Fixed a TLS timeout when connecting to servers with large ECC chains, removed curve25519 support to save space, added back chachapoly support for speed benefits

library.properties

@@ -1,5 +1,5 @@
 name=SSLClient
-version=1.2.2
+version=1.2.3
 author=Noah Koontz <koontzn@oregonstate.edu>
 maintainer=OPEnS Lab
 sentence=Arduino library to add SSL functionality to any Client class

src/SSLClientImpl.cpp

@@ -385,6 +385,9 @@ int SSLClientImpl::m_start_ssl(const char* host, SSLSession& ssl_ses) {
     // all good to go! the SSL socket should be up and running
     // overwrite the session we got with new parameters
     br_ssl_engine_get_session_parameters(&m_sslctx.eng, ssl_ses.to_br_session());
+    // print the cipher suite
+    m_info("Used cipher suite: ", func_name);
+    m_info(ssl_ses.cipher_suite, func_name);
     // set the hostname and ip in the session as well
     ssl_ses.set_parameters(remoteIP(), host);
     return 1;

src/TLS12_only_profile.c

@@ -72,6 +72,8 @@ br_client_init_TLS12_only(br_ssl_client_context *cc,
 	 *    strong enough, and AES-256 is 40% more expensive).
 	 */
 	static const uint16_t suites[] = {
+		BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+		BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 		BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 		BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 		BR_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
@@ -219,7 +221,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc,
 	//* Alternate: set implementations explicitly.
 	// br_ssl_client_set_rsapub(cc, &br_rsa_i31_public);
 	br_ssl_engine_set_rsavrfy(&cc->eng, &br_rsa_i15_pkcs1_vrfy);
-	br_ssl_engine_set_ec(&cc->eng, &br_ec_all_m15);
+	br_ssl_engine_set_ec(&cc->eng, &br_ec_p256_m15);
 	br_ssl_engine_set_ecdsa(&cc->eng, &br_ecdsa_i15_vrfy_asn1);
 	//*/
 
@@ -246,7 +248,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc,
 	 * Set the ChaCha20 and Poly1305 implementations
 	 * Not included in this file orignally for some reason
 	 */
-	// br_ssl_engine_set_default_chapol(&cc->eng);
+	br_ssl_engine_set_default_chapol(&cc->eng);
 
 	/*
 	 * Symmetric encryption:
@@ -437,7 +439,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc,
 	// br_x509_minimal_set_ecdsa(xc,
 	//	&br_ec_prime_i31, &br_ecdsa_i31_vrfy_asn1);
 	br_x509_minimal_set_ecdsa(xc,
-		br_ssl_engine_get_ec(&cc->eng),
+		&br_ec_prime_fast_256,
 		br_ssl_engine_get_ecdsa(&cc->eng));
 
 	/*

src/bearssl_ec.h

@@ -529,6 +529,16 @@ extern const br_ec_impl br_ec_all_m15;
  */
 extern const br_ec_impl br_ec_all_m31;
 
+/**
+ * \brief Aggregate EC implementation "m31".
+ *
+ * This implementation is a wrapper for:
+ *
+ * - `br_ec_p256_m31` for NIST P-256
+ * - `br_ec_prime_i31` for other curves (NIST P-384 and NIST-P512)
+ */
+extern const br_ec_impl br_ec_prime_fast_256;
+
 /**
  * \brief Get the "default" EC implementation for the current system.
  *

src/ec_prime_fast_256.c

@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2019 OSU OPEnS Lab
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining 
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be 
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include "inner.h"
+
+static const unsigned char *
+api_generator(int curve, size_t *len)
+{
+    if (curve == BR_EC_secp256r1) {
+		return br_ec_p256_m15.generator(curve, len);
+    }
+	return br_ec_prime_i15.generator(curve, len);
+}
+
+static const unsigned char *
+api_order(int curve, size_t *len)
+{
+	if (curve == BR_EC_secp256r1) {
+		return br_ec_p256_m15.order(curve, len);
+    }
+	return br_ec_prime_i15.order(curve, len);
+}
+
+static size_t
+api_xoff(int curve, size_t *len)
+{
+	if (curve == BR_EC_secp256r1) {
+		return br_ec_p256_m15.xoff(curve, len);
+	}
+	return br_ec_prime_i15.xoff(curve, len);
+}
+
+static uint32_t
+api_mul(unsigned char *G, size_t Glen,
+	const unsigned char *kb, size_t kblen, int curve)
+{
+    if (curve == BR_EC_secp256r1) {
+		return br_ec_p256_m15.mul(G, Glen, kb, kblen, curve);
+	}
+	return br_ec_prime_i15.mul(G, Glen, kb, kblen, curve);
+}
+
+static size_t
+api_mulgen(unsigned char *R,
+	const unsigned char *x, size_t xlen, int curve)
+{
+	if (curve == BR_EC_secp256r1) {
+		return br_ec_p256_m15.mulgen(R, x, xlen, curve);
+    }
+	return br_ec_prime_i15.mulgen(R, x, xlen, curve);
+}
+
+static uint32_t
+api_muladd(unsigned char *A, const unsigned char *B, size_t len,
+	const unsigned char *x, size_t xlen,
+	const unsigned char *y, size_t ylen, int curve)
+{
+	if (curve == BR_EC_secp256r1) {
+        return br_ec_p256_m15.muladd(A, B, len,
+			x, xlen, y, ylen, curve);
+    }
+	return br_ec_prime_i15.muladd(A, B, len,
+			x, xlen, y, ylen, curve);
+}
+
+/* see bearssl_ec.h */
+const br_ec_impl br_ec_prime_fast_256 = {
+	(uint32_t)0x03800000,
+	&api_generator,
+	&api_order,
+	&api_xoff,
+	&api_mul,
+	&api_mulgen,
+	&api_muladd
+};