Skip to content

Commit

Permalink
Merge branch 'cleanup/atecc608a_example_migration' into 'master'
Browse files Browse the repository at this point in the history
refactor: migrate atecc608a_ecdsa example to crypto authlib repository

Closes IDF-8541 and DOC-6672

See merge request espressif/esp-idf!27642
  • Loading branch information
mahavirj committed Dec 22, 2023
2 parents da4b3d5 + b300c78 commit 341a8f2
Show file tree
Hide file tree
Showing 23 changed files with 35 additions and 380 deletions.
2 changes: 1 addition & 1 deletion components/esp-tls/Kconfig
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ menu "ESP-TLS"
select ATCA_MBEDTLS_ECDSA_VERIFY
help
Enable use of Secure Element for ESP-TLS, this enables internal support for
ATECC608A peripheral on ESPWROOM32SE, which can be used for TLS connection.
ATECC608A peripheral, which can be used for TLS connection.

config ESP_TLS_USE_DS_PERIPHERAL
bool "Use Digital Signature (DS) Peripheral with ESP-TLS"
Expand Down
4 changes: 2 additions & 2 deletions components/esp-tls/esp_tls.h
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ typedef struct esp_tls_cfg {
blocking mode after tls session is established */

bool use_secure_element; /*!< Enable this option to use secure element or
atecc608a chip ( Integrated with ESP32-WROOM-32SE ) */
atecc608a chip */

int timeout_ms; /*!< Network timeout in milliseconds.
Note: If this value is not set, by default the timeout is
Expand Down Expand Up @@ -303,7 +303,7 @@ typedef struct esp_tls_cfg_server {
uint8_t ecdsa_key_efuse_blk; /*!< The efuse block where ECDSA key is stored */

bool use_secure_element; /*!< Enable this option to use secure element or
atecc608a chip ( Integrated with ESP32-WROOM-32SE ) */
atecc608a chip */


#if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
Expand Down
4 changes: 2 additions & 2 deletions components/mbedtls/Kconfig
Original file line number Diff line number Diff line change
Expand Up @@ -527,14 +527,14 @@ menu "mbedTLS"
default n
help
This option enables hardware acceleration for ECDSA sign function, only
when using ATECC608A cryptoauth chip (integrated with ESP32-WROOM-32SE)
when using ATECC608A cryptoauth chip.

config MBEDTLS_ATCA_HW_ECDSA_VERIFY
bool "Enable hardware ECDSA verify acceleration when using ATECC608A"
default n
help
This option enables hardware acceleration for ECDSA sign function, only
when using ATECC608A cryptoauth chip (integrated with ESP32-WROOM-32SE)
when using ATECC608A cryptoauth chip.

config MBEDTLS_HAVE_TIME
bool "Enable mbedtls time support"
Expand Down
2 changes: 1 addition & 1 deletion components/tcp_transport/include/esp_transport_ssl.h
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ void esp_transport_ssl_set_common_name(esp_transport_handle_t t, const char *com
/**
* @brief Set the ssl context to use secure element (atecc608a) for client(device) private key and certificate
*
* @note Recommended to be used with ESP32-WROOM-32SE (which has inbuilt ATECC608A a.k.a Secure Element)
* @note Recommended to be used with ESP32 interfaced to ATECC608A based secure element
*
* @param t ssl transport
*/
Expand Down
1 change: 0 additions & 1 deletion docs/conf_common.py
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,6 @@
'api-guides/romconsole.rst',
'api-reference/system/ipc.rst',
'security/secure-boot-v1.rst',
'api-reference/peripherals/secure_element.rst',
'api-reference/peripherals/dac.rst',
'api-reference/peripherals/sd_pullup_requirements.rst',
'hw-reference/esp32/**',
Expand Down
1 change: 0 additions & 1 deletion docs/docs_not_updated/esp32p4.txt
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,6 @@ api-reference/peripherals/dac.rst
api-reference/peripherals/touch_element.rst
api-reference/peripherals/lcd.rst
api-reference/peripherals/ana_cmpr.rst
api-reference/peripherals/secure_element.rst
api-reference/peripherals/temp_sensor.rst
api-reference/peripherals/sdio_slave.rst
api-reference/peripherals/clk_tree.rst
Expand Down
1 change: 0 additions & 1 deletion docs/en/api-reference/peripherals/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@ Peripherals API
spi_flash/index
spi_master
spi_slave
:esp32: secure_element
:SOC_SPI_SUPPORT_SLAVE_HD_VER2: spi_slave_hd
:SOC_TEMP_SENSOR_SUPPORTED: temp_sensor
:SOC_TOUCH_SENSOR_SUPPORTED: touch_pad
Expand Down
28 changes: 0 additions & 28 deletions docs/en/api-reference/peripherals/secure_element.rst

This file was deleted.

