tcp_transport: added API for client-key password

2019-12-30 08:40:50 +01:00 · 2019-12-30 08:40:50 +01:00 · b69ac4448e
parent 0a8c641e6f
commit b69ac4448e
3 changed files with 20 additions and 1 deletions
--- a/components/esp-tls/esp_tls_mbedtls.c
+++ b/components/esp-tls/esp_tls_mbedtls.c
@ -266,7 +266,7 @@ static esp_err_t set_pki_context(esp_tls_t *tls, const esp_tls_pki_t *pki)
        }

        ret = mbedtls_pk_parse_key(pki->pk_key, pki->privkey_pem_buf, pki->privkey_pem_bytes,
-                                   NULL, 0);
+                                   pki->privkey_password, pki->privkey_password_len);
        if (ret < 0) {
            ESP_LOGE(TAG, "mbedtls_pk_parse_keyfile returned -0x%x", -ret);
            ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ERR_TYPE_MBEDTLS, -ret);
--- a/components/tcp_transport/include/esp_transport_ssl.h
+++ b/components/tcp_transport/include/esp_transport_ssl.h
@ -92,6 +92,16 @@ void esp_transport_ssl_set_client_cert_data_der(esp_transport_handle_t t, const
 */
 void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char *data, int len);

+/**
+ * @brief      Set SSL client key password if the key is password protected. The configured
+ *             password is passed to the underlying TLS stack to decrypt the client key
+ *
+ * @param      t     ssl transport
+ * @param[in]  password  Pointer to the password
+ * @param[in]  password_len   Password length
+ */
+void esp_transport_ssl_set_client_key_password(esp_transport_handle_t t, const char *password, int password_len);
+
 /**
 * @brief      Set SSL client key data for mutual authentication (as DER format).
 *             Note that, this function stores the pointer to data, rather than making a copy.
--- a/components/tcp_transport/transport_ssl.c
+++ b/components/tcp_transport/transport_ssl.c
@ -245,6 +245,15 @@ void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char
    }
 }

+void esp_transport_ssl_set_client_key_password(esp_transport_handle_t t, const char *password, int password_len)
+{
+    transport_ssl_t *ssl = esp_transport_get_context_data(t);
+    if (t && ssl) {
+        ssl->cfg.clientkey_password = (void *)password;
+        ssl->cfg.clientkey_password_len = password_len;
+    }
+}
+
 void esp_transport_ssl_set_client_key_data_der(esp_transport_handle_t t, const char *data, int len)
 {
    transport_ssl_t *ssl = esp_transport_get_context_data(t);