tls13: srv: Refine early data status

The main purpose is to know from the status
if early data can be received of not and
why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

include/mbedtls/ssl.h

@@ -1644,6 +1644,26 @@ struct mbedtls_ssl_context {
      */
     mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    /**
+     *  On client side, status of the negotiation of the use of early data.
+     *  See the documentation of mbedtls_ssl_get_early_data_status() for more
+     *  information.
+     *
+     *  On server side, internal only, status of early data in the course of an
+     *  handshake. One of MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN,
+     *  #MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED,
+     *  #MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED,
+     *  MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED and
+     *  MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED.
+     *
+     *  Reset to #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT or
+     *  MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN, at the beginning of a new
+     *  handshake.
+     */
+    int MBEDTLS_PRIVATE(early_data_status);
+#endif
+
     unsigned MBEDTLS_PRIVATE(badmac_seen);       /*!< records with a bad MAC received    */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -1841,10 +1861,6 @@ struct mbedtls_ssl_context {
                                              *   and #MBEDTLS_SSL_CID_DISABLED. */
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
-#if defined(MBEDTLS_SSL_EARLY_DATA)
-    int MBEDTLS_PRIVATE(early_data_status);
-#endif
-
     /** Callback to export key block and master secret                      */
     mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys);
     void *MBEDTLS_PRIVATE(p_export_keys);            /*!< context for key export callback    */

library/ssl_misc.h

@@ -2132,8 +2132,26 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
                                            size_t *out_len);
 
 #if defined(MBEDTLS_SSL_SRV_C)
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED \
+/* Additional internal early data status, server side only. */
+/*
+ * The server has not received the ClientHello yet, the status of early data
+ * is thus unknown.
+ */
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN \
     MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT
+
+/*
+ * The server has received the ClientHello, it contained no early data
+ * extension.
+ */
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED 3
+
+/*
+ * The server has received the early data extension, it has accepted early
+ * data and received the end of early data message from the client marking the
+ * end of early data reception.
+ */
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED 4
 #endif /* MBEDTLS_SSL_SRV_C */
 
 #endif /* MBEDTLS_SSL_EARLY_DATA */

library/ssl_tls.c

@@ -1098,6 +1098,16 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
         return MBEDTLS_ERR_SSL_ALLOC_FAILED;
     }
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+#if defined(MBEDTLS_SSL_SRV_C)
+    MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN == 0,
+                          "MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN not equal to 0");
+#endif
+    MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT == 0,
+                          "MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT not equal to 0");
+    ssl->early_data_status = 0;
+#endif
+
     /* Initialize structures */
     mbedtls_ssl_session_init(ssl->session_negotiate);
     ssl_handshake_params_init(ssl->handshake);

library/ssl_tls13_server.c

@@ -3024,6 +3024,9 @@ static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl)
         MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_end_of_early_data(
                                  ssl, buf, buf + buf_len));
 
+        ssl->early_data_status =
+            MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED;
+
         MBEDTLS_SSL_DEBUG_MSG(
             1, ("Switch to handshake keys for inbound traffic"
                 "( K_recv = handshake )"));