4 changes: 2 additions & 2 deletions docs/en/api-reference/protocols/esp_tls.rst
Original file line number Diff line number Diff line change
Expand Up @@ -143,11 +143,11 @@ The following table shows a typical comparison between WolfSSL and MbedTLS when
ATECC608A (Secure Element) with ESP-TLS
--------------------------------------------------

ESP-TLS provides support for using ATECC608A cryptoauth chip with ESP32-WROOM-32SE. The use of ATECC608A is supported only when ESP-TLS is used with MbedTLS as its underlying SSL/TLS stack. ESP-TLS uses MbedTLS as its underlying TLS/SSL stack by default unless changed manually.
ESP-TLS provides support for using ATECC608A cryptoauth chip with ESP32 series of SoCs. The use of ATECC608A is supported only when ESP-TLS is used with MbedTLS as its underlying SSL/TLS stack. ESP-TLS uses MbedTLS as its underlying TLS/SSL stack by default unless changed manually.

.. note::

ATECC608A chip on ESP32-WROOM-32SE must be already configured, for details refer `esp_cryptoauth_utility <https://github.com/espressif/esp-cryptoauthlib/blob/master/esp_cryptoauth_utility/README.md#esp_cryptoauth_utility>`_.
ATECC608A chip interfaced to ESP32 must be already configured. For details, please refer to `esp_cryptoauth_utility <https://github.com/espressif/esp-cryptoauthlib/blob/master/esp_cryptoauth_utility/README.md#esp_cryptoauth_utility>`_.

To enable the secure element support, and use it in your project for TLS connection, you have to follow the below steps:

Expand Down
4 changes: 2 additions & 2 deletions docs/en/api-reference/protocols/mqtt.rst
Original file line number Diff line number Diff line change
Expand Up @@ -145,13 +145,13 @@ It is possible to set authentication parameters through the :cpp:class:`authenti

* :cpp:member:`password <esp_mqtt_client_config_t::credentials_t::authentication_t::password>`: use a password by setting
* :cpp:member:`certificate <esp_mqtt_client_config_t::credentials_t::authentication_t::certificate>` and :cpp:member:`key <esp_mqtt_client_config_t::credentials_t::authentication_t::key>`: mutual authentication with TLS, and both can be provided in PEM or DER format
* :cpp:member:`use_secure_element <esp_mqtt_client_config_t::credentials_t::authentication_t::use_secure_element>`: use secure element available in ESP32-WROOM-32SE
* :cpp:member:`use_secure_element <esp_mqtt_client_config_t::credentials_t::authentication_t::use_secure_element>`: use secure element (ATECC608A) interfaced to ESP32
* :cpp:member:`ds_data <esp_mqtt_client_config_t::credentials_t::authentication_t::ds_data>`: use Digital Signature Peripheral available in some Espressif devices

Session
^^^^^^^^^^^

For MQTT session related configurations, :cpp:class:`session <esp_mqtt_client_config_t::session_t>` fields should be used.
For MQTT session-related configurations, :cpp:class:`session <esp_mqtt_client_config_t::session_t>` fields should be used.

=======================
Last Will and Testament
Expand Down
11 changes: 11 additions & 0 deletions docs/en/migration-guides/release-5.x/5.3/peripherals.rst
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@ Peripherals

:link_to_translation:`zh_CN:[中文]`

Drivers
-------

In order to control the dependence of other components on drivers at a smaller granularity, the original peripheral drivers under the `driver`` component were split into separate components:

- `esp_driver_gptimer` - Driver for general purpose timers
Expand Down Expand Up @@ -41,3 +44,11 @@ Should be changed to:
archive: libesp_driver_gpio.a
entries:
gpio (noflash)
Secure Element
--------------

The ATECC608A secure element interfacing example has been moved to `ESP Cryptoauthlib Repository <https://github.com/espressif/esp-cryptoauthlib/tree/master/examples/atecc608_ecdsa>`_ on GitHub.

This example is also part of the `esp-cryptoauthlib <https://components.espressif.com/component/espressif/esp-cryptoauthlib>`_ in the component manager registry.
1 change: 0 additions & 1 deletion docs/zh_CN/api-reference/peripherals/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@
spi_flash/index
spi_master
spi_slave
:esp32: secure_element
:SOC_SPI_SUPPORT_SLAVE_HD_VER2: spi_slave_hd
:SOC_TEMP_SENSOR_SUPPORTED: temp_sensor
:SOC_TOUCH_SENSOR_SUPPORTED: touch_pad
Expand Down
28 changes: 0 additions & 28 deletions docs/zh_CN/api-reference/peripherals/secure_element.rst

This file was deleted.

