feat(mqtt): Add support for ECDSA signing

Added support for ECDSA signing in MQTT.

include/mqtt_client.h

@@ -308,6 +308,8 @@ typedef struct esp_mqtt_client_config_t {
             bool use_secure_element; /*!< Enable secure element, available in ESP32-ROOM-32SE, for SSL connection */
             void *ds_data; /*!< Carrier of handle for digital signature parameters, digital signature peripheral is
                    available in some Espressif devices.  It's not copied nor freed by the client, user needs to clean up.*/
+            bool use_ecdsa_peripheral; /*!< Enable ECDSA peripheral, available in some Espressif devices. */
+            uint8_t ecdsa_key_efuse_blk; /*!< ECDSA key block number from efuse, available in some Espressif devices. */
         } authentication; /*!< Client authentication */
     } credentials; /*!< User credentials for broker */
     /**

include/mqtt_supported_features.h

@@ -69,6 +69,11 @@
 #define MQTT_SUPPORTED_FEATURE_CRT_CMN_NAME
 #endif
 
+#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(5, 3, 0)
+// Features supported in 5.3.0
+#define MQTT_SUPPORTED_FEATURE_ECDSA_PERIPHERAL
+#endif
+
 
 #endif /* ESP_IDF_VERSION */
 #endif // _MQTT_SUPPORTED_FEATURES_H_

lib/include/mqtt_client_priv.h

@@ -96,6 +96,8 @@ typedef struct {
     const char *common_name;
     bool use_secure_element;
     void *ds_data;
+    bool use_ecdsa_peripheral;
+    uint8_t ecdsa_key_efuse_blk;
     int message_retransmit_timeout;
     uint64_t outbox_limit;
     esp_transport_handle_t transport;

mqtt_client.c

@@ -231,6 +231,21 @@ static esp_err_t esp_mqtt_set_ssl_transport_properties(esp_transport_list_handle
         goto esp_mqtt_set_transport_failed;
 #endif
     }
+
+    if (cfg->use_ecdsa_peripheral) {
+#ifdef MQTT_SUPPORTED_FEATURE_ECDSA_PERIPHERAL
+#ifdef CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN
+        esp_transport_ssl_set_client_key_ecdsa_peripheral(ssl, cfg->ecdsa_key_efuse_blk);
+#else
+        ESP_LOGE(TAG, "ECDSA peripheral not enabled for esp-tls in menuconfig");
+        goto esp_mqtt_set_transport_failed;
+#endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN */
+#else
+        ESP_LOGE(TAG, "ECDSA peripheral feature is not available in IDF version %s", IDF_VER);
+        goto esp_mqtt_set_transport_failed;
+#endif /* MQTT_SUPPORTED_FEATURE_ECDSA_PERIPHERAL */
+    }
+
     ESP_OK_CHECK(TAG, esp_mqtt_set_cert_key_data(ssl, MQTT_SSL_DATA_API_CLIENT_CERT, cfg->clientcert_buf, cfg->clientcert_bytes),
                  goto esp_mqtt_set_transport_failed);
     ESP_OK_CHECK(TAG, esp_mqtt_set_cert_key_data(ssl, MQTT_SSL_DATA_API_CLIENT_KEY, cfg->clientkey_buf, cfg->clientkey_bytes),
@@ -570,6 +585,8 @@ esp_err_t esp_mqtt_set_config(esp_mqtt_client_handle_t client, const esp_mqtt_cl
     client->config->common_name = config->broker.verification.common_name;
     client->config->use_secure_element = config->credentials.authentication.use_secure_element;
     client->config->ds_data = config->credentials.authentication.ds_data;
+    client->config->use_ecdsa_peripheral = config->credentials.authentication.use_ecdsa_peripheral;
+    client->config->ecdsa_key_efuse_blk = config->credentials.authentication.ecdsa_key_efuse_blk;
 
     if (config->credentials.authentication.key_password && config->credentials.authentication.key_password_len) {
         client->config->clientkey_password_len = config->credentials.authentication.key_password_len;