Obey the BASIC_SSL request for TLS servers (#6187)

earlephilhower · web-flow · commit fe01433f788c · 2019-06-07T19:40:33.000-07:00
When in basic SSL mode, don't include ciphers for EC for the server by
replacinf the BearSSL "support everything" init call with our own
version which obeys the requested BASIC_SSL.

Saves ~46KB on TLS servers, about the same as basic SSL saves for
clients.
diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
@@ -795,6 +795,64 @@ extern "C" {
     BR_TLS_RSA_WITH_3DES_EDE_CBC_SHA
 #endif
   };
+#ifndef BEARSSL_BASIC
+  // Server w/EC has one set, not possible with basic SSL config
+  static const uint16_t suites_server_ec_P [] PROGMEM = {
+    BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+    BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+    BR_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+    BR_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
+    BR_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
+    BR_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+    BR_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+    BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+    BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+    BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+    BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+    BR_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+    BR_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
+    BR_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
+    BR_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
+    BR_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
+    BR_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
+    BR_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
+    BR_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
+    BR_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+    BR_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+    BR_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+    BR_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+    BR_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    BR_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    BR_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+  };
+#endif
+
+  static const uint16_t suites_server_rsa_P[] PROGMEM = {
+#ifndef BEARSSL_BASIC
+    BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+    BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+    BR_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+    BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+    BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+    BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+    BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+    BR_TLS_RSA_WITH_AES_128_GCM_SHA256,
+    BR_TLS_RSA_WITH_AES_256_GCM_SHA384,
+    BR_TLS_RSA_WITH_AES_128_CCM,
+    BR_TLS_RSA_WITH_AES_256_CCM,
+    BR_TLS_RSA_WITH_AES_128_CCM_8,
+    BR_TLS_RSA_WITH_AES_256_CCM_8,
+#endif
+    BR_TLS_RSA_WITH_AES_128_CBC_SHA256,
+    BR_TLS_RSA_WITH_AES_256_CBC_SHA256,
+    BR_TLS_RSA_WITH_AES_128_CBC_SHA,
+    BR_TLS_RSA_WITH_AES_256_CBC_SHA,
+#ifndef BEARSSL_BASIC
+    BR_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    BR_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+#endif
+  };
+
 
   // For apps which want to use less secure but faster ciphers, only
   static const uint16_t faster_suites_P[] PROGMEM = {
@@ -848,6 +906,31 @@ extern "C" {
 #endif
   }
 
+  // Default initializion for our SSL clients
+  static void br_ssl_server_base_init(br_ssl_server_context *cc, const uint16_t *cipher_list, int cipher_cnt) {
+    uint16_t suites[cipher_cnt];
+    memcpy_P(suites, cipher_list, cipher_cnt * sizeof(cipher_list[0]));
+    br_ssl_server_zero(cc);
+    br_ssl_engine_add_flags(&cc->eng, BR_OPT_NO_RENEGOTIATION);  // forbid SSL renegociation, as we free the Private Key after handshake
+    br_ssl_engine_set_versions(&cc->eng, BR_TLS10, BR_TLS12);
+    br_ssl_engine_set_suites(&cc->eng, suites, (sizeof suites) / (sizeof suites[0]));
+#ifndef BEARSSL_SSL_BASIC
+    br_ssl_engine_set_default_ec(&cc->eng);
+#endif
+
+    br_ssl_client_install_hashes(&cc->eng);
+    br_ssl_engine_set_prf10(&cc->eng, &br_tls10_prf);
+    br_ssl_engine_set_prf_sha256(&cc->eng, &br_tls12_sha256_prf);
+    br_ssl_engine_set_prf_sha384(&cc->eng, &br_tls12_sha384_prf);
+    br_ssl_engine_set_default_aes_cbc(&cc->eng);
+#ifndef BEARSSL_SSL_BASIC
+    br_ssl_engine_set_default_aes_ccm(&cc->eng);
+    br_ssl_engine_set_default_aes_gcm(&cc->eng);
+    br_ssl_engine_set_default_des_cbc(&cc->eng);
+    br_ssl_engine_set_default_chapol(&cc->eng);
+#endif
+  }
+
 }
 
 // Set custom list of ciphers
@@ -1050,6 +1133,7 @@ bool WiFiClientSecure::_installServerX509Validator(const X509List *client_CA_ta)
   return true;
 }
 
+
 // Called by WiFiServerBearSSL when an RSA cert/key is specified.
 bool WiFiClientSecure::_connectSSLServerRSA(const X509List *chain,
     const PrivateKey *sk,
@@ -1068,7 +1152,10 @@ bool WiFiClientSecure::_connectSSLServerRSA(const X509List *chain,
     return false;
   }
 
-  br_ssl_server_init_full_rsa(_sc_svr.get(), chain ? chain->getX509Certs() : nullptr, chain ? chain->getCount() : 0, sk ? sk->getRSA() : nullptr);
+  br_ssl_server_base_init(_sc_svr.get(), suites_server_rsa_P, sizeof(suites_server_rsa_P) / sizeof(suites_server_rsa_P[0]));
+  br_ssl_server_set_single_rsa(_sc_svr.get(), chain ? chain->getX509Certs() : nullptr, chain ? chain->getCount() : 0,
+                               sk ? sk->getRSA() : nullptr, BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN,
+		               br_rsa_private_get_default(), br_rsa_pkcs1_sign_get_default());
   br_ssl_engine_set_buffers_bidi(_eng, _iobuf_in.get(), _iobuf_in_size, _iobuf_out.get(), _iobuf_out_size);
   if (client_CA_ta && !_installServerX509Validator(client_CA_ta)) {
     DEBUG_BSSL("_connectSSLServerRSA: Can't install serverX509check\n");
@@ -1102,8 +1189,10 @@ bool WiFiClientSecure::_connectSSLServerEC(const X509List *chain,
     return false;
   }
 
-  br_ssl_server_init_full_ec(_sc_svr.get(), chain ? chain->getX509Certs() : nullptr, chain ? chain->getCount() : 0,
-                             cert_issuer_key_type, sk ? sk->getEC() : nullptr);
+  br_ssl_server_base_init(_sc_svr.get(), suites_server_ec_P, sizeof(suites_server_ec_P) / sizeof(suites_server_ec_P[0]));
+  br_ssl_server_set_single_ec(_sc_svr.get(), chain ? chain->getX509Certs() : nullptr, chain ? chain->getCount() : 0,
+                               sk ? sk->getEC() : nullptr, BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN,
+                               cert_issuer_key_type, br_ssl_engine_get_ec(_eng), br_ecdsa_i15_sign_asn1);
   br_ssl_engine_set_buffers_bidi(_eng, _iobuf_in.get(), _iobuf_in_size, _iobuf_out.get(), _iobuf_out_size);
   if (client_CA_ta && !_installServerX509Validator(client_CA_ta)) {
     DEBUG_BSSL("_connectSSLServerEC: Can't install serverX509check\n");
