Offload SSL Client w/ crypto on Nina modules

facchinm · facchinm · commit aff9ebd33ff4 · 2020-10-20T16:41:44.000+02:00
Temporarily remove OTA support since it depends on bearssl's SHA256 APIs
diff --git a/src/AIoTC_Config.h b/src/AIoTC_Config.h
@@ -72,14 +72,20 @@
   #define OTA_ENABLED             (0)
 #endif
 
-#if defined(ARDUINO_SAMD_MKRGSM1400) || defined(ARDUINO_SAMD_MKRWIFI1010) ||   \
-  defined(ARDUINO_SAMD_MKR1000) || defined(ARDUINO_SAMD_NANO_33_IOT)      ||   \
+#if defined(ARDUINO_SAMD_MKRGSM1400) || defined(ARDUINO_SAMD_MKR1000) ||   \
   defined(ARDUINO_SAMD_MKRNB1500) || defined(ARDUINO_PORTENTA_H7_M7)      ||   \
   defined(ARDUINO_PORTENTA_H7_M4)
   #define BOARD_HAS_ECCX08
   #define HAS_TCP
 #endif
 
+#if defined(ARDUINO_SAMD_MKRWIFI1010) || defined(ARDUINO_SAMD_NANO_33_IOT)
+  #define BOARD_HAS_OFFLOADED_ECCX08
+  #define HAS_TCP
+  #undef OTA_ENABLED
+  #define OTA_ENABLED             (0)
+#endif
+
 #if defined(ARDUINO_SAMD_MKRWAN1300) || defined(ARDUINO_SAMD_MKRWAN1310)
   #define HAS_LORA
 #endif
diff --git a/src/ArduinoIoTCloudTCP.cpp b/src/ArduinoIoTCloudTCP.cpp
@@ -28,6 +28,11 @@
   #include "tls/utility/CryptoUtil.h"
 #endif
 
+#ifdef BOARD_HAS_OFFLOADED_ECCX08
+#include <ArduinoECCX08.h>
+#include "tls/utility/CryptoUtil.h"
+#endif
+
 #include "utility/ota/OTA.h"
 #include "utility/ota/FlashSHA256.h"
 
@@ -112,6 +117,12 @@ int ArduinoIoTCloudTCP::begin(String brokerAddress, uint16_t brokerPort)
   _ota_img_sha256 = FlashSHA256::calc(0x2000, 0x40000 - 0x2000);
 #endif /* OTA_ENABLED */
 
+  #ifdef BOARD_HAS_OFFLOADED_ECCX08
+  if (!ECCX08.begin())                                                                                                                                                         { DBG_ERROR(F("Cryptography processor failure. Make sure you have a compatible board.")); return 0; }
+  if (!CryptoUtil::readDeviceId(ECCX08, getDeviceId(), ECCX08Slot::DeviceId))                                                                                                  { DBG_ERROR(F("Cryptography processor read failure.")); return 0; }
+  ECCX08.end();
+  #endif
+
   #ifdef BOARD_HAS_ECCX08
   if (!ECCX08.begin())                                                                                                                                                         { DBG_ERROR(F("Cryptography processor failure. Make sure you have a compatible board.")); return 0; }
   if (!CryptoUtil::readDeviceId(ECCX08, getDeviceId(), ECCX08Slot::DeviceId))                                                                                                  { DBG_ERROR(F("Cryptography processor read failure.")); return 0; }
@@ -144,7 +155,7 @@ int ArduinoIoTCloudTCP::begin(String brokerAddress, uint16_t brokerPort)
   addPropertyReal(_ota_req, "OTA_REQ", Permission::ReadWrite).onSync(DEVICE_WINS);
 #endif /* OTA_ENABLED */
 
-#if OTA_STORAGE_SNU
+#if OTA_STORAGE_SNU && OTA_ENABLED
   String const nina_fw_version = WiFi.firmwareVersion();
   if (nina_fw_version < "1.4.1") {
     _ota_cap = false;
diff --git a/src/ArduinoIoTCloudTCP.h b/src/ArduinoIoTCloudTCP.h
@@ -33,6 +33,11 @@
   #include <WiFiClientSecure.h>
 #endif
 
+#ifdef BOARD_HAS_OFFLOADED_ECCX08
+#include "tls/utility/ECCX08Cert.h"
+#include <WiFiSSLClient.h>
+#endif
+
 #include <ArduinoMqttClient.h>
 
 /******************************************************************************
@@ -60,7 +65,7 @@ class ArduinoIoTCloudTCP: public ArduinoIoTCloudClass
     virtual int  connected     () override;
     virtual void printDebugInfo() override;
 
-    #ifdef BOARD_HAS_ECCX08
+    #if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08)
     int begin(ConnectionHandler & connection, String brokerAddress = DEFAULT_BROKER_ADDRESS_SECURE_AUTH, uint16_t brokerPort = DEFAULT_BROKER_PORT_SECURE_AUTH);
     #else
     int begin(ConnectionHandler & connection, String brokerAddress = DEFAULT_BROKER_ADDRESS_USER_PASS_AUTH, uint16_t brokerPort = DEFAULT_BROKER_PORT_USER_PASS_AUTH);
@@ -98,9 +103,12 @@ class ArduinoIoTCloudTCP: public ArduinoIoTCloudClass
     int _mqtt_data_len;
     bool _mqtt_data_request_retransmit;
 
-    #ifdef BOARD_HAS_ECCX08
+    #if defined(BOARD_HAS_ECCX08)
     ECCX08CertClass _eccx08_cert;
     BearSSLClient _sslClient;
+    #elif defined(BOARD_HAS_OFFLOADED_ECCX08)
+    ECCX08CertClass _eccx08_cert;
+    WiFiBearSSLClient _sslClient;
     #elif defined(BOARD_ESP)
     WiFiClientSecure _sslClient;
     String _password;
diff --git a/src/tls/utility/CryptoUtil.cpp b/src/tls/utility/CryptoUtil.cpp
@@ -21,7 +21,7 @@
 
 #include "CryptoUtil.h"
 
-#ifdef BOARD_HAS_ECCX08
+#if defined(BOARD_HAS_ECCX08) || defined (BOARD_HAS_OFFLOADED_ECCX08)
 
 /******************************************************************************
  * PUBLIC MEMBER FUNCTIONS
diff --git a/src/tls/utility/CryptoUtil.h b/src/tls/utility/CryptoUtil.h
@@ -24,7 +24,7 @@
 
 #include <AIoTC_Config.h>
 
-#ifdef BOARD_HAS_ECCX08
+#if defined(BOARD_HAS_ECCX08) || defined (BOARD_HAS_OFFLOADED_ECCX08)
 
 #include <Arduino.h>
 #include <ArduinoECCX08.h>
diff --git a/src/tls/utility/ECCX08Cert.cpp b/src/tls/utility/ECCX08Cert.cpp
@@ -21,7 +21,7 @@
 
 #include <AIoTC_Config.h>
 
-#ifdef BOARD_HAS_ECCX08
+#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08)
 
 #include "../../tls/bearssl/bearssl_hash.h"
 #include <ArduinoECCX08.h>
diff --git a/src/tls/utility/ECCX08Cert.h b/src/tls/utility/ECCX08Cert.h
@@ -24,7 +24,7 @@
 
 #include <AIoTC_Config.h>
 
-#ifdef BOARD_HAS_ECCX08
+#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08)
 
 #include <Arduino.h>
 
