Merge pull request #80 from pennam/aiotcloud

pennam · web-flow · commit 2c34df131e0a · 2024-07-16T12:47:56.000+02:00
Extend library configurability using config file
diff --git a/.github/workflows/compile-examples.yml b/.github/workflows/compile-examples.yml
@@ -48,6 +48,21 @@ jobs:
           - fqbn: arduino:samd:mkrgsm1400
             type: gsm
             artifact-name-suffix: arduino-samd-mkrgsm1400
+          - fqbn: arduino:samd:mkrnb1500
+            type: nb
+            artifact-name-suffix: arduino-samd-mkrnb1500
+          - fqbn: arduino:mbed_portenta:envie_m7
+            type: mbed_portenta
+            artifact-name-suffix: arduino-mbed_portenta-envie_m7
+          - fqbn: arduino:mbed_nano:nanorp2040connect
+            type: nina
+            artifact-name-suffix: arduino-mbed_nano-nanorp2040connect
+          - fqbn: arduino:mbed_opta:opta
+            type: mbed_opta
+            artifact-name-suffix: arduino-mbed_opta-opta
+          - fqbn: arduino:mbed_giga:giga
+            type: mbed_giga
+            artifact-name-suffix: arduino-mbed_giga-giga
           - fqbn: arduino:megaavr:uno2018
             type: megaavr
             artifact-name-suffix: arduino-megaavr-uno2018
diff --git a/src/AES128.cpp b/src/AES128.cpp
@@ -22,6 +22,7 @@
  * SOFTWARE.
  */
 
+#include <ArduinoBearSSL.h>
 #include "AES128.h"
 
 AES128Class::AES128Class() :
@@ -49,6 +50,6 @@ int AES128Class::runDecryption(uint8_t *key, size_t size, uint8_t *input, size_t
   return 1;
 }
 
-#ifndef ARDUINO_ARCH_MEGAAVR
+#if !defined(ARDUINO_BEARSSL_DISABLE_AES128) && !defined(ARDUINO_ARCH_MEGAAVR)
 AES128Class AES128;
 #endif
diff --git a/src/BearSSLClient.cpp b/src/BearSSLClient.cpp
@@ -28,15 +28,33 @@
 #include <ArduinoECCX08.h>
 #endif
 
+#ifndef ARDUINO_BEARSSL_DISABLE_BUILTIN_TRUST_ANCHORS
 #include "BearSSLTrustAnchors.h"
+#endif
 #include "utility/eccX08_asn1.h"
 
 #include "BearSSLClient.h"
 
+#ifndef ARDUINO_BEARSSL_DISABLE_BUILTIN_TRUST_ANCHORS
 BearSSLClient::BearSSLClient(Client& client) :
   BearSSLClient(&client, TAs, TAs_NUM)
 {
 }
+#endif
+
+BearSSLClient::BearSSLClient() :
+  _noSNI(false)
+{
+  _ecKey.curve = 0;
+  _ecKey.x = NULL;
+  _ecKey.xlen = 0;
+
+  for (size_t i = 0; i < BEAR_SSL_CLIENT_CHAIN_SIZE; i++) {
+    _ecCert[i].data = NULL;
+    _ecCert[i].data_len = 0;
+  }
+  _ecCertDynamic = false;
+}
 
 BearSSLClient::BearSSLClient(Client& client, const br_x509_trust_anchor* myTAs, int myNumTAs)
 : BearSSLClient(&client, myTAs, myNumTAs)
@@ -48,8 +66,15 @@ BearSSLClient::BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs,
   _TAs(myTAs),
   _numTAs(myNumTAs),
   _noSNI(false),
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
   _skeyDecoder(NULL),
-  _ecChainLen(0)
+#endif
+  _ecChainLen(0),
+#ifndef ARDUINO_BEARSSL_DISABLE_FULL_CLIENT_PROFILE
+  _br_ssl_client_init_function(br_ssl_client_init_full)
+#else
+  _br_ssl_client_init_function(NULL)
+#endif
 {
 #ifndef ARDUINO_DISABLE_ECCX08
   _ecVrfy = eccX08_vrfy_asn1;
@@ -77,10 +102,12 @@ BearSSLClient::~BearSSLClient()
     _ecCert[0].data = NULL;
   }
 
