extmod/mbedtls: Enable GCM and ECDHE-RSA in common mbedtls config.

Enable support for cipher suites like
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, as suggested in
micropython#14204 (comment)
and micropython#10485 (comment)

Tests have been run on the top 500 domains from moz.com.  Without this
patch, 155 out of 500 fail to connect because of TLS issues.  This patch
fixes them all.  And it seems all existing mbedtls flags are needed to get
good coverage of those top 500 domains.

The `ssl_poll.py` test has the cipher bits increased from 512 to 1024 in
its test key/cert so that it can work with ECDHE-RSA which is now the
chosen cipher.

Signed-off-by: Sylvain Zimmer <[email protected]>
Signed-off-by: Damien George <[email protected]>

Author: sylvinus

extmod/mbedtls/mbedtls_config_common.h

@@ -46,6 +46,7 @@
 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 #define MBEDTLS_CAN_ECDH
 #define MBEDTLS_PK_CAN_ECDSA_SIGN
 #define MBEDTLS_PKCS1_V15
@@ -72,6 +73,7 @@
 #define MBEDTLS_ECP_C
 #define MBEDTLS_ENTROPY_C
 #define MBEDTLS_ERROR_C
+#define MBEDTLS_GCM_C
 #define MBEDTLS_MD_C
 #define MBEDTLS_MD5_C
 #define MBEDTLS_OID_C

tests/extmod/ssl_poll.py

@@ -2,7 +2,6 @@
     import select
     import ssl
     import io
-    import binascii
 except ImportError:
     print("SKIP")
     raise SystemExit
@@ -18,32 +17,47 @@
 
