diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 922d0a7b8071..36e9aa0e8ece 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -668,7 +668,6 @@ typedef enum MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, MBEDTLS_SSL_HELLO_RETRY_REQUEST, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS, - MBEDTLS_SSL_WAIT_EOED, MBEDTLS_SSL_WAIT_FLIGHT2, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED, @@ -4950,13 +4949,13 @@ int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ); * * How about change it to negative value? */ -#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 2 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 3 /* Client: early data indaction of EE IS received. * Update in MBEDTLS_SSL_ENCRYPTED_EXTENSIONS. * Sever: early data indaction of EE WILL be sent. Next state is wait_eoed. * Update in MBEDTLS_SSL_CLIENT_HELLO. */ -#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 3 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 4 /** * \brief Get information about the use of 0-RTT in a TLS 1.3 handshake diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 0f1a2a1879be..bd91057433b7 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1903,20 +1903,6 @@ static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context * } #if defined(MBEDTLS_SSL_SRV_C) -/* TODO: If #6486 merged, re-consider about bellow definition */ -/* early data is disabled. */ -#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN 0 -/* early_data extension of client hello is not sent/recv */ -#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 1 -/* early_data extension exist in ClientHello and - * - Server will not reply in EE. - * - Client hasn't received the early_data. - */ -#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 2 -/* early_data extension exist in client hello and encrypted extension */ -#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 3 -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_get_early_data_status( mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /** diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 029647e5d553..e9602f1d1a49 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3715,7 +3715,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, * it is treated as the start of the client's second flight and the * server proceeds as with an ordinary 1-RTT handshake. */ - if( mbedtls_ssl_tls13_get_early_data_status( ssl ) == + if( mbedtls_ssl_get_early_data_status( ssl ) == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED ) { MBEDTLS_SSL_DEBUG_MSG( @@ -4880,7 +4880,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) ssl->handshake != NULL && ssl->handshake->hello_retry_request_count > 0 && ssl->transform_in == NULL && - mbedtls_ssl_tls13_get_early_data_status( ssl ) == + mbedtls_ssl_get_early_data_status( ssl ) == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED ) { MBEDTLS_SSL_DEBUG_MSG( diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4b45cb0d04b6..74600264b0fa 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1774,7 +1774,7 @@ static int ssl_tls13_early_data_common_static_check( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - if( ( session->ticket_flags & + if( ( session->ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ) == 0 ) { MBEDTLS_SSL_DEBUG_MSG( @@ -1782,16 +1782,6 @@ static int ssl_tls13_early_data_common_static_check( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } -#if defined(MBEDTLS_HAVE_TIME) - if( (uint32_t)( mbedtls_time( NULL ) - session->ticket_received ) > - session->ticket_lifetime ) - { - MBEDTLS_SSL_DEBUG_MSG( - 1, ( "ticket expired." ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - } -#endif - return( 0 ); } @@ -1843,6 +1833,18 @@ static int ssl_tls13_early_data_cli_status_check( mbedtls_ssl_context *ssl ) ret = ssl_tls13_early_data_common_static_check( ssl ); if( ret != 0 ) return( ret ); + +#if defined(MBEDTLS_HAVE_TIME) + if( (uint32_t)( mbedtls_time( NULL ) - + ssl->session_negotiate->ticket_received ) > + ssl->session_negotiate->ticket_lifetime ) + { + MBEDTLS_SSL_DEBUG_MSG( + 1, ( "ticket expired." ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } +#endif + /* Add client special check here. */ return( ret ); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 5384812ed7da..2e9a05e67468 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -40,37 +40,6 @@ #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" - -int mbedtls_ssl_tls13_get_early_data_status( mbedtls_ssl_context *ssl ) -{ - if( mbedtls_ssl_is_handshake_over( ssl ) == 1 || - ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER || - ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_3 ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - } - - if( ( ssl->handshake->received_extensions & - MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) ) == 0 ) - { - return( MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT ); - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if( !mbedtls_ssl_tls13_some_psk_enabled( ssl ) || - ssl->handshake->selected_identity != 0 || - ssl->conf->max_early_data_size == 0 || - ssl->handshake->resume == 0 ) - { - return( MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED ); - } - - return( MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED ); -#else - return( MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED ); -#endif -} - static const mbedtls_ssl_ciphersuite_t *ssl_tls13_validate_peer_ciphersuite( mbedtls_ssl_context *ssl, unsigned int cipher_suite ) @@ -1738,21 +1707,34 @@ static int ssl_tls13_postprocess_client_hello( mbedtls_ssl_context* ssl ) return( ret ); } - /* There is enough information, update early data status. */ - int early_data_status = mbedtls_ssl_get_early_data_status( ssl ); + if( ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) ) { + /* There is enough information, update early data status. */ + int early_data_status = mbedtls_ssl_get_early_data_status( ssl ); +#if defined(MBEDTLS_SSL_EARLY_DATA) if( early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN ) + { /* discarding records which fail deprotection. */ early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; + } else { early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; /* TODO: compute early transform here? */ + ret = mbedtls_ssl_tls13_compute_early_transform( ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( + 1, "mbedtls_ssl_tls13_compute_early_transform", ret ); + return( ret ); + } } +#endif /* MBEDTLS_SSL_EARLY_DATA */ + ssl->early_data_status = early_data_status; } - ssl->early_data_status = early_data_status; + return( 0 ); } @@ -2706,7 +2688,7 @@ static int ssl_tls13_write_server_finished( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_EARLY_DATA) /* - * Handler for MBEDTLS_SSL_WAIT_EOED + * Handler for MBEDTLS_SSL_END_OF_EARLY_DATA( WAIT_EOED ) * * RFC 8446 section A.2 * @@ -3051,6 +3033,13 @@ static int ssl_tls13_write_new_session_ticket_body( mbedtls_ssl_context *ssl, *out_len = 0; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write NewSessionTicket msg" ) ); +#if defined(MBEDTLS_SSL_EARLY_DATA) + if( ssl->conf->max_early_data_size > 0 ) + { + session->ticket_flags |= MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA; + } +#endif /* MBEDTLS_SSL_EARLY_DATA */ + /* * ticket_lifetime 4 bytes * ticket_age_add 4 bytes @@ -3295,7 +3284,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) break; #if defined(MBEDTLS_SSL_EARLY_DATA) - case MBEDTLS_SSL_WAIT_EOED: + case MBEDTLS_SSL_END_OF_EARLY_DATA: ret = ssl_tls13_process_wait_eoed( ssl ); break; #endif /* MBEDTLS_SSL_EARLY_DATA */ diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 51a191167936..6b9a471773a1 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -412,14 +412,16 @@ run_test "TLS 1.3 G->m: EarlyData: psk*: feature is disabled, good." \ EARLY_DATA_INPUT_LEN=$( cat $EARLY_DATA_INPUT | wc -c ) MAX_EARLY_DATA_SIZE=$(( 1024 > $EARLY_DATA_INPUT_LEN ? 1024 : $EARLY_DATA_INPUT_LEN )) + requires_gnutls_next requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m: EarlyData: ephemeral: all data is accepted, good." \ - "$P_SRV force_version=tls13 reco_debug_level=5 early_data=$MAX_EARLY_DATA_SIZE" \ + "$P_SRV force_version=tls13 reco_debug_level=5 max_early_data_size=$MAX_EARLY_DATA_SIZE" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \ 0 \ -c "This is a resumed session" \ @@ -437,7 +439,7 @@ requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m: EarlyData: psk*: all data is accepted, good." \ - "$P_SRV force_version=tls13 reco_debug_level=4 early_data=$MAX_EARLY_DATA_SIZE $(get_srv_psk_list)" \ + "$P_SRV force_version=tls13 reco_debug_level=4 max_early_data_size=$MAX_EARLY_DATA_SIZE $(get_srv_psk_list)" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK \ -d 10 -r --earlydata $EARLY_DATA_INPUT \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ @@ -453,15 +455,15 @@ EARLY_DATA_INPUT_LINE1_LEN=$(head -1 $EARLY_DATA_INPUT | wc -c) requires_gnutls_next requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m: EarlyData: ephemeral: size exceeds the limit, fail." \ - "$P_SRV force_version=tls13 debug_level=5 early_data=$EARLY_DATA_INPUT_LINE1_LEN" \ + "$P_SRV force_version=tls13 debug_level=5 max_early_data_size=$EARLY_DATA_INPUT_LINE1_LEN" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \ 1 \ - -c "This is a resumed session" \ - -c "Unexpected message - was received" \ + -s "unexpected message was received" \ -s "ClientHello: early_data(42) extension exists." \ -s "EncryptedExtensions: early_data(42) extension exists." \ -s "ssl->conf->max_early_data_size=$EARLY_DATA_INPUT_LINE1_LEN" \ @@ -474,13 +476,12 @@ requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m: EarlyData: psk*: size exceeds the limit, fail." \ - "$P_SRV force_version=tls13 debug_level=4 early_data=$EARLY_DATA_INPUT_LINE1_LEN $(get_srv_psk_list)" \ + "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=$EARLY_DATA_INPUT_LINE1_LEN $(get_srv_psk_list)" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK \ -d 10 -r --earlydata $EARLY_DATA_INPUT \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ 1 \ - -c "This is a resumed session" \ - -c "Unexpected message - was received" \ + -c "unexpected message was received" \ -s "ClientHello: early_data(42) extension exists." \ -s "EncryptedExtensions: early_data(42) extension exists." \ -s "ssl->conf->max_early_data_size=$EARLY_DATA_INPUT_LINE1_LEN" \