From a7ff9afa3f82a10433bd0dfab8225e315b6f7213 Mon Sep 17 00:00:00 2001
From: Aditya Patwardhan <aditya.patwardhan@espressif.com>
Date: Thu, 18 Jun 2020 09:17:45 +0530
Subject: [PATCH] esp-mqtt: add support for tls with secure element (ATECC608A)
 Closes https://github.com/espressif/esp-mqtt/issues/156

---
 include/mqtt_client.h             |  1 +
 include/mqtt_supported_features.h |  1 +
 mqtt_client.c                     | 13 +++++++++++++
 3 files changed, 15 insertions(+)

diff --git a/include/mqtt_client.h b/include/mqtt_client.h
index 1eb7e35..b20f63f 100644
--- a/include/mqtt_client.h
+++ b/include/mqtt_client.h
@@ -183,6 +183,7 @@ typedef struct {
     esp_mqtt_protocol_ver_t protocol_ver;   /*!< MQTT protocol version used for connection, defaults to value from menuconfig*/
     int out_buffer_size;                    /*!< size of MQTT output buffer. If not defined, both output and input buffers have the same size defined as ``buffer_size`` */
     bool skip_cert_common_name_check;       /*!< Skip any validation of server certificate CN field, this reduces the security of TLS and makes the mqtt client susceptible to MITM attacks  */
+    bool use_secure_element;                /*!< enable secure element for enabling SSL connection */
 } esp_mqtt_client_config_t;
 
 /**
diff --git a/include/mqtt_supported_features.h b/include/mqtt_supported_features.h
index aef7cf3..54951d6 100644
--- a/include/mqtt_supported_features.h
+++ b/include/mqtt_supported_features.h
@@ -46,6 +46,7 @@
 #define MQTT_SUPPORTED_FEATURE_DER_CERTIFICATES
 #define MQTT_SUPPORTED_FEATURE_ALPN
 #define MQTT_SUPPORTED_FEATURE_CLIENT_KEY_PASSWORD
+#define MQTT_SUPPORTED_FEATURE_SECURE_ELEMENT
 #endif
 #endif
 
diff --git a/mqtt_client.c b/mqtt_client.c
index 328b5a6..bf2e818 100644
--- a/mqtt_client.c
+++ b/mqtt_client.c
@@ -81,6 +81,7 @@ typedef struct {
     size_t clientkey_bytes;
     const struct psk_key_hint *psk_hint_key;
     bool skip_cert_common_name_check;
+    bool use_secure_element;
 } mqtt_config_storage_t;
 
 typedef enum {
@@ -206,6 +207,17 @@ static esp_err_t esp_mqtt_set_ssl_transport_properties(esp_transport_list_handle
                      goto esp_mqtt_set_transport_failed);
     }
 
+    if (cfg->use_secure_element) {
+#if defined(MQTT_SUPPORTED_FEATURE_SECURE_ELEMENT) && (CONFIG_ESP_TLS_USE_SECURE_ELEMENT)
+        esp_transport_ssl_use_secure_element(ssl);
+#ifdef CONFIG_ATECC608A_TCUSTOM
+        ESP_OK_CHECK(TAG, esp_mqtt_set_cert_key_data(ssl, MQTT_SSL_DATA_API_CLIENT_CERT, cfg->clientcert_buf, cfg->clientcert_bytes),
+                    goto esp_mqtt_set_transport_failed);
+#endif
+#else
+        ESP_LOGE(TAG, "secure element not enabled for esp-tls in menuconfig");
+#endif
+    }
     ESP_OK_CHECK(TAG, esp_mqtt_set_cert_key_data(ssl, MQTT_SSL_DATA_API_CLIENT_CERT, cfg->clientcert_buf, cfg->clientcert_bytes),
                  goto esp_mqtt_set_transport_failed);
     ESP_OK_CHECK(TAG, esp_mqtt_set_cert_key_data(ssl, MQTT_SSL_DATA_API_CLIENT_KEY, cfg->clientkey_buf, cfg->clientkey_bytes),
@@ -428,6 +440,7 @@ esp_err_t esp_mqtt_set_config(esp_mqtt_client_handle_t client, const esp_mqtt_cl
     cfg->clientkey_bytes = config->client_key_len;
     cfg->psk_hint_key = config->psk_hint_key;
     cfg->skip_cert_common_name_check = config->skip_cert_common_name_check;
+    cfg->use_secure_element = config->use_secure_element;
 
     if (config->clientkey_password && config->clientkey_password_len) {
         cfg->clientkey_password_len = config->clientkey_password_len;