 # This self-signed key/cert pair is randomly generated and to be used for
 # testing/demonstration only.  You should always generate your own key/cert.
-key = binascii.unhexlify(
-    b"3082013b020100024100cc20643fd3d9c21a0acba4f48f61aadd675f52175a9dcf07fbef"
-    b"610a6a6ba14abb891745cd18a1d4c056580d8ff1a639460f867013c8391cdc9f2e573b0f"
-    b"872d0203010001024100bb17a54aeb3dd7ae4edec05e775ca9632cf02d29c2a089b563b0"
-    b"d05cdf95aeca507de674553f28b4eadaca82d5549a86058f9996b07768686a5b02cb240d"
-    b"d9f1022100f4a63f5549e817547dca97b5c658038e8593cb78c5aba3c4642cc4cd031d86"
-    b"8f022100d598d870ffe4a34df8de57047a50b97b71f4d23e323f527837c9edae88c79483"
-    b"02210098560c89a70385c36eb07fd7083235c4c1184e525d838aedf7128958bedfdbb102"
-    b"2051c0dab7057a8176ca966f3feb81123d4974a733df0f958525f547dfd1c271f9022044"
-    b"6c2cafad455a671a8cf398e642e1be3b18a3d3aec2e67a9478f83c964c4f1f"
+# They has been generated using the following commands:
+# $ openssl req -x509 -newkey rsa:1024 -keyout rsa_key.pem -out rsa_cert.pem -days 3650 -nodes -subj '/CN=micropython.local/O=MicroPython/C=AU'
+# $ openssl pkey -in rsa_key.pem -out rsa_key.der -outform DER
+# $ openssl x509 -in rsa_cert.pem -out rsa_cert.der -outform DER
+key = bytes.fromhex(
+    "3082025d02010002818100eca28b2f8230237ae45e7a77ef495c05a786f423cc65caf6bc"
+    "1813d50eacf9d2d011a0e43a20fde947ff957075e4b3b6ded46c33f63af42597aac1c4cb"
+    "bb2d1a6aad91755707d8fc560e222b38c940a480da89ee849049613bd88d1ab283423aba"
+    "ba591c4fcc8ce89d19646e6b9f80de4efa7bbda68c569a5cbdb4235c3fc9990203010001"
+    "0281810089d4df978b90388a534c88af252ca8b20e7377ef0616609338da196b27422fbd"
+    "d03e04660b49be3bcc191dd5448632fb986d489d3795fd318c5704c879168c5cd0fa8551"
+    "f7f86073b95b092ffdb4f39c867a306a02f94cf3009df7055dab1f9277dd8914268d53a2"
+    "bd4de2cdf2ac90d8cd248b48868cb911781779750c344ae5024100f8c0d2cebfaccbdb1b"
+    "d8bc7519c84889cc6d5dff8fb994cf1a9492881289de66d689afb942d10dc0dc0f65464e"
+    "7cca7a53e451e6a8cfab0069d05065d56ba4bf024100f38757e2fc7f786e1a653c8a8b51"
+    "5b06a1d85db31998090fc4d52a88b8c5557e0a7bac10995e7e76cef6bfb59b67c01cbba7"
+    "edcfa7d3d623615a92459d07efa702407b149579fcf717caeb455b4229a6a2d5a3d3bd7d"
+    "d4f4833fd22c0f30cad372bab98e58e736bb4fadcc74c5ac7aeb5e1816e852e9e93f0fa2"
+    "5db8d7fefb118eeb024100caf0a0a6c1b02055f09d28c473b10a600e8356222853f04939"
+    "c84237c97278fa1e164d9f4f8fd56780b553b12d9e5a1417b5ab91fed3a381bc6153bfbb"
+    "4a9fc5024043eb4ff7e4dd6c12c6d6dc50977ee5d5f9730af4469d1f642321320fb4b969"
+    "90ed841e41bedda49ff89a0c28acf132e4af5f3ac406b1548d0f135aff6bf23ef1"
 )
-cert = binascii.unhexlify(
-    b"308201d53082017f020203e8300d06092a864886f70d01010505003075310b3009060355"
-    b"0406130258583114301206035504080c0b54686550726f76696e63653110300e06035504"
-    b"070c075468654369747931133011060355040a0c0a436f6d70616e7958595a3113301106"
-    b"0355040b0c0a436f6d70616e7958595a3114301206035504030c0b546865486f73744e61"
-    b"6d65301e170d3139313231383033333935355a170d3239313231353033333935355a3075"
-    b"310b30090603550406130258583114301206035504080c0b54686550726f76696e636531"
-    b"10300e06035504070c075468654369747931133011060355040a0c0a436f6d70616e7958"
-    b"595a31133011060355040b0c0a436f6d70616e7958595a3114301206035504030c0b5468"
-    b"65486f73744e616d65305c300d06092a864886f70d0101010500034b003048024100cc20"
-    b"643fd3d9c21a0acba4f48f61aadd675f52175a9dcf07fbef610a6a6ba14abb891745cd18"
-    b"a1d4c056580d8ff1a639460f867013c8391cdc9f2e573b0f872d0203010001300d06092a"
-    b"864886f70d0101050500034100b0513fe2829e9ecbe55b6dd14c0ede7502bde5d46153c8"
-    b"e960ae3ebc247371b525caeb41bbcf34686015a44c50d226e66aef0a97a63874ca5944ef"
-    b"979b57f0b3"
+cert = bytes.fromhex(
+    "3082025a308201c3a003020102021475fd479918562f4c6cb08f63e8afbdfa3b884f8630"
+    "0d06092a864886f70d01010b0500303f311a301806035504030c116d6963726f70797468"
+    "6f6e2e6c6f63616c31143012060355040a0c0b4d6963726f507974686f6e310b30090603"
+    "55040613024155301e170d3234303730323030353931355a170d33343036333030303539"
+    "31355a303f311a301806035504030c116d6963726f707974686f6e2e6c6f63616c311430"
+    "12060355040a0c0b4d6963726f507974686f6e310b300906035504061302415530819f30"
+    "0d06092a864886f70d010101050003818d0030818902818100eca28b2f8230237ae45e7a"
+    "77ef495c05a786f423cc65caf6bc1813d50eacf9d2d011a0e43a20fde947ff957075e4b3"
+    "b6ded46c33f63af42597aac1c4cbbb2d1a6aad91755707d8fc560e222b38c940a480da89"
+    "ee849049613bd88d1ab283423ababa591c4fcc8ce89d19646e6b9f80de4efa7bbda68c56"
+    "9a5cbdb4235c3fc9990203010001a3533051301d0603551d0e04160414409545477a659a"
+    "16da174810ba9ad192ef962089301f0603551d23041830168014409545477a659a16da17"
+    "4810ba9ad192ef962089300f0603551d130101ff040530030101ff300d06092a864886f7"
+    "0d01010b0500038181007182e78cecceef00f98d0ee117cd9dc2f9fc84d581e7b1d9d43b"
+    "74db45e188368e264f79628e2bda89a545d50cd9925ad50f8e25decc9130164bdb9220c8"
+    "f49776d784511e9c4b94305cc2cb3eaf8204e42d31ba8aabd1d296b9ef51035b6df1ab75"
+    "89681f0026073ccac6bed5d8bd9235a4bb717b696ce518de4e35b751fa13"
 )