4 changes: 2 additions & 2 deletions docs/zh_CN/api-reference/protocols/esp_tls.rst
Original file line number Diff line number Diff line change
Expand Up @@ -143,11 +143,11 @@ MbedTLS 与 WolfSSL 对比
ESP-TLS 中的 ATECC608A(安全元件)
--------------------------------------------------

ESP-TLS 支持在 ESP32-WROOM-32SE 上使用 ATECC608A 加密芯片,但必须将 MbedTLS 作为 ESP-TLS 的底层 SSL/TLS 协议栈。未经手动更改,ESP-TLS 默认以 MbedTLS 为其底层 TLS/SSL 协议栈。
ESP-TLS 支持在 ESP32 系列芯片上使用 ATECC608A 加密芯片,但必须将 MbedTLS 作为 ESP-TLS 的底层 SSL/TLS 协议栈。未经手动更改,ESP-TLS 默认以 MbedTLS 为其底层 TLS/SSL 协议栈。

.. note::

在 ESP32-WROOM-32SE 上的 ATECC608A 芯片必须预先配置,详情请参阅 `esp_cryptoauth_utility <https://github.com/espressif/esp-cryptoauthlib/blob/master/esp_cryptoauth_utility/README.md#esp_cryptoauth_utility>`_。
在 ESP32 上的 ATECC608A 芯片必须预先配置,详情请参阅 `esp_cryptoauth_utility <https://github.com/espressif/esp-cryptoauthlib/blob/master/esp_cryptoauth_utility/README.md#esp_cryptoauth_utility>`_。

要启用安全元件支持,并将其应用于工程 TLS 连接,请遵循以下步骤:

Expand Down
2 changes: 1 addition & 1 deletion docs/zh_CN/api-reference/protocols/mqtt.rst
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@ ESP-MQTT 库将始终重新传输未确认的 QoS 1 和 2 发布消息,以避

* :cpp:member:`password <esp_mqtt_client_config_t::credentials_t::authentication_t::password>`:使用密码
* * :cpp:member:`certificate <esp_mqtt_client_config_t::credentials_t::authentication_t::certificate>` 和 :cpp:member:`key <esp_mqtt_client_config_t::credentials_t::authentication_t::key>`:进行双向 TLS 身份验证,PEM 或 DER 格式均可
* :cpp:member:`use_secure_element <esp_mqtt_client_config_t::credentials_t::authentication_t::use_secure_element>`:使用 ESP32-WROOM-32SE 中的安全元素
* :cpp:member:`use_secure_element <esp_mqtt_client_config_t::credentials_t::authentication_t::use_secure_element>`:使用 ESP32 中的安全元素 (ATECC608A)
* :cpp:member:`ds_data <esp_mqtt_client_config_t::credentials_t::authentication_t::ds_data>`:使用某些乐鑫设备的数字签名外设

会话
Expand Down
11 changes: 11 additions & 0 deletions docs/zh_CN/migration-guides/release-5.x/5.3/peripherals.rst
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@

:link_to_translation:`en:[English]`

驱动程序
---------------

为了细粒度地控制其他组件对外设驱动的依赖,原先位于 `driver` 组件下的驱动程序被拆分到了各自独立的组件中。这些组件包括:

- `esp_driver_gptimer` - 通用定时器驱动
Expand Down Expand Up @@ -41,3 +44,11 @@
archive: libesp_driver_gpio.a
entries:
gpio (noflash)
安全元素
--------------

ATECC608A 安全元素接口示例现已移至 GitHub 上的 `esp-cryptoauthlib 仓库 <https://github.com/espressif/esp-cryptoauthlib/tree/master/examples/atecc608_ecdsa>`_ 中。

该示例也是组件管理器注册表中 `esp-cryptoauthlib <https://components.espressif.com/component/espressif/esp-cryptoauthlib>`_ 的一部分。
6 changes: 0 additions & 6 deletions examples/peripherals/.build-test-rules.yml
Original file line number Diff line number Diff line change
Expand Up @@ -287,12 +287,6 @@ examples/peripherals/sdio/slave:
depends_components:
- esp_driver_sdio

examples/peripherals/secure_element/atecc608_ecdsa:
enable:
- if: IDF_TARGET == "esp32"
temporary: true
reason: the other targets are not tested yet

examples/peripherals/sigma_delta:
disable:
- if: SOC_SDM_SUPPORTED != 1
Expand Down

This file was deleted.

54 changes: 0 additions & 54 deletions examples/peripherals/secure_element/atecc608_ecdsa/README.md

This file was deleted.

This file was deleted.

Loading

0 comments on commit 341a8f2

Please sign in to comment.