[os-2426] Support manual ATECC608A i2c address configuration

orbital-systems · Aug 26, 2024 · ea37259 · ea37259
1 parent d522d29
commit ea37259
Show file tree

Hide file tree

Showing 9 changed files with 45 additions and 5 deletions.
diff --git a/components/esp-tls/esp_tls.h b/components/esp-tls/esp_tls.h
@@ -211,6 +211,9 @@ typedef struct esp_tls_cfg {
     const int *ciphersuites_list;           /*!< Pointer to a zero-terminated array of IANA identifiers of TLS ciphersuites.
                                                 Please check the list validity by esp_tls_get_ciphersuites_list() API */
     esp_tls_proto_ver_t tls_version;        /*!< TLS protocol version of the connection, e.g., TLS 1.2, TLS 1.3 (default - no preference) */
+#ifdef CONFIG_ATECC608A_MANUAL_SELECTION
+    uint8_t atecc608a_i2c_addr;            /*!< I2C address of the atecc608a chip */
+#endif // CONFIG_ATECC608A_MANUAL_SELECTION
 } esp_tls_cfg_t;
 
 #if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
@@ -322,6 +325,10 @@ typedef struct esp_tls_cfg_server {
                                                      TLS extensions, such as ALPN and server_certificate_type . */
 #endif
 
+#if defined(CONFIG_ATECC608A_MANUAL_SELECTION)
+    uint8_t atecc608a_i2c_addr;                 /*!< I2C address of the atecc608a chip */
+#endif
+
 } esp_tls_cfg_server_t;
 
 /**

diff --git a/components/esp-tls/esp_tls_mbedtls.c b/components/esp-tls/esp_tls_mbedtls.c
@@ -684,7 +684,6 @@ static esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
                 &cfg->ticket_ctx->ticket_ctx );
     }
 #endif
-
     return ESP_OK;
 }
 
@@ -802,6 +801,14 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
 
     if (cfg->use_secure_element) {
 #ifdef CONFIG_ESP_TLS_USE_SECURE_ELEMENT
+#if defined(CONFIG_ATECC608A_MANUAL_SELECTION)
+        if (cfg->atecc608a_i2c_addr != 0) {
+            tls->atecc608a_i2c_addr = cfg->atecc608a_i2c_addr;
+        } else {
+            ESP_LOGE(TAG, "When using MANUAL SELECTION, i2c address for ATECC608A is required");
+            return ESP_ERR_INVALID_ARG;
+        }
+#endif
         esp_tls_pki_t pki = {
             .public_cert = &tls->clientcert,
             .pk_key = &tls->clientkey,
@@ -1087,7 +1094,7 @@ static esp_err_t esp_set_atecc608a_pki_context(esp_tls_t *tls, const void *pki)
         return ESP_FAIL;
     }
 #elif CONFIG_ATECC608A_MANUAL_SELECTION
-    esp_ret = esp_init_atecc608a(CONFIG_ATCA_I2C_ADDRESS);
+    esp_ret = esp_init_atecc608a(tls->atecc608a_i2c_addr);
     if (ret != ESP_OK) {
         return ESP_ERR_ESP_TLS_SE_FAILED;
     }
@@ -1103,7 +1110,7 @@ static esp_err_t esp_set_atecc608a_pki_context(esp_tls_t *tls, const void *pki)
             return ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED;
         }
     } else {
-        ESP_LOGE(TAG, "Device certificate must be provided for TrustCustom Certs");
+        ESP_LOGE(TAG, "Device certificate must be provided for manual setup");
         return ESP_FAIL;
     }
 #endif /* CONFIG_ATECC608A_MANUAL_SELECTION */

diff --git a/components/esp-tls/private_include/esp_tls_private.h b/components/esp-tls/private_include/esp_tls_private.h
@@ -93,7 +93,9 @@ struct esp_tls {
                                                                                      - ESP_TLS_SERVER */
 
     esp_tls_error_handle_t error_handle;                                        /*!< handle to error descriptor */
-
+#ifdef CONFIG_ATECC608A_MANUAL_SELECTION
+    uint8_t atecc608a_i2c_addr;                                                 /*!< I2C address of the ATECC608A device */
+#endif // CONFIG_ATECC608A_MANUAL_SELECTION
 };
 
 // Function pointer for the server configuration API

diff --git a/components/esp_http_client/esp_http_client.c b/components/esp_http_client/esp_http_client.c
@@ -755,7 +755,11 @@ esp_http_client_handle_t esp_http_client_init(const esp_http_client_config_t *co
 
