commit 0e97d4d16dcf4d90fdac381a3c0ec7cd68fd29f2
author Xiaokang Qian <xiaokang.qian@arm.com> Mon Oct 24 11:12:51 2022 +0000
committer Xiaokang Qian <xiaokang.qian@arm.com> Mon Nov 14 03:13:50 2022 +0000
tree dae6b1186a8470aa934333260abe644857ef86e7
parent aeb8bf2ab03cd7228b629f478db512a175ff6428

Add early data indication to client side

Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>

library/ssl_tls13_client.c

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 9940a0e..0d24474 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -693,13 +693,6 @@
 }
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl )
-{
-    mbedtls_ssl_session *session = ssl->session_negotiate;
-    return( ssl->handshake->resume &&
-            session != NULL && session->ticket != NULL );
-}
-
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl,
                                           psa_algorithm_t *hash_alg,
@@ -708,7 +701,7 @@
 {
     mbedtls_ssl_session *session = ssl->session_negotiate;
 
-    if( !ssl_tls13_has_configured_ticket( ssl ) )
+    if( !mbedtls_ssl_tls13_has_configured_ticket( ssl ) )
         return( -1 );
 
     *hash_alg = ssl_tls13_get_ciphersuite_hash_alg( session->ciphersuite );
@@ -726,7 +719,7 @@
 
     mbedtls_ssl_session *session = ssl->session_negotiate;
 
-    if( !ssl_tls13_has_configured_ticket( ssl ) )
+    if( !mbedtls_ssl_tls13_has_configured_ticket( ssl ) )
         return( -1 );
 
     *hash_alg = ssl_tls13_get_ciphersuite_hash_alg( session->ciphersuite );
@@ -773,7 +766,7 @@
 {
     int configured_psk_count = 0;
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( ssl_tls13_has_configured_ticket( ssl ) )
+    if( mbedtls_ssl_tls13_has_configured_ticket( ssl ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "Ticket is configured" ) );
         configured_psk_count++;
@@ -1093,7 +1086,8 @@
     }
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( selected_identity == 0 && ssl_tls13_has_configured_ticket( ssl ) )
+    if( selected_identity == 0 &&
+        mbedtls_ssl_tls13_has_configured_ticket( ssl ) )
     {
         ret = ssl_tls13_ticket_get_psk( ssl, &hash_alg, &psk, &psk_len );
     }
@@ -1160,6 +1154,29 @@
     }
 #endif
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    if( mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) &&
+        ( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 1 ||
+          mbedtls_ssl_tls13_has_configured_ticket( ssl ) ) &&
+        ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED )
+    {
+        ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, p, end, &ext_len );
+        if( ret != 0 )
+            return( ret );
+        p += ext_len;
+
+        ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_ON;
+        /* We're using rejected once we send the EarlyData extension,
+           and change it to accepted upon receipt of the server extension. */
+        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_REJECTED;
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write early_data extension" ) );
+        ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_OFF;
+    }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
     /* For PSK-based key exchange we need the pre_shared_key extension
      * and the psk_key_exchange_modes extension.