diff options
| author | Ronald Cron <ronald.cron@arm.com> | 2024-03-13 15:19:38 +0100 |
|---|---|---|
| committer | Ronald Cron <ronald.cron@arm.com> | 2024-03-15 10:41:52 +0100 |
| commit | d514d9c7988c39e04b3a802cd0b1ee4051b6b1c2 (patch) | |
| tree | 3a8ba032912f6a2bf6bb247ac2a3412a21038598 | |
| parent | 0fce958f17db2d450d23ea49dcb938c75a187f32 (diff) | |
| download | mbedtls-d514d9c7988c39e04b3a802cd0b1ee4051b6b1c2.zip mbedtls-d514d9c7988c39e04b3a802cd0b1ee4051b6b1c2.tar.gz mbedtls-d514d9c7988c39e04b3a802cd0b1ee4051b6b1c2.tar.bz2 | |
tls13-early-data.md: Fix reading early data documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
| -rw-r--r-- | docs/tls13-early-data.md | 67 |
1 files changed, 41 insertions, 26 deletions
diff --git a/docs/tls13-early-data.md b/docs/tls13-early-data.md index 28a8cc6..4b6f5d3 100644 --- a/docs/tls13-early-data.md +++ b/docs/tls13-early-data.md @@ -1,6 +1,6 @@ -Writing and reading early or 0-RTT data ---------------------------------------- +Writing early data +------------------ An application function to write and send a buffer of data to a server through TLS may plausibly look like: @@ -144,34 +144,49 @@ if (ret < 0) { data_written += early_data_written; ``` -Basically, the same holds for reading early data on the server side without the -complication of possible rejection. An application function to read early data -into a given buffer could plausibly look like: -``` -int read_early_data( mbedtls_ssl_context *ssl, - unsigned char *buffer, - size_t buffer_size, - size_t *data_len ) -{ - *data_len = 0; +Reading early data +------------------ +Mbed TLS provides the mbedtls_ssl_read_early_data() API to read the early data +that a TLS 1.3 server might receive during the TLS 1.3 handshake. - while( *data_len < buffer_size ) - { - ret = mbedtls_ssl_read_early_data( ssl, buffer + *data_len, - buffer_size - *data_len ); +While establishing a TLS 1.3 connection with a client using a combination +of the mbedtls_ssl_handshake(), mbedtls_ssl_read() and mbedtls_ssl_write() APIs, +the reception of early data is signaled by an API returning the +MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA error code. Early data can then be read +with the mbedtls_ssl_read_early_data() API. - if( ret < 0 && - ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE ) - { - return( ret ); - } +For example, a typical code to establish a TLS connection, where ssl is the SSL +context to use: +``` +while ((int ret = mbedtls_ssl_handshake(&ssl)) != 0) { - *data_len += ret; + if (ret < 0 && + ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + break; + } +} +``` +could be adapted to handle early data in the following way: +``` +size_t data_read_len = 0; +while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { + + if (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA) { + ret = mbedtls_ssl_read_early_data(&ssl, + buffer + data_read_len, + sizeof(buffer) - data_read_len); + if (ret < 0) { + break; + } + data_read_len += ret; + continue; } - return( 0 ); + if (ret < 0 && + ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + break; + } } ``` -with again calls to read_early_data() expected to be done with a fresh SSL -context. |