Merge pull request #292 from pennam/ta-override

pennam · web-flow · commit 070f84d35301 · 2025-03-25T13:33:50.000+01:00
Add command to override BearSSL TrustAnchor
diff --git a/src/WiFiClient.cpp b/src/WiFiClient.cpp
@@ -194,6 +194,11 @@ int WiFiClient::connectBearSSL(const char *host, uint16_t port)
     return 1;
 }
 
+int WiFiClient::setECTrustAnchorBearSSL(const uint8_t *dName, uint32_t dNameSize, uint16_t flags, uint16_t curve, const uint8_t *key, uint32_t keySize)
+{
+  return ServerDrv::setECTrustAnchorBearSSL(dName, dNameSize, flags, curve, key, keySize);
+}
+
 size_t WiFiClient::write(uint8_t b) {
 	  return write(&b, 1);
 }
diff --git a/src/WiFiClient.h b/src/WiFiClient.h
@@ -38,6 +38,7 @@ class WiFiClient : public Client {
   virtual int connectSSL(const char *host, uint16_t port);
   virtual int connectBearSSL(IPAddress ip, uint16_t port);
   virtual int connectBearSSL(const char *host, uint16_t port);
+  virtual int setECTrustAnchorBearSSL(const uint8_t *dName, uint32_t dNameSize, uint16_t flags, uint16_t curve, const uint8_t *key, uint32_t keySize);
   virtual size_t write(uint8_t);
   virtual size_t write(const uint8_t *buf, size_t size);
   virtual size_t retry(const uint8_t *buf, size_t size, bool write);
diff --git a/src/WiFiSSLClient.cpp b/src/WiFiSSLClient.cpp
@@ -58,3 +58,8 @@ int WiFiBearSSLClient::connect(const char* host, uint16_t port)
 {
 	return WiFiClient::connectBearSSL(host, port);
 }
+
+int WiFiBearSSLClient::setECTrustAnchor(const uint8_t *dName, uint32_t dNameSize, uint16_t flags, uint16_t curve, const uint8_t *key, uint32_t keySize)
+{
+  return WiFiClient::setECTrustAnchorBearSSL(dName, dNameSize, flags, curve, key, keySize);
+}
diff --git a/src/WiFiSSLClient.h b/src/WiFiSSLClient.h
@@ -40,6 +40,7 @@ class WiFiBearSSLClient : public WiFiClient {
 
 	virtual int connect(IPAddress ip, uint16_t port);
 	virtual int connect(const char* host, uint16_t port);
+  virtual int setECTrustAnchor(const uint8_t *dName, uint32_t dNameSize, uint16_t flags, uint16_t curve, const uint8_t *key, uint32_t keySize);
 };
 
 #endif /* WIFISSLCLIENT_H */
diff --git a/src/utility/server_drv.cpp b/src/utility/server_drv.cpp
@@ -514,4 +514,49 @@ uint8_t ServerDrv::getSocket()
     return _data;
 }
 
+uint8_t ServerDrv::setECTrustAnchorBearSSL(const uint8_t *dName, uint32_t dNameSize, uint16_t flags, uint16_t curve, const uint8_t *key, uint32_t keySize)
+{
+    WAIT_FOR_SLAVE_SELECT();
+
+    int commandSize = 4;
+    SpiDrv::sendCmd(BRSSL_SET_EC_TA, PARAM_NUMS_4);
+
+    /* Send distinguished name */
+    SpiDrv::sendBuffer((uint8_t*)dName, dNameSize);
+    commandSize += dNameSize + 1;
+
+    /* Send flags */
+    SpiDrv::sendParam(flags);
+    commandSize += 2;
+
+    /* Send curve */
+    SpiDrv::sendParam(curve);
+    commandSize += 2;
+
+    /* Send key */
+    SpiDrv::sendBuffer((uint8_t*)key, keySize, LAST_PARAM);
+    commandSize += keySize + 1;
+
+    // pad to multiple of 4
+    while (commandSize % 4) {
+        SpiDrv::readChar();
+        commandSize++;
+    }
+
+    SpiDrv::spiSlaveDeselect();
+    //Wait the reply elaboration
+    SpiDrv::waitForSlaveReady();
+    SpiDrv::spiSlaveSelect();
+
+    // Wait for reply
+    uint8_t result = 0;
+    uint8_t len = 1;
+    SpiDrv::waitResponseCmd(BRSSL_SET_EC_TA, PARAM_NUMS_1, (uint8_t*)&result, &len);
+
+    SpiDrv::spiSlaveDeselect();
+
+    // if everything went ok the returned value is 0
+    return result == 0;
+}
+
 ServerDrv serverDrv;
diff --git a/src/utility/server_drv.h b/src/utility/server_drv.h
@@ -40,7 +40,7 @@ class ServerDrv
     static void startClient(const char* host, uint8_t host_len, uint32_t ipAddress, uint16_t port, uint8_t sock, uint8_t protMode=TCP_MODE);
 
     static void stopClient(uint8_t sock);
-                                                                                  
+
     static uint8_t getServerState(uint8_t sock);
 
     static uint8_t getClientState(uint8_t sock);
@@ -62,6 +62,8 @@ class ServerDrv
     static uint8_t checkDataSent(uint8_t sock);
 
     static uint8_t getSocket();
+
+    static uint8_t setECTrustAnchorBearSSL(const uint8_t *dName, uint32_t dNameSize, uint16_t flags, uint16_t curve, const uint8_t *key, uint32_t keySize);
 };
 
 extern ServerDrv serverDrv;
diff --git a/src/utility/wifi_spi.h b/src/utility/wifi_spi.h
@@ -126,6 +126,10 @@ enum {
     APPLY_OTA_COMMAND	= 0x65,
 	RENAME_FILE			= 0x66,
 	DOWNLOAD_OTA		= 0x67,
+	BRSSL_SET_EC_TA     = 0x68,
+
+	// Low-level BSD-like sockets functions.
+	// From 0x70 to 0x7F
 };
 
 

Original file line number	Diff line number	Diff line change
`@@ -194,6 +194,11 @@ int WiFiClient::connectBearSSL(const char *host, uint16_t port)`
`194`	`194`	`return 1;`
`195`	`195`	`}`
`196`	`196`
	`197`	`+int WiFiClient::setECTrustAnchorBearSSL(const uint8_t dName, uint32_t dNameSize, uint16_t flags, uint16_t curve, const uint8_t key, uint32_t keySize)`
	`198`	`+{`
	`199`	`+ return ServerDrv::setECTrustAnchorBearSSL(dName, dNameSize, flags, curve, key, keySize);`
	`200`	`+}`
	`201`	`+`
`197`	`202`	`size_t WiFiClient::write(uint8_t b) {`
`198`	`203`	`return write(&b, 1);`
`199`	`204`	`}`
Original file line number	Diff line number	Diff line change
`@@ -58,3 +58,8 @@ int WiFiBearSSLClient::connect(const char* host, uint16_t port)`
`58`	`58`	`{`
`59`	`59`	`return WiFiClient::connectBearSSL(host, port);`
`60`	`60`	`}`
	`61`	`+`
	`62`	`+int WiFiBearSSLClient::setECTrustAnchor(const uint8_t dName, uint32_t dNameSize, uint16_t flags, uint16_t curve, const uint8_t key, uint32_t keySize)`
	`63`	`+{`
	`64`	`+ return WiFiClient::setECTrustAnchorBearSSL(dName, dNameSize, flags, curve, key, keySize);`
	`65`	`+}`