From 01f50ee7f50765b82c55ad53ca5d7ccf6b0f33e5 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Mon, 4 Dec 2023 12:22:01 +0530 Subject: [PATCH 1/2] refactor: migrate atecc608a_ecdsa example to crypto authlib repository - ESP32-WROOM-32SE has been discontinued and marked as NRND - This change removes all references to ESP32-WROOM-32SE from IDF - The example has been migrated to esp-cryptoauthlib repository and it can be used through the component manager (https://components.espressif.com/components/espressif/esp-cryptoauthlib) --- components/esp-tls/Kconfig | 2 +- components/esp-tls/esp_tls.h | 4 +- components/mbedtls/Kconfig | 4 +- .../tcp_transport/include/esp_transport_ssl.h | 2 +- docs/conf_common.py | 1 - docs/docs_not_updated/esp32p4.txt | 1 - docs/en/api-reference/peripherals/index.rst | 1 - .../peripherals/secure_element.rst | 28 --- docs/en/api-reference/protocols/esp_tls.rst | 4 +- docs/en/api-reference/protocols/mqtt.rst | 2 +- .../release-5.x/5.3/peripherals.rst | 11 + .../zh_CN/api-reference/peripherals/index.rst | 1 - .../peripherals/secure_element.rst | 28 --- examples/peripherals/.build-test-rules.yml | 6 - .../atecc608_ecdsa/CMakeLists.txt | 6 - .../secure_element/atecc608_ecdsa/README.md | 54 ---- .../atecc608_ecdsa/main/CMakeLists.txt | 5 - .../atecc608_ecdsa/main/ecdsa_example_main.c | 230 ------------------ .../atecc608_ecdsa/main/idf_component.yml | 3 - .../atecc608_ecdsa/sdkconfig.defaults | 3 - 20 files changed, 20 insertions(+), 376 deletions(-) delete mode 100644 docs/en/api-reference/peripherals/secure_element.rst delete mode 100644 docs/zh_CN/api-reference/peripherals/secure_element.rst delete mode 100644 examples/peripherals/secure_element/atecc608_ecdsa/CMakeLists.txt delete mode 100644 examples/peripherals/secure_element/atecc608_ecdsa/README.md delete mode 100644 examples/peripherals/secure_element/atecc608_ecdsa/main/CMakeLists.txt delete mode 100644 examples/peripherals/secure_element/atecc608_ecdsa/main/ecdsa_example_main.c delete mode 100644 examples/peripherals/secure_element/atecc608_ecdsa/main/idf_component.yml delete mode 100644 examples/peripherals/secure_element/atecc608_ecdsa/sdkconfig.defaults diff --git a/components/esp-tls/Kconfig b/components/esp-tls/Kconfig index 32e1e0db832f..297a357b6df4 100644 --- a/components/esp-tls/Kconfig +++ b/components/esp-tls/Kconfig @@ -21,7 +21,7 @@ menu "ESP-TLS" select ATCA_MBEDTLS_ECDSA_VERIFY help Enable use of Secure Element for ESP-TLS, this enables internal support for - ATECC608A peripheral on ESPWROOM32SE, which can be used for TLS connection. + ATECC608A peripheral, which can be used for TLS connection. config ESP_TLS_USE_DS_PERIPHERAL bool "Use Digital Signature (DS) Peripheral with ESP-TLS" diff --git a/components/esp-tls/esp_tls.h b/components/esp-tls/esp_tls.h index 951cd7e152ac..b4a90b8f4c5e 100644 --- a/components/esp-tls/esp_tls.h +++ b/components/esp-tls/esp_tls.h @@ -170,7 +170,7 @@ typedef struct esp_tls_cfg { blocking mode after tls session is established */ bool use_secure_element; /*!< Enable this option to use secure element or - atecc608a chip ( Integrated with ESP32-WROOM-32SE ) */ + atecc608a chip */ int timeout_ms; /*!< Network timeout in milliseconds. Note: If this value is not set, by default the timeout is @@ -303,7 +303,7 @@ typedef struct esp_tls_cfg_server { uint8_t ecdsa_key_efuse_blk; /*!