From db4bce01ab6d8e4ad81e59995def48b5728d9b36 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Fri, 17 Jul 2020 21:45:28 +0530 Subject: [PATCH] mqtt: i)fix version check for secure_element ii) fix secure_element error return The feature allows use of secure element for TLS connections, which makes use of hardware security for storage of client private keys(only keys with ECC algorithm) Applicable IDF versions: >= 4.2 --- include/mqtt_supported_features.h | 8 ++++++-- mqtt_client.c | 16 +++++++++------- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/include/mqtt_supported_features.h b/include/mqtt_supported_features.h index 54951d6..3be0f30 100644 --- a/include/mqtt_supported_features.h +++ b/include/mqtt_supported_features.h @@ -46,8 +46,12 @@ #define MQTT_SUPPORTED_FEATURE_DER_CERTIFICATES #define MQTT_SUPPORTED_FEATURE_ALPN #define MQTT_SUPPORTED_FEATURE_CLIENT_KEY_PASSWORD -#define MQTT_SUPPORTED_FEATURE_SECURE_ELEMENT -#endif #endif +#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(4, 2, 0) +// Features supported in 4.2 +#define MQTT_SUPPORTED_FEATURE_SECURE_ELEMENT +#endif + +#endif /* ESP_IDF_VERSION */ #endif // _MQTT_SUPPORTED_FEATURES_H_ diff --git a/mqtt_client.c b/mqtt_client.c index edfec7a..307dc26 100644 --- a/mqtt_client.c +++ b/mqtt_client.c @@ -208,15 +208,17 @@ static esp_err_t esp_mqtt_set_ssl_transport_properties(esp_transport_list_handle } if (cfg->use_secure_element) { -#if defined(MQTT_SUPPORTED_FEATURE_SECURE_ELEMENT) && (CONFIG_ESP_TLS_USE_SECURE_ELEMENT) +#ifdef MQTT_SUPPORTED_FEATURE_SECURE_ELEMENT +#ifdef CONFIG_ESP_TLS_USE_SECURE_ELEMENT esp_transport_ssl_use_secure_element(ssl); -#ifdef CONFIG_ATECC608A_TCUSTOM - ESP_OK_CHECK(TAG, esp_mqtt_set_cert_key_data(ssl, MQTT_SSL_DATA_API_CLIENT_CERT, cfg->clientcert_buf, cfg->clientcert_bytes), - goto esp_mqtt_set_transport_failed); -#endif #else - ESP_LOGE(TAG, "secure element not enabled for esp-tls in menuconfig"); -#endif + ESP_LOGE(TAG, "Secure element not enabled for esp-tls in menuconfig"); + goto esp_mqtt_set_transport_failed; +#endif /* CONFIG_ESP_TLS_USE_SECURE_ELEMENT */ +#else + ESP_LOGE(TAG, "Secure element feature is not available in IDF version %s", IDF_VER); + goto esp_mqtt_set_transport_failed; +#endif /* MQTT_SUPPORTED_FEATURE_SECURE_ELEMENT */ } ESP_OK_CHECK(TAG, esp_mqtt_set_cert_key_data(ssl, MQTT_SSL_DATA_API_CLIENT_CERT, cfg->clientcert_buf, cfg->clientcert_bytes), goto esp_mqtt_set_transport_failed);