Add selected key and ciphersuite check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

commit: 82fd6c11bda1f50babd303776c02ed025fabdbb5 [log] [tgz]
author: Jerry Yu <jerry.h.yu@arm.com> Tue Oct 31 16:32:19 2023 +0800
committer: Jerry Yu <jerry.h.yu@arm.com> Wed Nov 01 10:32:17 2023 +0800
tree: 88e9ac936807c3a46f9f74607be1dd404b92d9b5
parent: ce3b95e2c9cd26cc39fd2b4c79d6c79fe2fb3336 [diff] [blame]
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 5a0c69f..2288a1a 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c

@@ -1787,6 +1787,35 @@
         return;
     }
 
+    /* RFC 8446 4.2.10
+     *
+     * In order to accept early data, the server MUST have accepted a PSK cipher
+     * suite and selected the first key offered in the client's "pre_shared_key"
+     * extension. In addition, it MUST verify that the following values are the
+     * same as those associated with the selected PSK:
+     * - The TLS version number
+     * - The selected cipher suite
+     * - The selected ALPN [RFC7301] protocol, if any
+     *
+     * NOTE:
+     *  - ALPN hasn't been checked.
+     *  - TLS version is checked in
+     *    ssl_tls13_offered_psks_check_identity_match_ticket()
+     */
+
+    if (handshake->selected_identity != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(
+            1, ("EarlyData: rejected, first psk key is not offered."));
+        return;
+    }
+
+    if (handshake->ciphersuite_info->id !=
+        ssl->session_negotiate->ciphersuite) {
+        MBEDTLS_SSL_DEBUG_MSG(
+            1, ("EarlyData: rejected, selected ciphersuite mismatch."));
+        return;
+
+    }
 
     /* TODO: Add more checks here. */
commit	82fd6c11bda1f50babd303776c02ed025fabdbb5	[log] [tgz]
author	Jerry Yu <jerry.h.yu@arm.com>	Tue Oct 31 16:32:19 2023 +0800
committer	Jerry Yu <jerry.h.yu@arm.com>	Wed Nov 01 10:32:17 2023 +0800
tree	88e9ac936807c3a46f9f74607be1dd404b92d9b5
parent	ce3b95e2c9cd26cc39fd2b4c79d6c79fe2fb3336 [diff] [blame]