diff --git a/library.properties b/library.properties index 820100e..db0cf09 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=SSLClient -version=1.2.2 +version=1.2.3 author=Noah Koontz maintainer=OPEnS Lab sentence=Arduino library to add SSL functionality to any Client class diff --git a/src/SSLClientImpl.cpp b/src/SSLClientImpl.cpp index b94652b..13ed636 100644 --- a/src/SSLClientImpl.cpp +++ b/src/SSLClientImpl.cpp @@ -385,6 +385,9 @@ int SSLClientImpl::m_start_ssl(const char* host, SSLSession& ssl_ses) { // all good to go! the SSL socket should be up and running // overwrite the session we got with new parameters br_ssl_engine_get_session_parameters(&m_sslctx.eng, ssl_ses.to_br_session()); + // print the cipher suite + m_info("Used cipher suite: ", func_name); + m_info(ssl_ses.cipher_suite, func_name); // set the hostname and ip in the session as well ssl_ses.set_parameters(remoteIP(), host); return 1; diff --git a/src/TLS12_only_profile.c b/src/TLS12_only_profile.c index f464fbe..f812298 100644 --- a/src/TLS12_only_profile.c +++ b/src/TLS12_only_profile.c @@ -71,7 +71,9 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, * -- AES-128 is preferred over AES-256 (AES-128 is already * strong enough, and AES-256 is 40% more expensive). */ - static const uint16_t suites[] = { + static const uint16_t suites[] = { + BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, @@ -219,7 +221,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, //* Alternate: set implementations explicitly. // br_ssl_client_set_rsapub(cc, &br_rsa_i31_public); br_ssl_engine_set_rsavrfy(&cc->eng, &br_rsa_i15_pkcs1_vrfy); - br_ssl_engine_set_ec(&cc->eng, &br_ec_all_m15); + br_ssl_engine_set_ec(&cc->eng, &br_ec_p256_m15); br_ssl_engine_set_ecdsa(&cc->eng, &br_ecdsa_i15_vrfy_asn1); //*/ @@ -246,7 +248,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, * Set the ChaCha20 and Poly1305 implementations * Not included in this file orignally for some reason */ - // br_ssl_engine_set_default_chapol(&cc->eng); + br_ssl_engine_set_default_chapol(&cc->eng); /* * Symmetric encryption: @@ -437,7 +439,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, // br_x509_minimal_set_ecdsa(xc, // &br_ec_prime_i31, &br_ecdsa_i31_vrfy_asn1); br_x509_minimal_set_ecdsa(xc, - br_ssl_engine_get_ec(&cc->eng), + &br_ec_prime_fast_256, br_ssl_engine_get_ecdsa(&cc->eng)); /* diff --git a/src/bearssl_ec.h b/src/bearssl_ec.h index db22692..b03984a 100644 --- a/src/bearssl_ec.h +++ b/src/bearssl_ec.h @@ -529,6 +529,16 @@ extern const br_ec_impl br_ec_all_m15; */ extern const br_ec_impl br_ec_all_m31; +/** + * \brief Aggregate EC implementation "m31". + * + * This implementation is a wrapper for: + * + * - `br_ec_p256_m31` for NIST P-256 + * - `br_ec_prime_i31` for other curves (NIST P-384 and NIST-P512) + */ +extern const br_ec_impl br_ec_prime_fast_256; + /** * \brief Get the "default" EC implementation for the current system. * diff --git a/src/ec_prime_fast_256.c b/src/ec_prime_fast_256.c new file mode 100644 index 0000000..d418804 --- /dev/null +++ b/src/ec_prime_fast_256.c @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2019 OSU OPEnS Lab + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +static const unsigned char * +api_generator(int curve, size_t *len) +{ + if (curve == BR_EC_secp256r1) { + return br_ec_p256_m15.generator(curve, len); + } + return br_ec_prime_i15.generator(curve, len); +} + +static const unsigned char * +api_order(int curve, size_t *len) +{ + if (curve == BR_EC_secp256r1) { + return br_ec_p256_m15.order(curve, len); + } + return br_ec_prime_i15.order(curve, len); +} + +static size_t +api_xoff(int curve, size_t *len) +{ + if (curve == BR_EC_secp256r1) { + return br_ec_p256_m15.xoff(curve, len); + } + return br_ec_prime_i15.xoff(curve, len); +} + +static uint32_t +api_mul(unsigned char *G, size_t Glen, + const unsigned char *kb, size_t kblen, int curve) +{ + if (curve == BR_EC_secp256r1) { + return br_ec_p256_m15.mul(G, Glen, kb, kblen, curve); + } + return br_ec_prime_i15.mul(G, Glen, kb, kblen, curve); +} + +static size_t +api_mulgen(unsigned char *R, + const unsigned char *x, size_t xlen, int curve) +{ + if (curve == BR_EC_secp256r1) { + return br_ec_p256_m15.mulgen(R, x, xlen, curve); + } + return br_ec_prime_i15.mulgen(R, x, xlen, curve); +} + +static uint32_t +api_muladd(unsigned char *A, const unsigned char *B, size_t len, + const unsigned char *x, size_t xlen, + const unsigned char *y, size_t ylen, int curve) +{ + if (curve == BR_EC_secp256r1) { + return br_ec_p256_m15.muladd(A, B, len, + x, xlen, y, ylen, curve); + } + return br_ec_prime_i15.muladd(A, B, len, + x, xlen, y, ylen, curve); +} + +/* see bearssl_ec.h */ +const br_ec_impl br_ec_prime_fast_256 = { + (uint32_t)0x03800000, + &api_generator, + &api_order, + &api_xoff, + &api_mul, + &api_mulgen, + &api_muladd +};