< The efuse block where ECDSA key is stored */ bool use_secure_element; /*!< Enable this option to use secure element or - atecc608a chip ( Integrated with ESP32-WROOM-32SE ) */ + atecc608a chip */ #if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS) diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index dece757dfbcb..d10b33f7ee40 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -527,14 +527,14 @@ menu "mbedTLS" default n help This option enables hardware acceleration for ECDSA sign function, only - when using ATECC608A cryptoauth chip (integrated with ESP32-WROOM-32SE) + when using ATECC608A cryptoauth chip. config MBEDTLS_ATCA_HW_ECDSA_VERIFY bool "Enable hardware ECDSA verify acceleration when using ATECC608A" default n help This option enables hardware acceleration for ECDSA sign function, only - when using ATECC608A cryptoauth chip (integrated with ESP32-WROOM-32SE) + when using ATECC608A cryptoauth chip. config MBEDTLS_HAVE_TIME bool "Enable mbedtls time support" diff --git a/components/tcp_transport/include/esp_transport_ssl.h b/components/tcp_transport/include/esp_transport_ssl.h index 61e54bea712f..ca2355a11d12 100644 --- a/components/tcp_transport/include/esp_transport_ssl.h +++ b/components/tcp_transport/include/esp_transport_ssl.h @@ -166,7 +166,7 @@ void esp_transport_ssl_set_common_name(esp_transport_handle_t t, const char *com /** * @brief Set the ssl context to use secure element (atecc608a) for client(device) private key and certificate * - * @note Recommended to be used with ESP32-WROOM-32SE (which has inbuilt ATECC608A a.k.a Secure Element) + * @note Recommended to be used with ESP32 interfaced to ATECC608A based secure element * * @param t ssl transport */ diff --git a/docs/conf_common.py b/docs/conf_common.py index 1fe98a04bbfb..143bb53e0c6b 100644 --- a/docs/conf_common.py +++ b/docs/conf_common.py @@ -154,7 +154,6 @@ 'api-guides/romconsole.rst', 'api-reference/system/ipc.rst', 'security/secure-boot-v1.rst', - 'api-reference/peripherals/secure_element.rst', 'api-reference/peripherals/dac.rst', 'api-reference/peripherals/sd_pullup_requirements.rst', 'hw-reference/esp32/**', diff --git a/docs/docs_not_updated/esp32p4.txt b/docs/docs_not_updated/esp32p4.txt index 96d065090f17..5832009d256e 100644 --- a/docs/docs_not_updated/esp32p4.txt +++ b/docs/docs_not_updated/esp32p4.txt @@ -73,7 +73,6 @@ api-reference/peripherals/dac.rst api-reference/peripherals/touch_element.rst api-reference/peripherals/lcd.rst api-reference/peripherals/ana_cmpr.rst -api-reference/peripherals/secure_element.rst api-reference/peripherals/temp_sensor.rst api-reference/peripherals/sdio_slave.rst api-reference/peripherals/clk_tree.rst diff --git a/docs/en/api-reference/peripherals/index.rst b/docs/en/api-reference/peripherals/index.rst index bc4212cf6bd6..cf65cdd54641 100644 --- a/docs/en/api-reference/peripherals/index.rst +++ b/docs/en/api-reference/peripherals/index.rst @@ -35,7 +35,6 @@ Peripherals API spi_flash/index spi_master spi_slave - :esp32: secure_element :SOC_SPI_SUPPORT_SLAVE_HD_VER2: spi_slave_hd :SOC_TEMP_SENSOR_SUPPORTED: temp_sensor :SOC_TOUCH_SENSOR_SUPPORTED: touch_pad diff --git a/docs/en/api-reference/peripherals/secure_element.rst b/docs/en/api-reference/peripherals/secure_element.rst deleted file mode 