[os-2426] Adapt to the CUSTOM config for MBEDTLS (set in cryptoauthlib)

orbital-systems · Aug 16, 2024 · a5ebaa7 · a5ebaa7
1 parent 8e4454b
commit a5ebaa7
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/components/esp-tls/Kconfig b/components/esp-tls/Kconfig
@@ -15,7 +15,7 @@ menu "ESP-TLS"
 
     config ESP_TLS_USE_SECURE_ELEMENT
         bool "Use Secure Element (ATECC608A) with ESP-TLS"
-        depends on IDF_TARGET_ESP32 && ESP_TLS_USING_MBEDTLS
+        depends on ESP_TLS_USING_MBEDTLS
         select ATCA_MBEDTLS_ECDSA
         select ATCA_MBEDTLS_ECDSA_SIGN
         select ATCA_MBEDTLS_ECDSA_VERIFY

diff --git a/components/esp-tls/esp_tls_mbedtls.c b/components/esp-tls/esp_tls_mbedtls.c
@@ -374,8 +374,10 @@ void esp_mbedtls_cleanup(esp_tls_t *tls)
     mbedtls_ctr_drbg_free(&tls->ctr_drbg);
     mbedtls_ssl_free(&tls->ssl);
 #ifdef CONFIG_ESP_TLS_USE_SECURE_ELEMENT
+#ifndef CONFIG_ATECC608A_MANUAL_SELECTION
     atcab_release();
 #endif
+#endif
 #ifdef CONFIG_ESP_TLS_USE_DS_PERIPHERAL
     esp_ds_release_ds_lock();
 #endif
@@ -1073,6 +1075,26 @@ static esp_err_t esp_set_atecc608a_pki_context(esp_tls_t *tls, const void *pki)
     }
     mbedtls_x509_crt_init(&tls->clientcert);
 
+    esp_tls_pki_t *pki_l = (esp_tls_pki_t *) pki;
+    if (pki_l->publiccert_pem_buf != NULL) {
+        ret = mbedtls_x509_crt_parse(&tls->clientcert, pki_l->publiccert_pem_buf, pki_l->publiccert_pem_bytes);
+        if (ret < 0) {
+            ESP_LOGE(TAG, "mbedtls_x509_crt_parse of client cert returned -0x%04X", -ret);
+            mbedtls_print_error_msg(ret);
+            ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret);
+            return ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED;
+        }
+    } else {
+        ESP_LOGE(TAG, "Device certificate must be provided for TrustCustom Certs");
+        return ESP_FAIL;
+    }
+#elif CONFIG_ATECC608A_MANUAL_SELECTION
+    esp_ret = esp_init_atecc608a(CONFIG_ATCA_I2C_ADDRESS);
+    if (ret != ESP_OK) {
+        return ESP_ERR_ESP_TLS_SE_FAILED;
+    }
+    mbedtls_x509_crt_init(&tls->clientcert);
+
     esp_tls_pki_t *pki_l = (esp_tls_pki_t *) pki;
     if (pki_l->publiccert_pem_buf != NULL) {
         ret = mbedtls_x509_crt_parse(&tls->clientcert, pki_l->publiccert_pem_buf, pki_l->publiccert_pem_bytes);