From 9e45af2b2614d561d6353f185de3bd95366d1d5c Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fabrice.fontaine@orange.com>
Date: Wed, 7 Apr 2021 11:18:45 +0200
Subject: [PATCH] Add BEAR_SSL_DISABLE_ECCX08

This new compilation flag will allow the user to use ArduinoBearSSL
without ECCX08.

Indeed, the cryptographic operations could be done through the default
software implementation or offloaded to another secure element such as
an applet compliant with the GSMA IoT SAFE standard.

Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
---
 src/BearSSLClient.cpp            | 16 ++++++++++++++++
 src/utility/eccX08_sign_asn1.cpp |  2 ++
 src/utility/eccX08_vrfy_asn1.cpp |  2 ++
 3 files changed, 20 insertions(+)

diff --git a/src/BearSSLClient.cpp b/src/BearSSLClient.cpp
index f3bed28..0934390 100644
--- a/src/BearSSLClient.cpp
+++ b/src/BearSSLClient.cpp
@@ -22,7 +22,9 @@
  * SOFTWARE.
  */
 
+#ifndef BEAR_SSL_DISABLE_ECCX08
 #include <ArduinoECCX08.h>
+#endif
 
 #include "ArduinoBearSSL.h"
 #include "BearSSLTrustAnchors.h"
@@ -47,8 +49,13 @@ BearSSLClient::BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs,
   _noSNI(false),
   _ecChainLen(0)
 {
+#ifndef BEAR_SSL_DISABLE_ECCX08
   _ecVrfy = eccX08_vrfy_asn1;
   _ecSign = eccX08_sign_asn1;
+#else
+  _ecVrfy = br_ecdsa_vrfy_asn1_get_default();
+  _ecSign = br_ecdsa_sign_asn1_get_default();
+#endif
 
   _ecKey.curve = 0;
   _ecKey.x = NULL;
@@ -237,8 +244,13 @@ void BearSSLClient::setEccSlot(int ecc508KeySlot, const byte cert[], int certLen
   _ecChainLen = 1;
   _ecCertDynamic = false;
 
+#ifndef BEAR_SSL_DISABLE_ECCX08
   _ecVrfy = eccX08_vrfy_asn1;
   _ecSign = eccX08_sign_asn1;
+#else
+  _ecVrfy = br_ecdsa_vrfy_asn1_get_default();
+  _ecSign = br_ecdsa_sign_asn1_get_default();
+#endif
 }
 
 void BearSSLClient::setEccSlot(int ecc508KeySlot, const char cert[])
@@ -352,12 +364,16 @@ int BearSSLClient::connectSSL(const char* host)
   // inject entropy in engine
   unsigned char entropy[32];
 
+#ifndef BEAR_SSL_DISABLE_ECCX08
   if (!ECCX08.begin() || !ECCX08.locked() || !ECCX08.random(entropy, sizeof(entropy))) {
+#endif
     // no ECCX08 or random failed, fallback to pseudo random
     for (size_t i = 0; i < sizeof(entropy); i++) {
       entropy[i] = random(0, 255);
     }
+#ifndef BEAR_SSL_DISABLE_ECCX08
   }
+#endif
   br_ssl_engine_inject_entropy(&_sc.eng, entropy, sizeof(entropy));
 
   // add custom ECDSA vfry and EC sign
diff --git a/src/utility/eccX08_sign_asn1.cpp b/src/utility/eccX08_sign_asn1.cpp
index 9b17480..bbdbae2 100644
--- a/src/utility/eccX08_sign_asn1.cpp
+++ b/src/utility/eccX08_sign_asn1.cpp
@@ -23,6 +23,7 @@
  * SOFTWARE.
  */
 
+#ifndef BEAR_SSL_DISABLE_ECCX08
 #include "eccX08_asn1.h"
 
 #include <ArduinoECCX08.h>
@@ -51,3 +52,4 @@ eccX08_sign_asn1(const br_ec_impl * /*impl*/,
   memcpy(sig, rsig, sig_len);
   return sig_len;
 }
+#endif
diff --git a/src/utility/eccX08_vrfy_asn1.cpp b/src/utility/eccX08_vrfy_asn1.cpp
index 8221919..94e9273 100644
--- a/src/utility/eccX08_vrfy_asn1.cpp
+++ b/src/utility/eccX08_vrfy_asn1.cpp
@@ -23,6 +23,7 @@
  * SOFTWARE.
  */
 
+#ifndef BEAR_SSL_DISABLE_ECCX08
 #include "eccX08_asn1.h"
 
 #include <ArduinoECCX08.h>
@@ -60,3 +61,4 @@ eccX08_vrfy_asn1(const br_ec_impl * /*impl*/,
 
   return 1;
 }
+#endif