Add ARDUINO_DISABLE_ECCX08

This new compilation flag can be set through ArduinoBearSSLConfig.h and
will allow the user to use ArduinoBearSSL without ECCX08.

Indeed, the cryptographic operations could be done through the default
software implementation or offloaded to another secure element such as
an applet compliant with the GSMA IoT SAFE standard.

Signed-off-by: Fabrice Fontaine <[email protected]>

Author: ffontaine

Diff for: README.adoc

@@ -8,7 +8,9 @@ image:https://github.com/{repository-owner}/{repository-name}/workflows/Spell%20
 
 Port of https://bearssl.org[BearSSL] to Arduino.
 
-This library depends on ArduinoECCX08.
+This library depends on ArduinoECCX08. This dependency could be
+disabled by defining ARDUINO_DISABLE_ECCX08 in ArduinoBearSSLConfig.h
+(see examples).
 
 == License ==
 

Diff for: examples/AES128/ArduinoBearSSLConfig.h

@@ -0,0 +1,7 @@
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */

Diff for: examples/DES/ArduinoBearSSLConfig.h

@@ -0,0 +1,7 @@
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */

Diff for: examples/MD5/ArduinoBearSSLConfig.h

@@ -0,0 +1,7 @@
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */

Diff for: examples/MKRGSMSSLClient/ArduinoBearSSLConfig.h

@@ -0,0 +1,7 @@
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */

Diff for: examples/SHA1/ArduinoBearSSLConfig.h

@@ -0,0 +1,7 @@
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */

Diff for: examples/SHA256/ArduinoBearSSLConfig.h

@@ -0,0 +1,7 @@
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */

Diff for: examples/WiFiSSLClient/ArduinoBearSSLConfig.h

@@ -0,0 +1,7 @@
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */

Diff for: examples/extras/WiFiSSLClientNoSNI/ArduinoBearSSLConfig.h

@@ -0,0 +1,7 @@
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */

Diff for: src/ArduinoBearSSL.h

@@ -25,6 +25,12 @@
 #ifndef _ARDUINO_BEAR_SSL_H_
 #define _ARDUINO_BEAR_SSL_H_
 
+#if defined __has_include
+#  if __has_include (<ArduinoBearSSLConfig.h>)
+#    include <ArduinoBearSSLConfig.h>
+#  endif
+#endif
+
 #include "BearSSLClient.h"
 #include "SHA1.h"
 #include "SHA256.h"

Diff for: src/BearSSLClient.cpp

@@ -22,9 +22,12 @@
  * SOFTWARE.
  */
 
+#include "ArduinoBearSSL.h"
+
+#ifndef ARDUINO_DISABLE_ECCX08
 #include <ArduinoECCX08.h>
+#endif
 
-#include "ArduinoBearSSL.h"
 #include "BearSSLTrustAnchors.h"
 #include "utility/eccX08_asn1.h"
 
@@ -47,8 +50,13 @@ BearSSLClient::BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs,
   _noSNI(false),
   _ecChainLen(0)
 {
+#ifndef ARDUINO_DISABLE_ECCX08
   _ecVrfy = eccX08_vrfy_asn1;
   _ecSign = eccX08_sign_asn1;
+#else
+  _ecVrfy = br_ecdsa_vrfy_asn1_get_default();
+  _ecSign = br_ecdsa_sign_asn1_get_default();
+#endif
 
   _ecKey.curve = 0;
   _ecKey.x = NULL;
@@ -237,8 +245,13 @@ void BearSSLClient::setEccSlot(int ecc508KeySlot, const byte cert[], int certLen
   _ecChainLen = 1;
   _ecCertDynamic = false;
 
+#ifndef ARDUINO_DISABLE_ECCX08
   _ecVrfy = eccX08_vrfy_asn1;
   _ecSign = eccX08_sign_asn1;
+#else
+  _ecVrfy = br_ecdsa_vrfy_asn1_get_default();
+  _ecSign = br_ecdsa_sign_asn1_get_default();
+#endif
 }
 
 void BearSSLClient::setEccSlot(int ecc508KeySlot, const char cert[])
@@ -352,12 +365,16 @@ int BearSSLClient::connectSSL(const char* host)
   // inject entropy in engine
   unsigned char entropy[32];
 
+#ifndef ARDUINO_DISABLE_ECCX08
   if (!ECCX08.begin() || !ECCX08.locked() || !ECCX08.random(entropy, sizeof(entropy))) {
+#endif
     // no ECCX08 or random failed, fallback to pseudo random
     for (size_t i = 0; i < sizeof(entropy); i++) {
       entropy[i] = random(0, 255);
     }
+#ifndef ARDUINO_DISABLE_ECCX08
   }
+#endif
   br_ssl_engine_inject_entropy(&_sc.eng, entropy, sizeof(entropy));
 
   // add custom ECDSA vfry and EC sign

Diff for: src/utility/eccX08_sign_asn1.cpp

@@ -23,6 +23,9 @@
  * SOFTWARE.
  */
 
+#include "ArduinoBearSSL.h"
+
+#ifndef ARDUINO_DISABLE_ECCX08
 #include "eccX08_asn1.h"
 
 #include <ArduinoECCX08.h>
@@ -51,3 +54,4 @@ eccX08_sign_asn1(const br_ec_impl * /*impl*/,
   memcpy(sig, rsig, sig_len);
   return sig_len;
 }
+#endif

Diff for: src/utility/eccX08_vrfy_asn1.cpp

@@ -23,6 +23,9 @@
  * SOFTWARE.
  */
 
+#include "ArduinoBearSSL.h"
+
+#ifndef ARDUINO_DISABLE_ECCX08
 #include "eccX08_asn1.h"
 
 #include <ArduinoECCX08.h>
@@ -60,3 +63,4 @@ eccX08_vrfy_asn1(const br_ec_impl * /*impl*/,
 
   return 1;
 }
+#endif