Skip to content

TLS 1.3: Add mbedtls_ssl_write_early_data() API #8760

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 31 commits into from
Feb 29, 2024
Merged

TLS 1.3: Add mbedtls_ssl_write_early_data() API #8760

Changes from 1 commit
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
b62732e
tls13: cli: Add mbedtls_ssl_write_early_data() API
xkqian Nov 30, 2023
54a3829
ssl_client2: Simplify early_data option
ronald-cron-arm Jan 25, 2024
4e1bd47
ssl_client2: Move code to build http request
ronald-cron-arm Jan 23, 2024
ccfaefa
ssl_client2: Switch from int to size_t
ronald-cron-arm Jan 25, 2024
2fe0ec8
ssl_client2: Add buffer overflow check
ronald-cron-arm Jan 23, 2024
a556189
ssl_client2: Add support for early data writing
ronald-cron-arm Jan 23, 2024
30bb7ce
Add test case for early data writing
xkqian Nov 30, 2023
2fbbba9
tests: ssl: Add write early data unit test
ronald-cron-arm Jan 26, 2024
8fe2b01
tests: write early data: Add "not sent" scenario
ronald-cron-arm Jan 26, 2024
05600e2
tests: write early data: Add "server rejects" scenario
ronald-cron-arm Jan 26, 2024
b3d42fd
tests: write early data: Add HRR scenario
ronald-cron-arm Jan 26, 2024
e273f72
tls13: client: Improve CCS handling
ronald-cron-arm Feb 13, 2024
5fbd270
tls13: Use a flag not a counter for CCS and HRR handling
ronald-cron-arm Feb 14, 2024
84dfbf4
tls13: client: Add comment about early data in 2nd ClientHello
ronald-cron-arm Feb 14, 2024
b9a9b1f
tls13: Fix/Improve comments
ronald-cron-arm Feb 14, 2024
d6d32b9
tls13: Improve declaration and doc of early data status
ronald-cron-arm Feb 14, 2024
24da991
tests: ssl: early data: Add systematic default case in scenario switches
ronald-cron-arm Feb 15, 2024
4922190
tls13: write_early_data: Add endpoint check
ronald-cron-arm Feb 21, 2024
d406924
Improve comments/documentation
ronald-cron-arm Feb 21, 2024
b4fd47e
ssl_client2: Default to library default for early data enablement
ronald-cron-arm Feb 21, 2024
0aead12
ssl_client2: Improve loop writing early data
ronald-cron-arm Feb 21, 2024
bf5e909
tests: write early data: Check we can complete handshake after writing
ronald-cron-arm Feb 21, 2024
0004600
tests: write early data: Inverse loop over state logic
ronald-cron-arm Feb 21, 2024
e21c2d2
tls13: cli: Add missing MBEDTLS_SSL_EARLY_DATA guards
ronald-cron-arm Feb 21, 2024
9f2c3c0
tls13: cli: Add mbedtls_ssl_get_early_data_status() API
ronald-cron-arm Feb 21, 2024
86d288c
tests: ssl: Rename tls13_early_data to tls13_read_early_data
ronald-cron-arm Feb 22, 2024
110303f
tests: read early data: Add no early data indication sent scenario
ronald-cron-arm Feb 22, 2024
7d158f4
tests: read early data: Use write API to send early data
ronald-cron-arm Feb 22, 2024
8f1de7e
tls13: Improve documentation
ronald-cron-arm Feb 22, 2024
f19989d
tls13: Improve sanity check in get_early_data_status
ronald-cron-arm Feb 22, 2024
dcb09ca
tests: write early data: Improve get_early_data_status testing
ronald-cron-arm Feb 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 25 additions & 5 deletions tests/suites/test_suite_ssl.function
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4147,7 +4147,8 @@ void tls13_write_early_data(int scenario)
const char *early_data_string = "This is early data.";
const unsigned char *early_data = (const unsigned char *) early_data_string;
size_t early_data_len = strlen(early_data_string);
int write_early_data_ret;
int write_early_data_ret, read_early_data_ret;
unsigned char read_buf[64];

mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
Expand Down Expand Up @@ -4220,8 +4221,9 @@ void tls13_write_early_data(int scenario)
* Run handshakes going one state further in the handshake sequence at each
* loop up to the point where we reach the MBEDTLS_SSL_HANDSHAKE_OVER
* state. For each reached handshake state, check the result of the call
* to mbedtls_ssl_write_early_data() and then restart the handshake from
* scratch (see reset label).
* to mbedtls_ssl_write_early_data(), make sure we can complete the
* handshake successfully and then reset the connection to restart the
* handshake from scratch.
*/
previous_client_state = MBEDTLS_SSL_HELLO_REQUEST;
client_state = MBEDTLS_SSL_HELLO_REQUEST;
Expand Down Expand Up @@ -4267,7 +4269,7 @@ void tls13_write_early_data(int scenario)
if (scenario == TEST_EARLY_DATA_NO_INDICATION_SENT) {
TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
TEST_EQUAL(client_ep.ssl.state, client_state);
goto reset;
goto complete_handshake;
}

switch (client_state) {
Expand Down Expand Up @@ -4422,7 +4424,25 @@ void tls13_write_early_data(int scenario)
TEST_FAIL("Unexpected state.");
}

reset:
complete_handshake:
do {
ret = mbedtls_test_move_handshake_to_state(
&(server_ep.ssl), &(client_ep.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER);

if (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA) {
read_early_data_ret = mbedtls_ssl_read_early_data(
&(server_ep.ssl), read_buf, sizeof(read_buf));

TEST_EQUAL(read_early_data_ret, early_data_len);
}
} while (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA);

TEST_EQUAL(ret, 0);
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
&(client_ep.ssl), &(server_ep.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER), 0);

mbedtls_test_mock_socket_close(&(client_ep.socket));
mbedtls_test_mock_socket_close(&(server_ep.socket));

Expand Down