tls13_client.c
Outdated
if( ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT ) | ||
{ | ||
/* The server must not send the EarlyDataIndication if the | ||
* client hasn't indicated the use of early data. */ | ||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, | ||
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); | ||
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The case has been processed by mbedtls_ssl_tls13_check_received_extension
if( ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT ) | |
{ | |
/* The server must not send the EarlyDataIndication if the | |
* client hasn't indicated the use of early data. */ | |
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, | |
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); | |
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); | |
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems the code if( ( extension_mask & hs_msg_allowed_extensions_mask ) == 0 ) has processed it.
library/ssl_tls13_client.c
Outdated
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); | ||
} | ||
|
||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Move to line 2132
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; | |
if( ssl->handshake->received_extension & MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) ) | |
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; |
library/ssl_tls13_client.c
Outdated
#if defined(MBEDTLS_SSL_EARLY_DATA) | ||
/* | ||
* ssl_tls13_parse_ee_early_data_ext() | ||
* Parse early data indication extension in EncryptedExtensions. | ||
* | ||
* struct {} Empty; | ||
* | ||
* struct { | ||
* select (Handshake.msg_type) { | ||
* ... | ||
* case client_hello: Empty; | ||
* case encrypted_extensions: Empty; | ||
* }; | ||
* } EarlyDataIndication; | ||
* | ||
*/ | ||
|
||
MBEDTLS_CHECK_RETURN_CRITICAL | ||
static int ssl_tls13_parse_ee_early_data_ext( mbedtls_ssl_context *ssl, | ||
const unsigned char *buf, | ||
size_t len ) | ||
{ | ||
if( ssl->early_data_status < MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT ) | ||
{ | ||
/* The server must not send the EarlyDataIndication if the | ||
* client hasn't indicated the use of early data. */ | ||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, | ||
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); | ||
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); | ||
} | ||
|
||
if( len != 0 ) | ||
{ | ||
/* The message must be empty. */ | ||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, | ||
MBEDTLS_ERR_SSL_DECODE_ERROR ); | ||
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); | ||
} | ||
|
||
/* Nothing to parse */ | ||
((void) buf); | ||
|
||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; | ||
return( 0 ); | ||
} | ||
#endif /* MBEDTLS_SSL_EARLY_DATA */ | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not addressed. Although the code is changed. This point is not addressed
library/ssl_tls13_client.c
Outdated
/* Nothing to parse */ | ||
((void) buf); | ||
|
||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
line 2132.
Not Addressed
Signed-off-by: Xiaokang Qian <[email protected]>
30dd204
to
ca09afc
Compare
Signed-off-by: Xiaokang Qian <[email protected]>
Signed-off-by: Xiaokang Qian <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Parse early data indication in encrypted extentions.
Empty to indicate that early data supported by server side.
Part of adding early data support in TLS 1.3. No need for a change log.