 #if CONFIG_ESP_TLS_USE_SECURE_ELEMENT
     if (config->use_secure_element) {
+#ifdef CONFIG_ATECC608A_MANUAL_SELECTION
+        esp_transport_ssl_use_secure_element(ssl, config->atecc608a_i2c_addr);
+#else // CONFIG_ATECC608A_MANUAL_SELECTION
         esp_transport_ssl_use_secure_element(ssl);
+#endif // CONFIG_ATECC608A_MANUAL_SELECTION
     }
 #endif
 

diff --git a/components/esp_http_client/include/esp_http_client.h b/components/esp_http_client/include/esp_http_client.h
@@ -180,6 +180,9 @@ typedef struct {
     struct ifreq                *if_name;            /*!< The name of interface for data to go through. Use the default interface without setting */
 #if CONFIG_ESP_TLS_USE_SECURE_ELEMENT
     bool use_secure_element;                /*!< Enable this option to use secure element */
+#ifdef CONFIG_ATECC608A_MANUAL_SELECTION
+    uint8_t atecc608a_i2c_addr;             /*!< ATECC608A I2C address */
+#endif // CONFIG_ATECC608A_MANUAL_SELECTION
 #endif
 #if CONFIG_ESP_TLS_USE_DS_PERIPHERAL
     void *ds_data;                          /*!< Pointer for digital signature peripheral context, see ESP-TLS Documentation for more details */

diff --git a/components/esp_https_server/include/esp_https_server.h b/components/esp_https_server/include/esp_https_server.h
@@ -116,6 +116,9 @@ struct httpd_ssl_config {
     /** Enable secure element for server session */
     bool use_secure_element;
 
+    /** ATECC608A I2C address, used for secure element */
+    uint8_t atecc608a_i2c_addr;
+
     /** User callback for esp_https_server */
     esp_https_server_user_cb *user_cb;
 

diff --git a/components/mqtt/esp-mqtt b/components/mqtt/esp-mqtt
diff --git a/components/tcp_transport/include/esp_transport_ssl.h b/components/tcp_transport/include/esp_transport_ssl.h
@@ -10,6 +10,7 @@
 #include "esp_transport.h"
 #include "esp_tls.h"
 
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -114,6 +115,7 @@ void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char
 
 /**
  * @brief      Set SSL client key password if the key is password protected. The configured
+
  *             password is passed to the underlying TLS stack to decrypt the client key
  *
  * @param      t     ssl transport
@@ -169,8 +171,13 @@ void esp_transport_ssl_set_common_name(esp_transport_handle_t t, const char *com
  * @note       Recommended to be used with ESP32 interfaced to ATECC608A based secure element
  *
  * @param      t     ssl transport
+ * @param      atecc608a_i2c_addr i2c address of the ATECC608A chip to use
  */
+#ifdef CONFIG_ATECC608A_MANUAL_SELECTION
+void esp_transport_ssl_use_secure_element(esp_transport_handle_t t, uint8_t atecc608a_i2c_addr);
+#else
 void esp_transport_ssl_use_secure_element(esp_transport_handle_t t);
+#endif // CONFIG_ATECC608A_MANUAL_SELECTION
 
 /**
  * @brief      Set the ds_data handle in ssl context.(used for the digital signature operation)

diff --git a/components/tcp_transport/transport_ssl.c b/components/tcp_transport/transport_ssl.c
@@ -452,10 +452,17 @@ void esp_transport_ssl_set_common_name(esp_transport_handle_t t, const char *com
 }
 
 #ifdef CONFIG_ESP_TLS_USE_SECURE_ELEMENT
+#ifdef CONFIG_ATECC608A_MANUAL_SELECTION
+void esp_transport_ssl_use_secure_element(esp_transport_handle_t t, uint8_t atecc608a_i2c_addr)
+#else
 void esp_transport_ssl_use_secure_element(esp_transport_handle_t t)
+#endif // CONFIG_ATECC608A_MANUAL_SELECTION
 {
     GET_SSL_FROM_TRANSPORT_OR_RETURN(ssl, t);
     ssl->cfg.use_secure_element = true;
+#ifdef CONFIG_ATECC608A_MANUAL_SELECTION
+    ssl->cfg.atecc608a_i2c_addr = atecc608a_i2c_addr;
+#endif // CONFIG_ATECC608A_MANUAL_SELECTION
 }
 #endif
+30 −1		include/mqtt_client.h
+3 −0		lib/include/mqtt_client_priv.h
+22 −14		mqtt_client.c