100644 index 22762d128afb..000000000000 --- a/docs/en/api-reference/peripherals/secure_element.rst +++ /dev/null @@ -1,28 +0,0 @@ -ESP32-WROOM-32SE (Secure Element) -================================= - -:link_to_translation:`zh_CN:[中文]` - -Overview --------- - -ESP32-WROOM-32SE integrates Microchip's ATECC608A cryptoauth chip in the module. ATECC608A is a secure element, which would generate and store ECC private key in the hardware. The ECC private key can be used to enhance security to connect to IoT cloud services with the use of X.509-based mutual authentication. - -The application example demonstrates ECDSA sign and verify functions using ECC private key stored in ATECC608A. - -Application Example -------------------- - -Secure Element ECDSA Sign/Verify example: :example:`peripherals/secure_element/atecc608_ecdsa`. - -How to Configure and Provision ESP32-WROOM-32SE for TLS -------------------------------------------------------- - -To configure and provision ATECC608A chip on ESP32-WROOM-32SE please visit `esp_cryptoauth_utility `_. - -How to Use ATECC608A of ESP32-WROOM-32SE for TLS ------------------------------------------------- - -ATECC608A can be used for TLS connections using ESP-TLS. - -To configure ESP-TLS for using a secure element, please refer to **ATECC608A (Secure Element) with ESP-TLS** in :doc:`../protocols/esp_tls`. diff --git a/docs/en/api-reference/protocols/esp_tls.rst b/docs/en/api-reference/protocols/esp_tls.rst index 07c636e2a062..2240f1d60c21 100644 --- a/docs/en/api-reference/protocols/esp_tls.rst +++ b/docs/en/api-reference/protocols/esp_tls.rst @@ -143,11 +143,11 @@ The following table shows a typical comparison between WolfSSL and MbedTLS when ATECC608A (Secure Element) with ESP-TLS -------------------------------------------------- - ESP-TLS provides support for using ATECC608A cryptoauth chip with ESP32-WROOM-32SE. The use of ATECC608A is supported only when ESP-TLS is used with MbedTLS as its underlying SSL/TLS stack. ESP-TLS uses MbedTLS as its underlying TLS/SSL stack by default unless changed manually. + ESP-TLS provides support for using ATECC608A cryptoauth chip with ESP32 series of SoC's. The use of ATECC608A is supported only when ESP-TLS is used with MbedTLS as its underlying SSL/TLS stack. ESP-TLS uses MbedTLS as its underlying TLS/SSL stack by default unless changed manually. .. note:: - ATECC608A chip on ESP32-WROOM-32SE must be already configured, for details refer `esp_cryptoauth_utility `_. + ATECC608A chip interfaced to ESP32 must be already configured, for details refer `esp_cryptoauth_utility `_. To enable the secure element support, and use it in your project for TLS connection, you have to follow the below steps: diff --git a/docs/en/api-reference/protocols/mqtt.rst b/docs/en/api-reference/protocols/mqtt.rst index 4160e8e60e4d..12139d4be55e 100644 --- a/docs/en/api-reference/protocols/mqtt.rst +++ b/docs/en/api-reference/protocols/mqtt.rst @@ -145,7 +145,7 @@ It is possible to set authentication parameters through the :cpp:class:`authenti * :cpp:member:`password `: use a password by setting * :cpp:member:`certificate ` and :cpp:member:`key `: mutual authentication with TLS, and both can be provided in PEM or DER format - * :cpp:member:`use_secure_element `: use secure element available in ESP32-WROOM-32SE + * :cpp:member:`use_secure_element `: use secure element (ATECC608A) interfaced to ESP32 * :cpp:member:`ds_data `: use Digital Signature Peripheral available in some Espressif devices Session diff --git a/docs/en/migration-guides/release-5.x/5.3/peripherals.rst b/docs/en/migration-guides/release-5.x/5.3/peripherals.rst index e4d72fcec88b..b68d00668752 100644 --- a/docs/en/migration-guides/release-5.x/5.3/peripherals.rst +++ b/docs/en/migration-guides/release-5.x/5.3/peripherals.rst @@ -3,6 +3,9 @@ Peripherals :link_to_translation:`zh_CN:[中文]` +Drivers +------- + In order to control the dependence of other components on drivers at a smaller granularity, the original peripheral drivers under the `driver`` component were split into separate components: - `esp_driver_gptimer` - Driver for general purpose timers @@ -41,3 +44,11 @@ Should be changed to: archive: libesp_driver_gpio.a entries: gpio (noflash) + + +Secure Element +-------------- + +ATECC608A secure element interfacing example has been moved to `ESP Cryptoauthlib Repository `_ on GitHub. + +This example is also part of the `esp-cryptoauthlib `_ in the component manager registry. diff --git a/docs/zh_CN/api-reference/peripherals/index.rst b/docs/zh_CN/api-reference/peripherals/index.rst index 51fa6655040b..46c5bb1e4613 100644 --- a/docs/zh_CN/api-reference/peripherals/index.rst +++ b/docs/zh_CN/api-reference/peripherals/index.rst @@ -35,7 +35,6 @@ spi_flash/index spi_master spi_slave - :esp32: secure_element :SOC_SPI_SUPPORT_SLAVE_HD_VER2: spi_slave_hd :SOC_TEMP_SENSOR_SUPPORTED: temp_sensor :SOC_TOUCH_SENSOR_SUPPORTED: touch_pad diff --git a/docs/zh_CN/api-reference/peripherals/secure_element.rst b/docs/zh_CN/api-reference/peripherals/secure_element.rst deleted file mode 100644 index 2860ccc17069..000000000000 --- a/docs/zh_CN/api-reference/peripherals/secure_element.rst +++ /dev/null @@ -1,28 +0,0 @@ -ESP32-WROOM-32SE(安全元件) -================================= - -:link_to_translation:`en:[English]` - -概述 --------- - -ESP32-WROOM-32SE 模组集成了 Microchip 的 ATECC608A 加密认证芯片。ATECC608A 安全元件可以在硬件中生成并存储 ECC 私钥。通过使用基于 X.509 的双向认证,ECC 私钥可增强设备与物联网云服务连接的安全性。 - -有关如何使用存储在 ATECC608A 中的 ECC 私钥进行 ECDSA 签名和验证,请参阅以下应用示例。 - -应用示例 -------------------- - -请参阅安全元件 ECDSA 签名/验证示例 :example:`peripherals/secure_element/atecc608_ecdsa`。 - -对 ESP32-WROOM-32SE 配置并配网以进行 TLS 连接 -------------------------------------------------------- - -要在 ESP32-WROOM-32SE 上配置 ATECC608A 芯片,并对其进行配网,请参阅 `esp_cryptoauth_utility `_。 - -使用 ESP32-WROOM-32SE 的 ATECC608A 进行 TLS 连接 ------------------------------------------------------- - -通过使用 ESP-TLS,ATECC608A 可实现 TLS 连接。 - -要配置 ESP-TLS 以使用安全元件,请参阅 :doc:`../protocols/esp_tls` 中的 **ESP-TLS 中的 ATECC608A(安全元件)** 一节。 diff --git a/examples/peripherals/.build-test-rules.yml b/examples/peripherals/.build-test-rules.yml index 66351ff4a215..b2ceb4fcb347 100644 --- a/examples/peripherals/.build-test-rules.yml +++ b/examples/peripherals/.build-test-rules.yml @@ -287,12 +287,6 @@ examples/peripherals/sdio/slave: depends_components: - esp_driver_sdio -examples/peripherals/secure_element/atecc608_ecdsa: - enable: - - if: IDF_TARGET == "esp32" - temporary: true - reason: the other targets are not tested yet - examples/peripherals/sigma_delta: disable: - if: SOC_SDM_SUPPORTED != 1 diff --git a/examples/peripherals/secure_element/atecc608_ecdsa/CMakeLists.txt