diff --git a/README.adoc b/README.adoc index aade2df..cd1600c 100644 --- a/README.adoc +++ b/README.adoc @@ -8,7 +8,9 @@ image:https://github.com/{repository-owner}/{repository-name}/workflows/Spell%20 Port of https://bearssl.org[BearSSL] to Arduino. -This library depends on ArduinoECCX08. +This library depends on ArduinoECCX08. This dependency could be +disabled by defining ARDUINO_DISABLE_ECCX08 in ArduinoBearSSLConfig.h +(see examples). == License == diff --git a/examples/AES128/ArduinoBearSSLConfig.h b/examples/AES128/ArduinoBearSSLConfig.h new file mode 100644 index 0000000..160fc22 --- /dev/null +++ b/examples/AES128/ArduinoBearSSLConfig.h @@ -0,0 +1,7 @@ +#ifndef ARDUINO_BEARSSL_CONFIG_H_ +#define ARDUINO_BEARSSL_CONFIG_H_ + +/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */ +//#define ARDUINO_DISABLE_ECCX08 + +#endif /* ARDUINO_BEARSSL_CONFIG_H_ */ diff --git a/examples/DES/ArduinoBearSSLConfig.h b/examples/DES/ArduinoBearSSLConfig.h new file mode 100644 index 0000000..160fc22 --- /dev/null +++ b/examples/DES/ArduinoBearSSLConfig.h @@ -0,0 +1,7 @@ +#ifndef ARDUINO_BEARSSL_CONFIG_H_ +#define ARDUINO_BEARSSL_CONFIG_H_ + +/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */ +//#define ARDUINO_DISABLE_ECCX08 + +#endif /* ARDUINO_BEARSSL_CONFIG_H_ */ diff --git a/examples/MD5/ArduinoBearSSLConfig.h b/examples/MD5/ArduinoBearSSLConfig.h new file mode 100644 index 0000000..160fc22 --- /dev/null +++ b/examples/MD5/ArduinoBearSSLConfig.h @@ -0,0 +1,7 @@ +#ifndef ARDUINO_BEARSSL_CONFIG_H_ +#define ARDUINO_BEARSSL_CONFIG_H_ + +/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */ +//#define ARDUINO_DISABLE_ECCX08 + +#endif /* ARDUINO_BEARSSL_CONFIG_H_ */ diff --git a/examples/MKRGSMSSLClient/ArduinoBearSSLConfig.h b/examples/MKRGSMSSLClient/ArduinoBearSSLConfig.h new file mode 100644 index 0000000..160fc22 --- /dev/null +++ b/examples/MKRGSMSSLClient/ArduinoBearSSLConfig.h @@ -0,0 +1,7 @@ +#ifndef ARDUINO_BEARSSL_CONFIG_H_ +#define ARDUINO_BEARSSL_CONFIG_H_ + +/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */ +//#define ARDUINO_DISABLE_ECCX08 + +#endif /* ARDUINO_BEARSSL_CONFIG_H_ */ diff --git a/examples/SHA1/ArduinoBearSSLConfig.h b/examples/SHA1/ArduinoBearSSLConfig.h new file mode 100644 index 0000000..160fc22 --- /dev/null +++ b/examples/SHA1/ArduinoBearSSLConfig.h @@ -0,0 +1,7 @@ +#ifndef ARDUINO_BEARSSL_CONFIG_H_ +#define ARDUINO_BEARSSL_CONFIG_H_ + +/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */ +//#define ARDUINO_DISABLE_ECCX08 + +#endif /* ARDUINO_BEARSSL_CONFIG_H_ */ diff --git a/examples/SHA256/ArduinoBearSSLConfig.h b/examples/SHA256/ArduinoBearSSLConfig.h new file mode 100644 index 0000000..160fc22 --- /dev/null +++ b/examples/SHA256/ArduinoBearSSLConfig.h @@ -0,0 +1,7 @@ +#ifndef ARDUINO_BEARSSL_CONFIG_H_ +#define ARDUINO_BEARSSL_CONFIG_H_ + +/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */ +//#define ARDUINO_DISABLE_ECCX08 + +#endif /* ARDUINO_BEARSSL_CONFIG_H_ */ diff --git a/examples/WiFiSSLClient/ArduinoBearSSLConfig.h b/examples/WiFiSSLClient/ArduinoBearSSLConfig.h new file mode 100644 index 0000000..160fc22 --- /dev/null +++ b/examples/WiFiSSLClient/ArduinoBearSSLConfig.h @@ -0,0 +1,7 @@ +#ifndef ARDUINO_BEARSSL_CONFIG_H_ +#define ARDUINO_BEARSSL_CONFIG_H_ + +/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */ +//#define ARDUINO_DISABLE_ECCX08 + +#endif /* ARDUINO_BEARSSL_CONFIG_H_ */ diff --git a/examples/extras/WiFiSSLClientNoSNI/ArduinoBearSSLConfig.h b/examples/extras/WiFiSSLClientNoSNI/ArduinoBearSSLConfig.h new file mode 100644 index 0000000..160fc22 --- /dev/null +++ b/examples/extras/WiFiSSLClientNoSNI/ArduinoBearSSLConfig.h @@ -0,0 +1,7 @@ +#ifndef ARDUINO_BEARSSL_CONFIG_H_ +#define ARDUINO_BEARSSL_CONFIG_H_ + +/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */ +//#define ARDUINO_DISABLE_ECCX08 + +#endif /* ARDUINO_BEARSSL_CONFIG_H_ */ diff --git a/src/ArduinoBearSSL.h b/src/ArduinoBearSSL.h index 5296b9f..dfaddb1 100644 --- a/src/ArduinoBearSSL.h +++ b/src/ArduinoBearSSL.h @@ -25,6 +25,12 @@ #ifndef _ARDUINO_BEAR_SSL_H_ #define _ARDUINO_BEAR_SSL_H_ +#if defined __has_include +# if __has_include () +# include +# endif +#endif + #include "BearSSLClient.h" #include "SHA1.h" #include "SHA256.h" diff --git a/src/BearSSLClient.cpp b/src/BearSSLClient.cpp index f3bed28..5a2795d 100644 --- a/src/BearSSLClient.cpp +++ b/src/BearSSLClient.cpp @@ -22,9 +22,12 @@ * SOFTWARE. */ +#include "ArduinoBearSSL.h" + +#ifndef ARDUINO_DISABLE_ECCX08 #include +#endif -#include "ArduinoBearSSL.h" #include "BearSSLTrustAnchors.h" #include "utility/eccX08_asn1.h" @@ -47,8 +50,13 @@ BearSSLClient::BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs, _noSNI(false), _ecChainLen(0) { +#ifndef ARDUINO_DISABLE_ECCX08 _ecVrfy = eccX08_vrfy_asn1; _ecSign = eccX08_sign_asn1; +#else + _ecVrfy = br_ecdsa_vrfy_asn1_get_default(); + _ecSign = br_ecdsa_sign_asn1_get_default(); +#endif _ecKey.curve = 0; _ecKey.x = NULL; @@ -237,8 +245,13 @@ void BearSSLClient::setEccSlot(int ecc508KeySlot, const byte cert[], int certLen _ecChainLen = 1; _ecCertDynamic = false; +#ifndef ARDUINO_DISABLE_ECCX08 _ecVrfy = eccX08_vrfy_asn1; _ecSign = eccX08_sign_asn1; +#else + _ecVrfy = br_ecdsa_vrfy_asn1_get_default(); + _ecSign = br_ecdsa_sign_asn1_get_default(); +#endif } void BearSSLClient::setEccSlot(int ecc508KeySlot, const char cert[]) @@ -352,12 +365,16 @@ int BearSSLClient::connectSSL(const char* host) // inject entropy in engine unsigned char entropy[32]; +#ifndef ARDUINO_DISABLE_ECCX08 if (!ECCX08.begin() || !ECCX08.locked() || !ECCX08.random(entropy, sizeof(entropy))) { +#endif // no ECCX08 or random failed, fallback to pseudo random for (size_t i = 0; i < sizeof(entropy); i++) { entropy[i] = random(0, 255); } +#ifndef ARDUINO_DISABLE_ECCX08 } +#endif br_ssl_engine_inject_entropy(&_sc.eng, entropy, sizeof(entropy)); // add custom ECDSA vfry and EC sign diff --git a/src/utility/eccX08_sign_asn1.cpp b/src/utility/eccX08_sign_asn1.cpp index 9b17480..d99e5d5 100644 --- a/src/utility/eccX08_sign_asn1.cpp +++ b/src/utility/eccX08_sign_asn1.cpp @@ -23,6 +23,9 @@ * SOFTWARE. */ +#include "ArduinoBearSSL.h" + +#ifndef ARDUINO_DISABLE_ECCX08 #include "eccX08_asn1.h" #include @@ -51,3 +54,4 @@ eccX08_sign_asn1(const br_ec_impl * /*impl*/, memcpy(sig, rsig, sig_len); return sig_len; } +#endif diff --git a/src/utility/eccX08_vrfy_asn1.cpp b/src/utility/eccX08_vrfy_asn1.cpp index 8221919..c8b5cdd 100644 --- a/src/utility/eccX08_vrfy_asn1.cpp +++ b/src/utility/eccX08_vrfy_asn1.cpp @@ -23,6 +23,9 @@ * SOFTWARE. */ +#include "ArduinoBearSSL.h" + +#ifndef ARDUINO_DISABLE_ECCX08 #include "eccX08_asn1.h" #include @@ -60,3 +63,4 @@ eccX08_vrfy_asn1(const br_ec_impl * /*impl*/, return 1; } +#endif