Add BEAR_SSL_DISABLE_ECCX08

ffontaine · ffontaine · commit 9e45af2b2614 · 2021-04-07T11:18:45.000+02:00
This new compilation flag will allow the user to use ArduinoBearSSL
without ECCX08.

Indeed, the cryptographic operations could be done through the default
software implementation or offloaded to another secure element such as
an applet compliant with the GSMA IoT SAFE standard.

Signed-off-by: Fabrice Fontaine &lt;fabrice.fontaine@orange.com&gt;
diff --git a/src/BearSSLClient.cpp b/src/BearSSLClient.cpp
@@ -22,7 +22,9 @@
  * SOFTWARE.
  */
 
+#ifndef BEAR_SSL_DISABLE_ECCX08
 #include <ArduinoECCX08.h>
+#endif
 
 #include "ArduinoBearSSL.h"
 #include "BearSSLTrustAnchors.h"
@@ -47,8 +49,13 @@ BearSSLClient::BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs,
   _noSNI(false),
   _ecChainLen(0)
 {
+#ifndef BEAR_SSL_DISABLE_ECCX08
   _ecVrfy = eccX08_vrfy_asn1;
   _ecSign = eccX08_sign_asn1;
+#else
+  _ecVrfy = br_ecdsa_vrfy_asn1_get_default();
+  _ecSign = br_ecdsa_sign_asn1_get_default();
+#endif
 
   _ecKey.curve = 0;
   _ecKey.x = NULL;
@@ -237,8 +244,13 @@ void BearSSLClient::setEccSlot(int ecc508KeySlot, const byte cert[], int certLen
   _ecChainLen = 1;
   _ecCertDynamic = false;
 
+#ifndef BEAR_SSL_DISABLE_ECCX08
   _ecVrfy = eccX08_vrfy_asn1;
   _ecSign = eccX08_sign_asn1;
+#else
+  _ecVrfy = br_ecdsa_vrfy_asn1_get_default();
+  _ecSign = br_ecdsa_sign_asn1_get_default();
+#endif
 }
 
 void BearSSLClient::setEccSlot(int ecc508KeySlot, const char cert[])
@@ -352,12 +364,16 @@ int BearSSLClient::connectSSL(const char* host)
   // inject entropy in engine
   unsigned char entropy[32];
 
+#ifndef BEAR_SSL_DISABLE_ECCX08
   if (!ECCX08.begin() || !ECCX08.locked() || !ECCX08.random(entropy, sizeof(entropy))) {
+#endif
     // no ECCX08 or random failed, fallback to pseudo random
     for (size_t i = 0; i < sizeof(entropy); i++) {
       entropy[i] = random(0, 255);
     }
+#ifndef BEAR_SSL_DISABLE_ECCX08
   }
+#endif
   br_ssl_engine_inject_entropy(&_sc.eng, entropy, sizeof(entropy));
 
   // add custom ECDSA vfry and EC sign
diff --git a/src/utility/eccX08_sign_asn1.cpp b/src/utility/eccX08_sign_asn1.cpp
@@ -23,6 +23,7 @@
  * SOFTWARE.
  */
 
+#ifndef BEAR_SSL_DISABLE_ECCX08
 #include "eccX08_asn1.h"
 
 #include <ArduinoECCX08.h>
@@ -51,3 +52,4 @@ eccX08_sign_asn1(const br_ec_impl * /*impl*/,
   memcpy(sig, rsig, sig_len);
   return sig_len;
 }
+#endif
diff --git a/src/utility/eccX08_vrfy_asn1.cpp b/src/utility/eccX08_vrfy_asn1.cpp
@@ -23,6 +23,7 @@
  * SOFTWARE.
  */
 
+#ifndef BEAR_SSL_DISABLE_ECCX08
 #include "eccX08_asn1.h"
 
 #include <ArduinoECCX08.h>
@@ -60,3 +61,4 @@ eccX08_vrfy_asn1(const br_ec_impl * /*impl*/,
 
   return 1;
 }
+#endif

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,7 @@`
`23`	`23`	`* SOFTWARE.`
`24`	`24`	`*/`
`25`	`25`
	`26`	`+#ifndef BEAR_SSL_DISABLE_ECCX08`
`26`	`27`	`#include "eccX08_asn1.h"`
`27`	`28`
`28`	`29`	`#include <ArduinoECCX08.h>`
`@@ -60,3 +61,4 @@ eccX08_vrfy_asn1(const br_ec_impl * /impl/,`
`60`	`61`
`61`	`62`	`return 1;`
`62`	`63`	`}`
	`64`	`+#endif`