b/examples/peripherals/secure_element/atecc608_ecdsa/CMakeLists.txt deleted file mode 100644 index 9d2688db774d..000000000000 --- a/examples/peripherals/secure_element/atecc608_ecdsa/CMakeLists.txt +++ /dev/null @@ -1,6 +0,0 @@ -# The following lines of boilerplate have to be in your project's CMakeLists -# in this exact order for cmake to work correctly -cmake_minimum_required(VERSION 3.16) - -include($ENV{IDF_PATH}/tools/cmake/project.cmake) -project(atecc608a_ecdsa) diff --git a/examples/peripherals/secure_element/atecc608_ecdsa/README.md b/examples/peripherals/secure_element/atecc608_ecdsa/README.md deleted file mode 100644 index de326e760794..000000000000 --- a/examples/peripherals/secure_element/atecc608_ecdsa/README.md +++ /dev/null @@ -1,54 +0,0 @@ -| Supported Targets | ESP32 | -| ----------------- | ----- | - -# ECDSA sign/verify Example with ESP32-WROOM-32SE - -## Description - -(See the README.md file in the upper level 'examples' directory for more information about examples.) - -This example requires [ESP32-WROOM-32SE](https://www.espressif.com/sites/default/files/documentation/esp32-wroom-32se_datasheet_en.pdf) which has Microchip's [ATECC608A](https://www.microchip.com/wwwproducts/en/ATECC608A) (Secure Element) integrated on the module. - -The example performs `ECDSA sign/verify` functions on sample data using hardware private key stored in ATECC608A chip. If you want to use bare `ATECC608A` chip (Secure Element) with `ESP32-WROOM-32` module by making external connections, please refer [this](https://github.com/espressif/esp-cryptoauthlib/blob/master/esp_cryptoauth_utility/README.md#using-atecc608a-with-esp32-wroom-32) for details. - -## How to use example - -Before project configuration and build, be sure to set the correct chip target using `idf.py set-target `. - -### Hardware Required - -To get started you will need a `ESP32-WROOM-32SE` development board which integrates Microchip’s ATECC608A CryptoAuth chip in the module. - -* A development board with ESP32-WROOM-32SE SoC or an custom board with the `ATECC608A` IC. -* A USB cable for Power supply and programming - -### Configure the project - -ATECC608A chip on ESP32-WROOM-32SE should be configured to run the example, for details on configuration of ATECC608A chip, please refer [esp_cryptoauth_utility](https://github.com/espressif/esp-cryptoauthlib/blob/master/esp_cryptoauth_utility/README.md#esp_cryptoauth_utility) - -Open the project configuration menu (`idf.py menuconfig`). - -In the `Component config -> esp-cryptoauthlib` menu: - -* Use `Choose the type of ATECC608A chip` to set the Crypto IC type [1]. -* Use `Enable Hardware ECDSA keys for mbedTLS` Enable Hardware ECDSA. - * Set `Enable ATECC608A sign operations in mbedTLS` to use Hardware ECDSA sign. - * Set `Enable ATECC608A verify operations in mbedTLS` to use Hardware ECDSA verify. -* Set `I2C SDA pin used to communicate with the ATECC608A`. -* Set `I2C SCL pin used to communicate with the ATECC608A`. - -[1]: for more details refer [Find ATECC608A chip type](https://github.com/espressif/esp-cryptoauthlib/blob/master/esp_cryptoauth_utility/README.md#find-type-of-atecc608a-chip-connected-to-esp32-wroom32-se). - -### Build and Flash - -Build the project and flash it to the board, then run the monitor tool to view the serial