Allow cipher specification for BearSSL

earlephilhower · earlephilhower · commit aa476cf412dd · 2018-09-18T21:04:08.000-07:00
BearSSL has many more ciphers than axTLS, but they are more compute intensive and slower. Add an option to use only the same, limited security, axTLS ciphers as well as allow users to specify any suite of ciphers they want using standard BearSSL formats. Fixes esp8266#5110
diff --git a/libraries/ESP8266WiFi/examples/BearSSL_Validation/BearSSL_Validation.ino b/libraries/ESP8266WiFi/examples/BearSSL_Validation/BearSSL_Validation.ino
@@ -193,6 +193,25 @@ BearSSL does verify the notValidBefore/After fields.
   fetchURL(&client, host, port, path);
 }
 
+void fetchAxTLS() {
+  Serial.printf(R"EOF(
+The ciphers used to set up the SSL connection can be configured to
+be the same as axTLS. They are faster, but less secure, so if you care
+about security you won't want to do this.
+)EOF");
+  BearSSL::WiFiClientSecure client;
+  client.setInsecure();
+  uint32_t now = millis();
+  fetchURL(&client, host, port, path);
+  uint32_t delta = millis() - now;
+  now = millis();
+  client.setInsecure();
+  client.setAxTLSCiphers();
+  fetchURL(&client, host, port, path);
+  uint32_t delta2 = millis() - now;
+  Serial.printf("Using more secure: %dms\nUsiing axTLS ciphers: %dms\n", delta, delta2);
+}
+
 void setup() {
   Serial.begin(115200);
   Serial.println();
@@ -220,6 +239,7 @@ void setup() {
   fetchSelfSigned();
   fetchKnownKey();
   fetchCertAuthority();
+  fetchAxTLS();
 }
 
 
diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
@@ -85,6 +85,8 @@ void WiFiClientSecure::_clearAuthenticationSettings() {
 
 
 WiFiClientSecure::WiFiClientSecure() : WiFiClient() {
+  _cipher_list = NULL;
+  _cipher_cnt = 0;
   _clear();
   _clearAuthenticationSettings();
   _certStore = nullptr; // Don't want to remove cert store on a clear, should be long lived
@@ -685,6 +687,13 @@ extern "C" {
     BR_TLS_RSA_WITH_3DES_EDE_CBC_SHA
   };
 
+  // For apps which want to use less secure but faster axTLS ciphers, only
+  static const uint16_t axtls_suites_P[] PROGMEM = {
+    BR_TLS_RSA_WITH_AES_256_CBC_SHA256,
+    BR_TLS_RSA_WITH_AES_128_CBC_SHA256,
+    BR_TLS_RSA_WITH_AES_256_CBC_SHA,
+    BR_TLS_RSA_WITH_AES_128_CBC_SHA };
+
   // Install hashes into the SSL engine
   static void br_ssl_client_install_hashes(br_ssl_engine_context *eng) {
     br_ssl_engine_set_hash(eng, br_md5_ID, &br_md5_vtable);
@@ -705,9 +714,9 @@ extern "C" {
   }
 
   // Default initializion for our SSL clients
-  static void br_ssl_client_base_init(br_ssl_client_context *cc) {
-    uint16_t suites[sizeof(suites_P) / sizeof(uint16_t)];
-    memcpy_P(suites, suites_P, sizeof(suites_P));
+  static void br_ssl_client_base_init(br_ssl_client_context *cc, const uint16_t *cipher_list, int cipher_cnt) {
+    uint16_t suites[cipher_cnt];
+    memcpy_P(suites, cipher_list, cipher_cnt * sizeof(cipher_list[0]));
     br_ssl_client_zero(cc);
     br_ssl_engine_set_versions(&cc->eng, BR_TLS10, BR_TLS12);
     br_ssl_engine_set_suites(&cc->eng, suites, (sizeof suites) / (sizeof suites[0]));
@@ -726,6 +735,12 @@ extern "C" {
 
 }
 
+// Set the AXTLS ciphers as the only ones allowed
+void WiFiClientSecure::setAxTLSCiphers()
+{
+  setCiphers(axtls_suites_P, sizeof(axtls_suites_P)/sizeof(axtls_suites_P[0]));
+}
+
 // Installs the appropriate X509 cert validation method for a client connection
 bool WiFiClientSecure::_installClientX509Validator() {
   if (_use_insecure || _use_fingerprint || _use_self_signed) {
@@ -787,7 +802,11 @@ bool WiFiClientSecure::_connectSSL(const char* hostName) {
     return false;
   }
 
-  br_ssl_client_base_init(_sc.get());
+  // If no cipher list yet set, use defaults
+  if (_cipher_list == NULL) {
+    setCiphers(suites_P, sizeof(suites_P) / sizeof(uint16_t));
+  }
+  br_ssl_client_base_init(_sc.get(), _cipher_list, _cipher_cnt);
   // Only failure possible in the installation is OOM
   if (!_installClientX509Validator()) {
     _freeSSL();
diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h
@@ -104,12 +104,17 @@ class WiFiClientSecure : public WiFiClient {
       _certStore = certStore;
     }
 
+    // Select specific ciphers (i.e. optimize for speed over security)
+    // These may be in PROGMEM or RAM, either will run properly
+    void setCiphers(const uint16_t *cipherAry, int cipherCount) { _cipher_list = cipherAry; _cipher_cnt = cipherCount; }
+    void setAxTLSCiphers(); // Only use the limited set of axTLS ciphers
+
     // Check for Maximum Fragment Length support for given len
     static bool probeMaxFragmentLength(IPAddress ip, uint16_t port, uint16_t len);
     static bool probeMaxFragmentLength(const char *hostname, uint16_t port, uint16_t len);
     static bool probeMaxFragmentLength(const String host, uint16_t port, uint16_t len);
 
-    // AXTLS compatbile wrappers
+    // AXTLS compatible wrappers
     bool verify(const char* fingerprint, const char* domain_name) { (void) fingerprint; (void) domain_name; return false; } // Can't handle this case, need app code changes
     bool verifyCertChain(const char* domain_name) { (void)domain_name; return connected(); } // If we're connected, the cert passed validation during handshake
 
@@ -170,6 +175,10 @@ class WiFiClientSecure : public WiFiClient {
     const BearSSLPublicKey *_knownkey;
     unsigned _knownkey_usages;
 
+    // Custom cipher list pointer or NULL if default
+    const uint16_t *_cipher_list;
+    uint16_t _cipher_cnt;
+
     unsigned char *_recvapp_buf;
     size_t _recvapp_len;
 
