Add BEAR_SSL_DISABLE_ECCX08

This new compilation flag will allow the user to use ArduinoBearSSL without ECCX08. Indeed, the cryptographic operations could be done through the default software implementation or offloaded to another secure element such as an applet compliant with the GSMA IoT SAFE standard. Signed-off-by: Fabrice Fontaine <[email protected]>
arduino-libraries · Apr 7, 2021 · 9e45af2 · 9e45af2
1 parent e985450
commit 9e45af2
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/src/BearSSLClient.cpp b/src/BearSSLClient.cpp
@@ -22,7 +22,9 @@
  * SOFTWARE.
  */
 
+#ifndef BEAR_SSL_DISABLE_ECCX08
 #include <ArduinoECCX08.h>
+#endif
 
 #include "ArduinoBearSSL.h"
 #include "BearSSLTrustAnchors.h"
@@ -47,8 +49,13 @@ BearSSLClient::BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs,
   _noSNI(false),
   _ecChainLen(0)
 {
+#ifndef BEAR_SSL_DISABLE_ECCX08
   _ecVrfy = eccX08_vrfy_asn1;
   _ecSign = eccX08_sign_asn1;
+#else
+  _ecVrfy = br_ecdsa_vrfy_asn1_get_default();
+  _ecSign = br_ecdsa_sign_asn1_get_default();
+#endif
 
   _ecKey.curve = 0;
   _ecKey.x = NULL;
@@ -237,8 +244,13 @@ void BearSSLClient::setEccSlot(int ecc508KeySlot, const byte cert[], int certLen
   _ecChainLen = 1;
   _ecCertDynamic = false;
 
+#ifndef BEAR_SSL_DISABLE_ECCX08
   _ecVrfy = eccX08_vrfy_asn1;
   _ecSign = eccX08_sign_asn1;
+#else
+  _ecVrfy = br_ecdsa_vrfy_asn1_get_default();
+  _ecSign = br_ecdsa_sign_asn1_get_default();
+#endif
 }
 
 void BearSSLClient::setEccSlot(int ecc508KeySlot, const char cert[])
@@ -352,12 +364,16 @@ int BearSSLClient::connectSSL(const char* host)
   // inject entropy in engine
   unsigned char entropy[32];
 
+#ifndef BEAR_SSL_DISABLE_ECCX08
   if (!ECCX08.begin() || !ECCX08.locked() || !ECCX08.random(entropy, sizeof(entropy))) {
+#endif
     // no ECCX08 or random failed, fallback to pseudo random
     for (size_t i = 0; i < sizeof(entropy); i++) {
       entropy[i] = random(0, 255);
     }
+#ifndef BEAR_SSL_DISABLE_ECCX08
   }
+#endif
   br_ssl_engine_inject_entropy(&_sc.eng, entropy, sizeof(entropy));
 
   // add custom ECDSA vfry and EC sign

diff --git a/src/utility/eccX08_sign_asn1.cpp b/src/utility/eccX08_sign_asn1.cpp
@@ -23,6 +23,7 @@
  * SOFTWARE.
  */
 
+#ifndef BEAR_SSL_DISABLE_ECCX08
 #include "eccX08_asn1.h"
 
 #include <ArduinoECCX08.h>
@@ -51,3 +52,4 @@ eccX08_sign_asn1(const br_ec_impl * /*impl*/,
   memcpy(sig, rsig, sig_len);
   return sig_len;
 }
+#endif
diff --git a/src/utility/eccX08_vrfy_asn1.cpp b/src/utility/eccX08_vrfy_asn1.cpp
@@ -23,6 +23,7 @@
  * SOFTWARE.
  */
 
+#ifndef BEAR_SSL_DISABLE_ECCX08
 #include "eccX08_asn1.h"
 
 #include <ArduinoECCX08.h>
@@ -60,3 +61,4 @@ eccX08_vrfy_asn1(const br_ec_impl * /*impl*/,
 
   return 1;
 }
+#endif