output: - -Run `idf.py -p PORT flash monitor` to build, flash and monitor the project. - -(To exit the serial monitor, type ``Ctrl-]``.) - -See the [Getting Started Guide](https://docs.espressif.com/projects/esp-idf/en/latest/get-started/index.html) for all the steps to configure and use the ESP-IDF to build projects. - -## Troubleshooting - -For any technical queries, please open an [issue](https://github.com/espressif/esp-idf/issues) on GitHub. We will get back to you soon. diff --git a/examples/peripherals/secure_element/atecc608_ecdsa/main/CMakeLists.txt b/examples/peripherals/secure_element/atecc608_ecdsa/main/CMakeLists.txt deleted file mode 100644 index 0122eb9541d0..000000000000 --- a/examples/peripherals/secure_element/atecc608_ecdsa/main/CMakeLists.txt +++ /dev/null @@ -1,5 +0,0 @@ -# Main component CMakeLists.txt -idf_component_register( - SRC_DIRS "." - INCLUDE_DIRS "." - ) diff --git a/examples/peripherals/secure_element/atecc608_ecdsa/main/ecdsa_example_main.c b/examples/peripherals/secure_element/atecc608_ecdsa/main/ecdsa_example_main.c deleted file mode 100644 index 516a03c929e2..000000000000 --- a/examples/peripherals/secure_element/atecc608_ecdsa/main/ecdsa_example_main.c +++ /dev/null @@ -1,230 +0,0 @@ -/* - * atecc608a_ecdsa example - * - * SPDX-FileCopyrightText: 2006-2016 ARM Limited, All Rights Reserved - * - * SPDX-License-Identifier: Apache-2.0 - * - * SPDX-FileContributor: 2015-2023 Espressif Systems (Shanghai) CO LTD - */ - -/* This is mbedtls boilerplate for library configuration */ -#include "mbedtls/mbedtls_config.h" - -/* System Includes*/ -#include -#include "freertos/FreeRTOS.h" -#include "freertos/task.h" -#include "esp_system.h" -#include "spi_flash_mmap.h" -#include "esp_log.h" - -/* Cryptoauthlib includes */ -#include "cryptoauthlib.h" -#include "mbedtls/atca_mbedtls_wrap.h" - -/* mbedTLS includes */ -#include "mbedtls/platform.h" -#include "mbedtls/debug.h" -#include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/pk.h" - -static const char *TAG = "atecc_example"; -/* globals for mbedtls RNG */ -static mbedtls_entropy_context entropy; -static mbedtls_ctr_drbg_context ctr_drbg; - -static int configure_mbedtls_rng(void) -{ - int ret; - const char * seed = "some random seed string"; - mbedtls_ctr_drbg_init(&ctr_drbg); - - ESP_LOGI(TAG, "Seeding the random number generator..."); - - mbedtls_entropy_init(&entropy); - ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *)seed, strlen(seed)); - if (ret != 0) { - ESP_LOGI(TAG, " failed ! mbedtls_ctr_drbg_seed returned %d", ret); - } else { - ESP_LOGI(TAG, " ok"); - } - return ret; -} - -static void close_mbedtls_rng(void) -{ - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); -} - -/* An example hash */ -static unsigned char hash[32] = { - 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, - 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad -}; - -static const uint8_t public_key_x509_header[] = { - 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, - 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04 -}; - -static void print_public_key(uint8_t *pubkey) -{ - uint8_t buf[128]; - uint8_t * tmp; - size_t buf_len = sizeof(buf); - - /* Calculate where the raw data will fit into the buffer */ - tmp = buf + sizeof(buf) - ATCA_PUB_KEY_SIZE - sizeof(public_key_x509_header); - - /* Copy