mirror of
https://github.com/espressif/esp-idf.git
synced 2026-07-14 06:53:05 +03:00
feat(esp-tls): Add unified private key interface via esp_key_config_t
Add ESP_KEY_SOURCE_BUFFER and ESP_KEY_SOURCE_PSA key sources so all hardware backends (DS, ECDSA, secure element) are accessed via PSA key IDs through a single esp_tls_cfg_t.client_key field.
This commit is contained in:
@@ -348,48 +348,47 @@ static esp_err_t create_secure_context(const struct httpd_ssl_config *config, ht
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Pass on secure element boolean */
|
||||
cfg->use_secure_element = config->use_secure_element;
|
||||
if (!cfg->use_secure_element) {
|
||||
if (config->use_ecdsa_peripheral) {
|
||||
if (config->use_ecdsa_peripheral) {
|
||||
#ifdef CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN
|
||||
(*ssl_ctx)->tls_cfg->use_ecdsa_peripheral = config->use_ecdsa_peripheral;
|
||||
(*ssl_ctx)->tls_cfg->ecdsa_key_efuse_blk = config->ecdsa_key_efuse_blk;
|
||||
(*ssl_ctx)->tls_cfg->use_ecdsa_peripheral = config->use_ecdsa_peripheral;
|
||||
(*ssl_ctx)->tls_cfg->ecdsa_key_efuse_blk = config->ecdsa_key_efuse_blk;
|
||||
#if SOC_ECDSA_SUPPORT_CURVE_P384
|
||||
(*ssl_ctx)->tls_cfg->ecdsa_key_efuse_blk_high = config->ecdsa_key_efuse_blk_high;
|
||||
(*ssl_ctx)->tls_cfg->ecdsa_key_efuse_blk_high = config->ecdsa_key_efuse_blk_high;
|
||||
#endif
|
||||
(*ssl_ctx)->tls_cfg->ecdsa_curve = config->ecdsa_curve;
|
||||
(*ssl_ctx)->tls_cfg->ecdsa_curve = config->ecdsa_curve;
|
||||
#else
|
||||
ESP_LOGE(TAG, "Please enable the support for signing using ECDSA peripheral in menuconfig.");
|
||||
ret = ESP_ERR_NOT_SUPPORTED;
|
||||
goto exit;
|
||||
ESP_LOGE(TAG, "Please enable the support for signing using ECDSA peripheral in menuconfig.");
|
||||
ret = ESP_ERR_NOT_SUPPORTED;
|
||||
goto exit;
|
||||
#endif
|
||||
} else if (config->prvtkey_pem != NULL && config->prvtkey_len > 0) {
|
||||
cfg->serverkey_buf = malloc(config->prvtkey_len);
|
||||
} else if (config->server_key != NULL) {
|
||||
/* Unified key config - pass directly to esp_tls */
|
||||
cfg->server_key = config->server_key;
|
||||
} else if (config->prvtkey_pem != NULL && config->prvtkey_len > 0) {
|
||||
cfg->serverkey_buf = malloc(config->prvtkey_len);
|
||||
|
||||
if (cfg->serverkey_buf) {
|
||||
memcpy((char *) cfg->serverkey_buf, config->prvtkey_pem, config->prvtkey_len);
|
||||
cfg->serverkey_bytes = config->prvtkey_len;
|
||||
} else {
|
||||
ESP_LOGE(TAG, "Could not allocate memory for server key");
|
||||
ret = ESP_ERR_NO_MEM;
|
||||
goto exit;
|
||||
}
|
||||
if (cfg->serverkey_buf) {
|
||||
memcpy((char *) cfg->serverkey_buf, config->prvtkey_pem, config->prvtkey_len);
|
||||
cfg->serverkey_bytes = config->prvtkey_len;
|
||||
} else {
|
||||
ESP_LOGE(TAG, "Could not allocate memory for server key");
|
||||
ret = ESP_ERR_NO_MEM;
|
||||
goto exit;
|
||||
}
|
||||
} else {
|
||||
#if defined(CONFIG_ESP_HTTPS_SERVER_CERT_SELECT_HOOK)
|
||||
if (config->cert_select_cb == NULL) {
|
||||
ESP_LOGE(TAG, "No Server key supplied and no certificate selection hook is present");
|
||||
ret = ESP_ERR_INVALID_ARG;
|
||||
goto exit;
|
||||
} else {
|
||||
ESP_LOGW(TAG, "Server key not supplied, make sure to supply it in the certificate selection hook");
|
||||
}
|
||||
#else
|
||||
ESP_LOGE(TAG, "No Server key supplied");
|
||||
if (config->cert_select_cb == NULL) {
|
||||
ESP_LOGE(TAG, "No Server key supplied and no certificate selection hook is present");
|
||||
ret = ESP_ERR_INVALID_ARG;
|
||||
goto exit;
|
||||
#endif
|
||||
} else {
|
||||
ESP_LOGW(TAG, "Server key not supplied, make sure to supply it in the certificate selection hook");
|
||||
}
|
||||
#else
|
||||
ESP_LOGE(TAG, "No Server key supplied");
|
||||
ret = ESP_ERR_INVALID_ARG;
|
||||
goto exit;
|
||||
#endif
|
||||
}
|
||||
|
||||
return ret;
|
||||
|
||||
Reference in New Issue
Block a user