Skip to content

Commit

Permalink
Add max_early_data_size option for ssl_sever2
Browse files Browse the repository at this point in the history 
- to set max_early_data_set
- to set callback for received data

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
  • Loading branch information
@yuhaoth
yuhaoth committed Nov 22, 2022
1 parent 6eedd90 commit fa24cc4
Showing 1 changed file with 56 additions and 0 deletions.
56 changes: 56 additions & 0 deletions programs/ssl/ssl_server2.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,7 @@ int main( void )
#define DFL_SNI NULL
#define DFL_ALPN_STRING NULL
#define DFL_CURVES NULL
#define DFL_MAX_EARLY_DATA_SIZE 0
#define DFL_SIG_ALGS NULL
#define DFL_DHM_FILE NULL
#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
Expand Down Expand Up @@ -424,6 +425,16 @@ int main( void )
#define USAGE_ECJPAKE ""
#endif

#if defined(MBEDTLS_SSL_EARLY_DATA)
#define USAGE_EARLY_DATA \
" max_early_data_size=%%d default: 0 (disabled)\n" \
" options: 0 (disabled), " \
" -1 (enabled, builtin max size), " \
" n > 0 (enabled, max amount data for 0-RTT )\n"
#else
#define USAGE_EARLY_DATA ""
#endif /* MBEDTLS_SSL_EARLY_DATA */

#if defined(MBEDTLS_ECP_C)
#define USAGE_CURVES \
" curves=a,b,c,d default: \"default\" (library default)\n" \
Expand Down Expand Up @@ -680,6 +691,7 @@ struct options
const char *cid_val_renego; /* the CID to use for incoming messages
* after renegotiation */
int reproducible; /* make communication reproducible */
uint32_t max_early_data_size; /* max amount early data */
int query_config_mode; /* whether to read config */
int use_srtp; /* Support SRTP */
int force_srtp_profile; /* SRTP protection profile to use or all */
Expand Down Expand Up @@ -1027,6 +1039,38 @@ int psk_callback( void *p_info, mbedtls_ssl_context *ssl,
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */

#if defined(MBEDTLS_SSL_EARLY_DATA)
/*
* Early data callback.
*/
static unsigned char early_data_buffer[MBEDTLS_SSL_MAX_EARLY_DATA_SIZE];
static int head = tail = 0;
static int early_data_write_cb( void *context,
const unsigned char *buffer,
size_t len )
{
if( len > MBEDTLS_SSL_MAX_EARLY_DATA_SIZE - tail)
len = MBEDTLS_SSL_MAX_EARLY_DATA_SIZE - tail;

if(len)
memcpy( &early_data_buffer, buffer, len );
tail += len;
return((int) len);
}
int early_data_read_cb( void *context,
const unsigned char *buffer,
size_t len )
{
if( len > tail - head )
len = tail - head;

if(len && buffer )
memcpy( buffer, &early_data_buffer, len );
head += len;
return((int) len);
}
#endif /* MBEDTLS_SSL_EARLY_DATA */

static mbedtls_net_context listen_fd, client_fd;

/* Interruption handler to ensure clean exit (for valgrind testing) */
Expand Down Expand Up @@ -1695,6 +1739,7 @@ int main( int argc, char *argv[] )
opt.sni = DFL_SNI;
opt.alpn_string = DFL_ALPN_STRING;
opt.curves = DFL_CURVES;
opt.max_early_data_size = DFL_MAX_EARLY_DATA_SIZE;
opt.sig_algs = DFL_SIG_ALGS;
opt.dhm_file = DFL_DHM_FILE;
opt.transport = DFL_TRANSPORT;
Expand Down Expand Up @@ -1891,6 +1936,12 @@ int main( int argc, char *argv[] )
else if( strcmp( p, "sig_algs" ) == 0 )
opt.sig_algs = q;
#endif
#if defined(MBEDTLS_SSL_EARLY_DATA)
else if( strcmp( p, "max_early_data_size" ) == 0 )
{
opt.max_early_data_size = atoi( q );
}
#endif /* MBEDTLS_SSL_EARLY_DATA */
else if( strcmp( p, "renegotiation" ) == 0 )
{
opt.renegotiation = (atoi( q )) ?
Expand Down Expand Up @@ -2886,6 +2937,11 @@ int main( int argc, char *argv[] )
if( opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST )
mbedtls_ssl_conf_cert_req_ca_list( &conf, opt.cert_req_ca_list );

#if defined(MBEDTLS_SSL_EARLY_DATA)
mbedtls_ssl_tls13_conf_early_data( &conf, opt.max_early_data_size );
mbedtls_ssl_tls13_conf_early_data_cb( &conf, early_data_write_cb, early_data_read_cb, NULL );
#endif /* MBEDTLS_SSL_EARLY_DATA */

#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
/* exercise setting DN hints for server certificate request
* (Intended for use where the client cert expected has been signed by
Expand Down

0 comments on commit fa24cc4

Please sign in to comment.