Fixed a TLS timeout when connecting to servers with large ECC chains, removed curve25519 support to save space, added back chachapoly support for speed benefits

This commit is contained in:
Noah Laptop 2019-08-01 10:00:00 -07:00
parent a7499cc9a4
commit a097b3c377
5 changed files with 116 additions and 5 deletions

View file

@ -1,5 +1,5 @@
name=SSLClient name=SSLClient
version=1.2.2 version=1.2.3
author=Noah Koontz <koontzn@oregonstate.edu> author=Noah Koontz <koontzn@oregonstate.edu>
maintainer=OPEnS Lab maintainer=OPEnS Lab
sentence=Arduino library to add SSL functionality to any Client class sentence=Arduino library to add SSL functionality to any Client class

View file

@ -385,6 +385,9 @@ int SSLClientImpl::m_start_ssl(const char* host, SSLSession& ssl_ses) {
// all good to go! the SSL socket should be up and running // all good to go! the SSL socket should be up and running
// overwrite the session we got with new parameters // overwrite the session we got with new parameters
br_ssl_engine_get_session_parameters(&m_sslctx.eng, ssl_ses.to_br_session()); br_ssl_engine_get_session_parameters(&m_sslctx.eng, ssl_ses.to_br_session());
// print the cipher suite
m_info("Used cipher suite: ", func_name);
m_info(ssl_ses.cipher_suite, func_name);
// set the hostname and ip in the session as well // set the hostname and ip in the session as well
ssl_ses.set_parameters(remoteIP(), host); ssl_ses.set_parameters(remoteIP(), host);
return 1; return 1;

View file

@ -71,7 +71,9 @@ br_client_init_TLS12_only(br_ssl_client_context *cc,
* -- AES-128 is preferred over AES-256 (AES-128 is already * -- AES-128 is preferred over AES-256 (AES-128 is already
* strong enough, and AES-256 is 40% more expensive). * strong enough, and AES-256 is 40% more expensive).
*/ */
static const uint16_t suites[] = { static const uint16_t suites[] = {
BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
BR_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
@ -219,7 +221,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc,
//* Alternate: set implementations explicitly. //* Alternate: set implementations explicitly.
// br_ssl_client_set_rsapub(cc, &br_rsa_i31_public); // br_ssl_client_set_rsapub(cc, &br_rsa_i31_public);
br_ssl_engine_set_rsavrfy(&cc->eng, &br_rsa_i15_pkcs1_vrfy); br_ssl_engine_set_rsavrfy(&cc->eng, &br_rsa_i15_pkcs1_vrfy);
br_ssl_engine_set_ec(&cc->eng, &br_ec_all_m15); br_ssl_engine_set_ec(&cc->eng, &br_ec_p256_m15);
br_ssl_engine_set_ecdsa(&cc->eng, &br_ecdsa_i15_vrfy_asn1); br_ssl_engine_set_ecdsa(&cc->eng, &br_ecdsa_i15_vrfy_asn1);
//*/ //*/
@ -246,7 +248,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc,
* Set the ChaCha20 and Poly1305 implementations * Set the ChaCha20 and Poly1305 implementations
* Not included in this file orignally for some reason * Not included in this file orignally for some reason
*/ */
// br_ssl_engine_set_default_chapol(&cc->eng); br_ssl_engine_set_default_chapol(&cc->eng);
/* /*
* Symmetric encryption: * Symmetric encryption:
@ -437,7 +439,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc,
// br_x509_minimal_set_ecdsa(xc, // br_x509_minimal_set_ecdsa(xc,
// &br_ec_prime_i31, &br_ecdsa_i31_vrfy_asn1); // &br_ec_prime_i31, &br_ecdsa_i31_vrfy_asn1);
br_x509_minimal_set_ecdsa(xc, br_x509_minimal_set_ecdsa(xc,
br_ssl_engine_get_ec(&cc->eng), &br_ec_prime_fast_256,
br_ssl_engine_get_ecdsa(&cc->eng)); br_ssl_engine_get_ecdsa(&cc->eng));
/* /*

View file

@ -529,6 +529,16 @@ extern const br_ec_impl br_ec_all_m15;
*/ */
extern const br_ec_impl br_ec_all_m31; extern const br_ec_impl br_ec_all_m31;
/**
* \brief Aggregate EC implementation "m31".
*
* This implementation is a wrapper for:
*
* - `br_ec_p256_m31` for NIST P-256
* - `br_ec_prime_i31` for other curves (NIST P-384 and NIST-P512)
*/
extern const br_ec_impl br_ec_prime_fast_256;
/** /**
* \brief Get the "default" EC implementation for the current system. * \brief Get the "default" EC implementation for the current system.
* *

96
src/ec_prime_fast_256.c Normal file
View file

@ -0,0 +1,96 @@
/*
* Copyright (c) 2019 OSU OPEnS Lab
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include "inner.h"
static const unsigned char *
api_generator(int curve, size_t *len)
{
if (curve == BR_EC_secp256r1) {
return br_ec_p256_m15.generator(curve, len);
}
return br_ec_prime_i15.generator(curve, len);
}
static const unsigned char *
api_order(int curve, size_t *len)
{
if (curve == BR_EC_secp256r1) {
return br_ec_p256_m15.order(curve, len);
}
return br_ec_prime_i15.order(curve, len);
}
static size_t
api_xoff(int curve, size_t *len)
{
if (curve == BR_EC_secp256r1) {
return br_ec_p256_m15.xoff(curve, len);
}
return br_ec_prime_i15.xoff(curve, len);
}
static uint32_t
api_mul(unsigned char *G, size_t Glen,
const unsigned char *kb, size_t kblen, int curve)
{
if (curve == BR_EC_secp256r1) {
return br_ec_p256_m15.mul(G, Glen, kb, kblen, curve);
}
return br_ec_prime_i15.mul(G, Glen, kb, kblen, curve);
}
static size_t
api_mulgen(unsigned char *R,
const unsigned char *x, size_t xlen, int curve)
{
if (curve == BR_EC_secp256r1) {
return br_ec_p256_m15.mulgen(R, x, xlen, curve);
}
return br_ec_prime_i15.mulgen(R, x, xlen, curve);
}
static uint32_t
api_muladd(unsigned char *A, const unsigned char *B, size_t len,
const unsigned char *x, size_t xlen,
const unsigned char *y, size_t ylen, int curve)
{
if (curve == BR_EC_secp256r1) {
return br_ec_p256_m15.muladd(A, B, len,
x, xlen, y, ylen, curve);
}
return br_ec_prime_i15.muladd(A, B, len,
x, xlen, y, ylen, curve);
}
/* see bearssl_ec.h */
const br_ec_impl br_ec_prime_fast_256 = {
(uint32_t)0x03800000,
&api_generator,
&api_order,
&api_xoff,
&api_mul,
&api_mulgen,
&api_muladd
};