Skip to content
Permalink
Browse files

Add ssl_opts helper to simplify integrations

This saves boilerplate code when using a NervesKey with libraries that
use TLS like NervesHub, Tortoise, etc.
  • Loading branch information...
fhunleth committed Oct 16, 2019
1 parent 9d01140 commit d34d3849e2c06cffda729b83aa0202f7c6e81434
Showing with 30 additions and 1 deletion.
  1. +29 −0 lib/nerves_key.ex
  2. +1 −1 mix.exs
@@ -57,6 +57,35 @@ defmodule NervesKey do
serial_number
end

@doc """
Return ssl_opts for using the NervesKey
Pass an engine and optionally which certificate that you'd like to use.
"""
@spec ssl_opts(ATECC508A.Transport.t(), certificate_pair()) :: keyword()
def ssl_opts(transport, which \\ :primary) do
{:ok, engine} = NervesKey.PKCS11.load_engine()

cert =
NervesKey.device_cert(transport, which)
|> X509.Certificate.to_der()

signer_cert =
NervesKey.signer_cert(transport, which)
|> X509.Certificate.to_der()

transport_info = ATECC508A.Transport.info(transport)

key = NervesKey.PKCS11.private_key(engine, i2c: i2c_instance(transport_info.bus_name))
cacerts = [signer_cert]

[key: key, cert: cert, cacerts: cacerts]
end

defp i2c_instance(<<"i2c-", instance::binary>>) do
String.to_integer(instance)
end

@doc """
Read the device certificate from the slot
@@ -47,7 +47,7 @@ defmodule NervesKey.MixProject do

defp deps do
[
{:atecc508a, "~> 0.2"},
{:atecc508a, "~> 0.2.1"},
{:nerves_key_pkcs11, "~> 0.1"},
{:ex_doc, "~> 0.20", only: :dev, runtime: false},
{:dialyxir, "~> 1.0.0-rc.6", only: :dev, runtime: false}

0 comments on commit d34d384

Please sign in to comment.
You can’t perform that action at this time.