Skip to content

Commit

Permalink
Add tests for new 0-RTT API
Browse files Browse the repository at this point in the history
  • Loading branch information
jesiegel1 committed Dec 23, 2021
1 parent 36c162a commit d552f3f
Show file tree
Hide file tree
Showing 4 changed files with 271 additions and 13 deletions.
3 changes: 1 addition & 2 deletions library/ssl_tls13_generic.c
Original file line number Diff line number Diff line change
Expand Up @@ -2480,8 +2480,7 @@ int mbedtls_ssl_write_early_data_ext( mbedtls_ssl_context *ssl,
if( ( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_EARLY_DATA ) == 0 )
return( 0 );

if( ssl->conf->tls13_kex_modes !=
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ||
if( !mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) ||
ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write early_data extension" ) );
Expand Down
2 changes: 1 addition & 1 deletion library/ssl_tls13_server.c
Original file line number Diff line number Diff line change
Expand Up @@ -1916,7 +1916,7 @@ static int ssl_early_data_fetch( mbedtls_ssl_context *ssl,
}

*buf = ssl->in_msg;
*buflen = ssl->in_hslen;
*buflen = ssl->in_msglen;

cleanup:

Expand Down
72 changes: 65 additions & 7 deletions programs/ssl/ssl_client2.c
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ int main( void )
#define DFL_KEY_PWD ""
#define DFL_PSK ""
#define DFL_EARLY_DATA MBEDTLS_SSL_EARLY_DATA_DISABLED
#define DFL_EARLY_DATA_API MBEDTLS_SSL_EARLY_DATA_OLD_API
#define DFL_PSK_OPAQUE 0
#define DFL_PSK_IDENTITY "Client_identity"
#define DFL_ECJPAKE_PW NULL
Expand Down Expand Up @@ -366,8 +367,12 @@ int main( void )
#define USAGE_EARLY_DATA \
" early_data=%%d default: 0 (disabled)\n" \
" options: 0 (disabled), 1 (enabled)\n"
#define USAGE_EARLY_DATA_API \
" early_data_api=%%d default: 0 (old api)\n" \
" options: 0 (old api), 1 (new api)\n"
#else
#define USAGE_EARLY_DATA ""
#define USAGE_EARLY_DATA_API ""
#endif /* MBEDTLS_ZERO_RTT && MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */

#if defined(MBEDTLS_ECP_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
Expand Down Expand Up @@ -446,6 +451,7 @@ int main( void )
USAGE_CURVES \
USAGE_SIG_ALGS \
USAGE_EARLY_DATA \
USAGE_EARLY_DATA_API \
USAGE_NAMED_GROUP \
USAGE_DHMLEN \
"\n"
Expand Down Expand Up @@ -559,6 +565,7 @@ struct options
const char *named_groups_string; /* list of named groups */
const char *key_share_named_groups_string; /* list of named groups */
int early_data; /* support for early data */
int early_data_api; /* old or new 0-RTT API */
int query_config_mode; /* whether to read config */
int use_srtp; /* Support SRTP */
int force_srtp_profile; /* SRTP protection profile to use or all */
Expand Down Expand Up @@ -918,6 +925,7 @@ int main( int argc, char *argv[] )
opt.psk = DFL_PSK;
opt.sig_algs = DFL_SIG_ALGS;
opt.early_data = DFL_EARLY_DATA;
opt.early_data_api = DFL_EARLY_DATA_API;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
opt.psk_opaque = DFL_PSK_OPAQUE;
#endif
Expand Down Expand Up @@ -1210,6 +1218,19 @@ int main( int argc, char *argv[] )
default: goto usage;
}
}
else if( strcmp( p, "early_data_api" ) == 0 )
{
switch( atoi( q ) )
{
case 0:
opt.early_data_api = MBEDTLS_SSL_EARLY_DATA_OLD_API;
break;
case 1:
opt.early_data_api = MBEDTLS_SSL_EARLY_DATA_NEW_API;
break;
default: goto usage;
}
}
#endif /* MBEDTLS_ZERO_RTT */

#if defined(MBEDTLS_ECP_C)
Expand Down Expand Up @@ -2200,8 +2221,9 @@ int main( int argc, char *argv[] )
opt.max_version );

#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && defined(MBEDTLS_ZERO_RTT)
mbedtls_ssl_conf_early_data( &conf, opt.early_data, 0, MBEDTLS_SSL_EARLY_DATA_OLD_API, NULL );
mbedtls_ssl_set_early_data( &ssl, (const unsigned char*) early_data,
mbedtls_ssl_conf_early_data( &conf, opt.early_data, 0, opt.early_data_api, NULL );
if( opt.early_data_api == MBEDTLS_SSL_EARLY_DATA_OLD_API )
mbedtls_ssl_set_early_data( &ssl, (const unsigned char*) early_data,
strlen( early_data ) );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && MBEDTLS_ZERO_RTT */

Expand Down Expand Up @@ -3272,7 +3294,8 @@ int main( int argc, char *argv[] )
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */

#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && defined(MBEDTLS_ZERO_RTT)
mbedtls_ssl_set_early_data( &ssl, (const unsigned char*) early_data,
if( opt.early_data_api == MBEDTLS_SSL_EARLY_DATA_OLD_API )
mbedtls_ssl_set_early_data( &ssl, (const unsigned char*) early_data,
strlen( early_data ) );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && MBEDTLS_ZERO_RTT */

Expand All @@ -3298,17 +3321,52 @@ int main( int argc, char *argv[] )
goto exit;
}

while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
#if defined(MBEDTLS_ZERO_RTT)
char early_buf[256];
int early_count = 0;
#endif
do {
#if defined(MBEDTLS_ZERO_RTT)
if( ( opt.early_data_api == MBEDTLS_SSL_EARLY_DATA_NEW_API ) &&
( mbedtls_ssl_get_early_data_state( &ssl ) == MBEDTLS_SSL_EARLY_DATA_STATE_ENABLED ||
mbedtls_ssl_get_early_data_state( &ssl ) == MBEDTLS_SSL_EARLY_DATA_STATE_ON ) )
{
int early_written = 0;
int early_len = mbedtls_snprintf( early_buf, sizeof( early_buf ), "early data test %d", early_count );
do {
ret = mbedtls_ssl_write_early_data( &ssl, (const unsigned char*) early_buf + early_written, early_len - early_written );
if( ret < 0 &&
ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_write_early_data returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}

if( ret < 0 )
continue;

early_written += ret;
} while ( early_written < early_len );

early_buf[ret] = '\0';
mbedtls_printf( " %zu bytes early data sent: %s\n", ret, early_buf );
early_count++;
}
#endif
ret = mbedtls_ssl_handshake( &ssl );
if( ret < 0 &&
ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
}
} while ( ret != 0 );

mbedtls_printf( " ok\n" );

Expand Down
Loading

0 comments on commit d552f3f

Please sign in to comment.