Merge pull request #45 from Orange-OpenSource/no-eccx08

aentinger · web-flow · commit 161b544533e6 · 2021-04-12T08:31:54.000+02:00
Add ARDUINO_DISABLE_ECCX08
diff --git a/README.adoc b/README.adoc
@@ -8,7 +8,9 @@ image:https://github.com/{repository-owner}/{repository-name}/workflows/Spell%20
 
 Port of https://bearssl.org[BearSSL] to Arduino.
 
-This library depends on ArduinoECCX08.
+This library depends on ArduinoECCX08. This dependency could be
+disabled by defining ARDUINO_DISABLE_ECCX08 in ArduinoBearSSLConfig.h
+(see examples).
 
 == License ==
 
diff --git a/examples/AES128/ArduinoBearSSLConfig.h b/examples/AES128/ArduinoBearSSLConfig.h
@@ -0,0 +1,7 @@
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */
diff --git a/examples/DES/ArduinoBearSSLConfig.h b/examples/DES/ArduinoBearSSLConfig.h
@@ -0,0 +1,7 @@
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */
diff --git a/examples/MD5/ArduinoBearSSLConfig.h b/examples/MD5/ArduinoBearSSLConfig.h
@@ -0,0 +1,7 @@
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */
diff --git a/examples/MKRGSMSSLClient/ArduinoBearSSLConfig.h b/examples/MKRGSMSSLClient/ArduinoBearSSLConfig.h
@@ -0,0 +1,7 @@
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */
diff --git a/examples/SHA1/ArduinoBearSSLConfig.h b/examples/SHA1/ArduinoBearSSLConfig.h
@@ -0,0 +1,7 @@
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */
diff --git a/examples/SHA256/ArduinoBearSSLConfig.h b/examples/SHA256/ArduinoBearSSLConfig.h
@@ -0,0 +1,7 @@
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */
diff --git a/examples/WiFiSSLClient/ArduinoBearSSLConfig.h b/examples/WiFiSSLClient/ArduinoBearSSLConfig.h
@@ -0,0 +1,7 @@
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */
diff --git a/examples/extras/WiFiSSLClientNoSNI/ArduinoBearSSLConfig.h b/examples/extras/WiFiSSLClientNoSNI/ArduinoBearSSLConfig.h
@@ -0,0 +1,7 @@
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */
diff --git a/src/ArduinoBearSSL.h b/src/ArduinoBearSSL.h
@@ -25,6 +25,12 @@
 #ifndef _ARDUINO_BEAR_SSL_H_
 #define _ARDUINO_BEAR_SSL_H_
 
+#if defined __has_include
+#  if __has_include (<ArduinoBearSSLConfig.h>)
+#    include <ArduinoBearSSLConfig.h>
+#  endif
+#endif
+
 #include "BearSSLClient.h"
 #include "SHA1.h"
 #include "SHA256.h"
diff --git a/src/BearSSLClient.cpp b/src/BearSSLClient.cpp
@@ -22,9 +22,12 @@
  * SOFTWARE.
  */
 
+#include "ArduinoBearSSL.h"
+
+#ifndef ARDUINO_DISABLE_ECCX08
 #include <ArduinoECCX08.h>
+#endif
 
-#include "ArduinoBearSSL.h"
 #include "BearSSLTrustAnchors.h"
 #include "utility/eccX08_asn1.h"
 
@@ -47,8 +50,13 @@ BearSSLClient::BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs,
   _noSNI(false),
   _ecChainLen(0)
 {
+#ifndef ARDUINO_DISABLE_ECCX08
   _ecVrfy = eccX08_vrfy_asn1;
   _ecSign = eccX08_sign_asn1;
+#else
+  _ecVrfy = br_ecdsa_vrfy_asn1_get_default();
+  _ecSign = br_ecdsa_sign_asn1_get_default();
+#endif
 
   _ecKey.curve = 0;
   _ecKey.x = NULL;
@@ -237,8 +245,13 @@ void BearSSLClient::setEccSlot(int ecc508KeySlot, const byte cert[], int certLen
   _ecChainLen = 1;
   _ecCertDynamic = false;
 
+#ifndef ARDUINO_DISABLE_ECCX08
   _ecVrfy = eccX08_vrfy_asn1;
   _ecSign = eccX08_sign_asn1;
+#else
+  _ecVrfy = br_ecdsa_vrfy_asn1_get_default();
+  _ecSign = br_ecdsa_sign_asn1_get_default();
+#endif
 }
 
 void BearSSLClient::setEccSlot(int ecc508KeySlot, const char cert[])
@@ -352,12 +365,16 @@ int BearSSLClient::connectSSL(const char* host)
   // inject entropy in engine
   unsigned char entropy[32];
 
+#ifndef ARDUINO_DISABLE_ECCX08
   if (!ECCX08.begin() || !ECCX08.locked() || !ECCX08.random(entropy, sizeof(entropy))) {
+#endif
     // no ECCX08 or random failed, fallback to pseudo random
     for (size_t i = 0; i < sizeof(entropy); i++) {
       entropy[i] = random(0, 255);
     }
+#ifndef ARDUINO_DISABLE_ECCX08
   }
+#endif
   br_ssl_engine_inject_entropy(&_sc.eng, entropy, sizeof(entropy));
 
   // add custom ECDSA vfry and EC sign
diff --git a/src/utility/eccX08_sign_asn1.cpp b/src/utility/eccX08_sign_asn1.cpp
@@ -23,6 +23,9 @@
  * SOFTWARE.
  */
 
+#include "ArduinoBearSSL.h"
+
+#ifndef ARDUINO_DISABLE_ECCX08
 #include "eccX08_asn1.h"
 
 #include <ArduinoECCX08.h>
@@ -51,3 +54,4 @@ eccX08_sign_asn1(const br_ec_impl * /*impl*/,
   memcpy(sig, rsig, sig_len);
   return sig_len;
 }
+#endif
diff --git a/src/utility/eccX08_vrfy_asn1.cpp b/src/utility/eccX08_vrfy_asn1.cpp
@@ -23,6 +23,9 @@
  * SOFTWARE.
  */
 
+#include "ArduinoBearSSL.h"
+
+#ifndef ARDUINO_DISABLE_ECCX08
 #include "eccX08_asn1.h"
 
 #include <ArduinoECCX08.h>
@@ -60,3 +63,4 @@ eccX08_vrfy_asn1(const br_ec_impl * /*impl*/,
 
   return 1;
 }
+#endif