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
   if (_skeyDecoder) {
     free(_skeyDecoder);
     _skeyDecoder = NULL;
   }
+#endif
 }
 
 int BearSSLClient::connect(IPAddress ip, uint16_t port)
@@ -309,6 +336,7 @@ void BearSSLClient::setEccSlot(int ecc508KeySlot, const char cert[])
   }
 }
 
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
 void BearSSLClient::setKey(const char key[], const char cert[])
 {
   // try to decode the key and cert
@@ -381,7 +409,9 @@ void BearSSLClient::setKey(const char key[], const char cert[])
     }
   }
 }
+#endif
 
+#if BEAR_SSL_CLIENT_CHAIN_SIZE > 1
 void BearSSLClient::setEccCertParent(const char cert[])
 {
   // try to decode the cert
@@ -428,6 +458,7 @@ void BearSSLClient::setEccCertParent(const char cert[])
     }
   }
 }
+#endif
 
 int BearSSLClient::errorCode()
 {
@@ -436,8 +467,12 @@ int BearSSLClient::errorCode()
 
 int BearSSLClient::connectSSL(const char* host)
 {
-  // initialize client context with all algorithms and hardcoded trust anchors
-  br_ssl_client_init_full(&_sc, &_xc, _TAs, _numTAs);
+  if (!_br_ssl_client_init_function) {
+    return 0;
+  }
+
+  // initialize client context with enabled algorithms and trust anchors
+  _br_ssl_client_init_function(&_sc, &_xc, _TAs, _numTAs);
 
   br_ssl_engine_set_buffers_bidi(&_sc.eng, _ibuf, sizeof(_ibuf), _obuf, sizeof(_obuf));
 
@@ -462,6 +497,7 @@ int BearSSLClient::connectSSL(const char* host)
 
   // enable client auth
   if (_ecCert[0].data_len) {
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
     if (_skeyDecoder) {
       int skeyType = br_skey_decoder_key_type(_skeyDecoder);
 
@@ -471,8 +507,11 @@ int BearSSLClient::connectSSL(const char* host)
         br_ssl_client_set_single_rsa(&_sc, _ecCert, _ecChainLen, br_skey_decoder_get_rsa(_skeyDecoder), br_rsa_pkcs1_sign_get_default());
       }
     } else {
+#endif
       br_ssl_client_set_single_ec(&_sc, _ecCert, _ecChainLen, &_ecKey, BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN, BR_KEYTYPE_EC, br_ec_get_default(), _ecSign);
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
     }
+#endif
   }
 
   // set the hostname used for SNI
@@ -575,18 +614,21 @@ void BearSSLClient::clientAppendCert(void *ctx, const void *data, size_t len)
   c->_ecCert[0].data_len += len;
 }
 
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
 void BearSSLClient::clientAppendKey(void *ctx, const void *data, size_t len)
 {
   BearSSLClient* c = (BearSSLClient*)ctx;
 
   br_skey_decoder_push(c->_skeyDecoder, data, len);
 }
+#endif
 
+#if BEAR_SSL_CLIENT_CHAIN_SIZE > 1
 void BearSSLClient::parentAppendCert(void *ctx, const void *data, size_t len)
 {
   BearSSLClient* c = (BearSSLClient*)ctx;
 
   memcpy(&c->_ecCert[1].data[c->_ecCert[1].data_len], data, len);
   c->_ecCert[1].data_len += len;
 }
-
+#endif
diff --git a/src/BearSSLClient.h b/src/BearSSLClient.h
@@ -32,7 +32,7 @@
 #endif
 
 #ifndef BEAR_SSL_CLIENT_IBUF_SIZE
-#define BEAR_SSL_CLIENT_IBUF_SIZE 32768
+#define BEAR_SSL_CLIENT_IBUF_SIZE (16384 + 325)
 #endif
 
 #else
@@ -59,14 +59,15 @@
 class BearSSLClient : public Client {
 
 public:
+  BearSSLClient();
   BearSSLClient(Client& client);
   BearSSLClient(Client& client, const br_x509_trust_anchor* myTAs, int myNumTAs);
   BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs, int myNumTAs);
   virtual ~BearSSLClient();
 
-
   inline void setClient(Client& client) { _client = &client; }
-
+  inline void setProfile(void(*client_init_function)(br_ssl_client_context *cc, br_x509_minimal_context *xc, const br_x509_trust_anchor *trust_anchors, size_t trustrust_anchorst_anchors_num)) { _br_ssl_client_init_function = client_init_function; }
+  inline void setTrustAnchors(const br_x509_trust_anchor* myTAs, int myNumTAs) { _TAs = myTAs; _numTAs = myNumTAs; }
 
   virtual int connect(IPAddress ip, uint16_t port);
   virtual int connect(const char* host, uint16_t port);
@@ -97,8 +98,12 @@ class BearSSLClient : public Client {
 
   void setEccSlot(int ecc508KeySlot, const byte cert[], int certLength);
   void setEccSlot(int ecc508KeySlot, const char cert[]);
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
   void setKey(const char key[], const char cert[]);
+#endif
+#if BEAR_SSL_CLIENT_CHAIN_SIZE > 1
   void setEccCertParent(const char cert[]);
+#endif
 
   int errorCode();
 
@@ -107,8 +112,12 @@ class BearSSLClient : public Client {
   static int clientRead(void *ctx, unsigned char *buf, size_t len);
   static int clientWrite(void *ctx, const unsigned char *buf, size_t len);
   static void clientAppendCert(void *ctx, const void *data, size_t len);
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
   static void clientAppendKey(void *ctx, const void *data, size_t len);
+#endif
+#if BEAR_SSL_CLIENT_CHAIN_SIZE > 1
   static void parentAppendCert(void *ctx, const void *data, size_t len);
+#endif
 
 private:
   Client* _client;
@@ -121,7 +130,9 @@ class BearSSLClient : public Client {
   br_ecdsa_sign _ecSign;
 
   br_ec_private_key _ecKey;
+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER
   br_skey_decoder_context* _skeyDecoder;
+#endif
   br_x509_certificate _ecCert[BEAR_SSL_CLIENT_CHAIN_SIZE];
   int _ecChainLen;
   bool _ecCertDynamic;
@@ -131,6 +142,8 @@ class BearSSLClient : public Client {
   unsigned char _ibuf[BEAR_SSL_CLIENT_IBUF_SIZE];
   unsigned char _obuf[BEAR_SSL_CLIENT_OBUF_SIZE];
   br_sslio_context _ioc;
+
+  void (*_br_ssl_client_init_function)(br_ssl_client_context *cc, br_x509_minimal_context *xc, const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num);
 };
 
 #endif
diff --git a/src/DES.cpp b/src/DES.cpp
@@ -22,6 +22,7 @@
  * SOFTWARE.
  */
 
+#include <ArduinoBearSSL.h>
 #include "DES.h"
 
 DESClass::DESClass() :
@@ -50,6 +51,6 @@ int DESClass::runDecryption(uint8_t *key, size_t size, uint8_t *input, size_t bl
 }
 
 
-#ifndef ARDUINO_ARCH_MEGAAVR
+#if !defined(ARDUINO_BEARSSL_DISABLE_DES) && !defined(ARDUINO_ARCH_MEGAAVR)
 DESClass DES;
 #endif
diff --git a/src/MD5.cpp b/src/MD5.cpp
@@ -22,6 +22,7 @@
  * SOFTWARE.
  */
 
+#include <ArduinoBearSSL.h>
 #include "MD5.h"
 
 MD5Class::MD5Class() :
@@ -54,6 +55,6 @@ int MD5Class::end(uint8_t *digest)
   return 1;
 }
 
-#ifndef ARDUINO_ARCH_MEGAAVR
+#if !defined(ARDUINO_BEARSSL_DISABLE_MD5) && !defined(ARDUINO_ARCH_MEGAAVR)
 MD5Class MD5;
 #endif
diff --git a/src/SHA1.cpp b/src/SHA1.cpp
@@ -22,6 +22,7 @@
  * SOFTWARE.
  */
 
+#include <ArduinoBearSSL.h>
 #include "SHA1.h"
 
 SHA1Class::SHA1Class() :
@@ -54,4 +55,6 @@ int SHA1Class::end(uint8_t *digest)
   return 1;
 }
 
+#if !defined(ARDUINO_BEARSSL_DISABLE_SHA1)
 SHA1Class SHA1;
+#endif
diff --git a/src/SHA256.cpp b/src/SHA256.cpp
@@ -22,6 +22,7 @@
  * SOFTWARE.
  */
 
+#include <ArduinoBearSSL.h>
 #include "SHA256.h"
 
 SHA256Class::SHA256Class() :
@@ -54,6 +55,6 @@ int SHA256Class::end(uint8_t *digest)
   return 1;
 }
 
-#ifndef ARDUINO_ARCH_MEGAAVR
+#if !defined(ARDUINO_BEARSSL_DISABLE_SHA256) && !defined(ARDUINO_ARCH_MEGAAVR)
 SHA256Class SHA256;
 #endif

Original file line number	Diff line number	Diff line change
`@@ -28,15 +28,33 @@`
`28`	`28`	`#include <ArduinoECCX08.h>`
`29`	`29`	`#endif`
`30`	`30`
	`31`	`+#ifndef ARDUINO_BEARSSL_DISABLE_BUILTIN_TRUST_ANCHORS`
`31`	`32`	`#include "BearSSLTrustAnchors.h"`
	`33`	`+#endif`
`32`	`34`	`#include "utility/eccX08_asn1.h"`
`33`	`35`
`34`	`36`	`#include "BearSSLClient.h"`
`35`	`37`
	`38`	`+#ifndef ARDUINO_BEARSSL_DISABLE_BUILTIN_TRUST_ANCHORS`
`36`	`39`	`BearSSLClient::BearSSLClient(Client& client) :`
`37`	`40`	`BearSSLClient(&client, TAs, TAs_NUM)`
`38`	`41`	`{`
`39`	`42`	`}`
	`43`	`+#endif`
	`44`	`+`
	`45`	`+BearSSLClient::BearSSLClient() :`
	`46`	`+ _noSNI(false)`
	`47`	`+{`
	`48`	`+ _ecKey.curve = 0;`
	`49`	`+ _ecKey.x = NULL;`
	`50`	`+ _ecKey.xlen = 0;`
	`51`	`+`
	`52`	`+ for (size_t i = 0; i < BEAR_SSL_CLIENT_CHAIN_SIZE; i++) {`
	`53`	`+ _ecCert[i].data = NULL;`
	`54`	`+ _ecCert[i].data_len = 0;`
	`55`	`+ }`
	`56`	`+ _ecCertDynamic = false;`
	`57`	`+}`
`40`	`58`
`41`	`59`	`BearSSLClient::BearSSLClient(Client& client, const br_x509_trust_anchor* myTAs, int myNumTAs)`
`42`	`60`	`: BearSSLClient(&client, myTAs, myNumTAs)`
`@@ -48,8 +66,15 @@ BearSSLClient::BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs,`
`48`	`66`	`_TAs(myTAs),`
`49`	`67`	`_numTAs(myNumTAs),`
`50`	`68`	`_noSNI(false),`
	`69`	`+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER`
`51`	`70`	`_skeyDecoder(NULL),`
`52`		`- _ecChainLen(0)`
	`71`	`+#endif`
	`72`	`+ _ecChainLen(0),`
	`73`	`+#ifndef ARDUINO_BEARSSL_DISABLE_FULL_CLIENT_PROFILE`
	`74`	`+ _br_ssl_client_init_function(br_ssl_client_init_full)`
	`75`	`+#else`
	`76`	`+ _br_ssl_client_init_function(NULL)`
	`77`	`+#endif`
`53`	`78`	`{`
`54`	`79`	`#ifndef ARDUINO_DISABLE_ECCX08`
`55`	`80`	`_ecVrfy = eccX08_vrfy_asn1;`
`@@ -77,10 +102,12 @@ BearSSLClient::~BearSSLClient()`
`77`	`102`	`_ecCert[0].data = NULL;`
`78`	`103`	`}`
`79`	`104`
	`105`	`+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER`
`80`	`106`	`if (_skeyDecoder) {`
`81`	`107`	`free(_skeyDecoder);`
`82`	`108`	`_skeyDecoder = NULL;`
`83`	`109`	`}`
	`110`	`+#endif`
`84`	`111`	`}`
`85`	`112`
`86`	`113`	`int BearSSLClient::connect(IPAddress ip, uint16_t port)`
`@@ -309,6 +336,7 @@ void BearSSLClient::setEccSlot(int ecc508KeySlot, const char cert[])`
`309`	`336`	`}`
`310`	`337`	`}`
`311`	`338`
	`339`	`+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER`
`312`	`340`	`void BearSSLClient::setKey(const char key[], const char cert[])`
`313`	`341`	`{`
`314`	`342`	`// try to decode the key and cert`
`@@ -381,7 +409,9 @@ void BearSSLClient::setKey(const char key[], const char cert[])`
`381`	`409`	`}`
`382`	`410`	`}`
`383`	`411`	`}`
	`412`	`+#endif`
`384`	`413`
	`414`	`+#if BEAR_SSL_CLIENT_CHAIN_SIZE > 1`
`385`	`415`	`void BearSSLClient::setEccCertParent(const char cert[])`
`386`	`416`	`{`
`387`	`417`	`// try to decode the cert`
`@@ -428,6 +458,7 @@ void BearSSLClient::setEccCertParent(const char cert[])`
`428`	`458`	`}`
`429`	`459`	`}`
`430`	`460`	`}`
	`461`	`+#endif`
`431`	`462`
`432`	`463`	`int BearSSLClient::errorCode()`
`433`	`464`	`{`
`@@ -436,8 +467,12 @@ int BearSSLClient::errorCode()`
`436`	`467`
`437`	`468`	`int BearSSLClient::connectSSL(const char* host)`
`438`	`469`	`{`
`439`		`- // initialize client context with all algorithms and hardcoded trust anchors`
`440`		`- br_ssl_client_init_full(&_sc, &_xc, _TAs, _numTAs);`
	`470`	`+ if (!_br_ssl_client_init_function) {`
	`471`	`+ return 0;`
	`472`	`+ }`
	`473`	`+`
	`474`	`+ // initialize client context with enabled algorithms and trust anchors`
	`475`	`+ _br_ssl_client_init_function(&_sc, &_xc, _TAs, _numTAs);`
`441`	`476`
`442`	`477`	`br_ssl_engine_set_buffers_bidi(&_sc.eng, _ibuf, sizeof(_ibuf), _obuf, sizeof(_obuf));`
`443`	`478`
`@@ -462,6 +497,7 @@ int BearSSLClient::connectSSL(const char* host)`
`462`	`497`
`463`	`498`	`// enable client auth`
`464`	`499`	`if (_ecCert[0].data_len) {`
	`500`	`+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER`
`465`	`501`	`if (_skeyDecoder) {`
`466`	`502`	`int skeyType = br_skey_decoder_key_type(_skeyDecoder);`
`467`	`503`
`@@ -471,8 +507,11 @@ int BearSSLClient::connectSSL(const char* host)`
`471`	`507`	`br_ssl_client_set_single_rsa(&_sc, _ecCert, _ecChainLen, br_skey_decoder_get_rsa(_skeyDecoder), br_rsa_pkcs1_sign_get_default());`
`472`	`508`	`}`
`473`	`509`	`} else {`
	`510`	`+#endif`
`474`	`511`	`br_ssl_client_set_single_ec(&_sc, _ecCert, _ecChainLen, &_ecKey, BR_KEYTYPE_KEYX \| BR_KEYTYPE_SIGN, BR_KEYTYPE_EC, br_ec_get_default(), _ecSign);`
	`512`	`+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER`
`475`	`513`	`}`
	`514`	`+#endif`
`476`	`515`	`}`
`477`	`516`
`478`	`517`	`// set the hostname used for SNI`
`@@ -575,18 +614,21 @@ void BearSSLClient::clientAppendCert(void ctx, const void data, size_t len)`
`575`	`614`	`c->_ecCert[0].data_len += len;`
`576`	`615`	`}`
`577`	`616`
	`617`	`+#ifndef ARDUINO_BEARSSL_DISABLE_KEY_DECODER`
`578`	`618`	`void BearSSLClient::clientAppendKey(void ctx, const void data, size_t len)`
`579`	`619`	`{`
`580`	`620`	`BearSSLClient* c = (BearSSLClient*)ctx;`
`581`	`621`
`582`	`622`	`br_skey_decoder_push(c->_skeyDecoder, data, len);`
`583`	`623`	`}`
	`624`	`+#endif`
`584`	`625`
	`626`	`+#if BEAR_SSL_CLIENT_CHAIN_SIZE > 1`
`585`	`627`	`void BearSSLClient::parentAppendCert(void ctx, const void data, size_t len)`
`586`	`628`	`{`
`587`	`629`	`BearSSLClient* c = (BearSSLClient*)ctx;`
`588`	`630`
`589`	`631`	`memcpy(&c->_ecCert[1].data[c->_ecCert[1].data_len], data, len);`
`590`	`632`	`c->_ecCert[1].data_len += len;`
`591`	`633`	`}`
`592`		`-`
	`634`	`+#endif`