the header */ - memcpy(tmp, public_key_x509_header, sizeof(public_key_x509_header)); - - /* Copy the key bytes */ - memcpy(tmp + sizeof(public_key_x509_header), pubkey, ATCA_PUB_KEY_SIZE); - - /* Convert to base 64 */ - (void)atcab_base64encode(tmp, ATCA_PUB_KEY_SIZE + sizeof(public_key_x509_header), (char*)buf, &buf_len); - - /* Add a null terminator */ - buf[buf_len] = '\0'; - - /* Print out the key */ - ESP_LOGI(TAG, "\r\n-----BEGIN PUBLIC KEY-----\r\n%s\r\n-----END PUBLIC KEY-----", buf); -} - -static int atca_ecdsa_test(void) -{ - mbedtls_pk_context pkey; - int ret; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - size_t olen = 0; - - /* ECDSA Sign/Verify */ - -#ifdef MBEDTLS_ECDSA_SIGN_ALT - /* Convert to an mbedtls key */ - ESP_LOGI(TAG, " Using a hardware private key ..."); - ret = atca_mbedtls_pk_init(&pkey, 0); - if (ret != 0) { - ESP_LOGI(TAG, " failed ! atca_mbedtls_pk_init returned %02x", ret); - goto exit; - } - ESP_LOGI(TAG, " ok"); -#else - ESP_LOGI(TAG, " Generating a software private key ..."); - mbedtls_pk_init(&pkey); - ret = mbedtls_pk_setup(&pkey, - mbedtls_pk_info_from_type(MBEDTLS_PK_ECDSA)); - if (ret != 0) { - ESP_LOGI(TAG, " failed ! mbedtls_pk_setup returned -0x%04x", -ret); - goto exit; - } - - ret = mbedtls_ecp_gen_key(MBEDTLS_ECP_DP_SECP256R1, - mbedtls_pk_ec(pkey), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - ESP_LOGI(TAG, " failed ! mbedtls_ecp_gen_key returned -0x%04x", -ret); - goto exit; - } - ESP_LOGI(TAG, " ok"); -#endif - - ESP_LOGI(TAG, " Generating ECDSA Signature..."); - ret = mbedtls_pk_sign(&pkey, MBEDTLS_MD_SHA256, hash, 0, buf, MBEDTLS_MPI_MAX_SIZE, &olen, - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - ESP_LOGI(TAG, " failed ! mbedtls_pk_sign returned -0x%04x", -ret); - goto exit; - } - ESP_LOGI(TAG, " ok"); - - ESP_LOGI(TAG, " Verifying ECDSA Signature..."); - ret = mbedtls_pk_verify(&pkey, MBEDTLS_MD_SHA256, hash, 0, - buf, olen); - if (ret != 0) { - ESP_LOGI(TAG, " failed ! mbedtls_pk_verify returned -0x%04x", -ret); - goto exit; - } - ESP_LOGI(TAG, " ok"); - -exit: - fflush(stdout); - return ret; -} - -void app_main(void) -{ - int ret = 0; - bool lock; - uint8_t buf[ATCA_ECC_CONFIG_SIZE]; - uint8_t pubkey[ATCA_PUB_KEY_SIZE]; - - /* Initialize the mbedtls library */ - ret = configure_mbedtls_rng(); -#ifdef CONFIG_ATECC608A_TNG - ESP_LOGI(TAG, " . Initialize the ATECC interface for Trust & GO ..."); - cfg_ateccx08a_i2c_default.atcai2c.address = 0x6A; -#elif CONFIG_ATECC608A_TFLEX /* CONFIG_ATECC608A_TNGO */ - ESP_LOGI(TAG, " . Initialize the ATECC interface for TrustFlex ..."); - cfg_ateccx08a_i2c_default.atcai2c.address = 0x6C; -#elif CONFIG_ATECC608A_TCUSTOM /* CONFIG_ATECC608A_TFLEX */ - ESP_LOGI(TAG, " . Initialize the ATECC interface for TrustCustom ..."); - /* Default slave address is same as that of TCUSTOM ATECC608A chips */ -#endif /* CONFIG_ATECC608A_TCUSTOM */ - ret = atcab_init(&cfg_ateccx08a_i2c_default); - if (ret != 0) { - ESP_LOGI(TAG, " failed ! atcab_init returned %02x", ret); - goto exit; - } - ESP_LOGI(TAG, " ok"); - - lock = 0; - ESP_LOGI(TAG, " Check the data zone lock status..."); - ret = atcab_is_locked(LOCK_ZONE_DATA, &lock); - if (ret != 0) { - ESP_LOGI(TAG, " failed\n ! atcab_is_locked returned %02x", ret); - goto exit; - } - - if (lock) { - ESP_LOGI(TAG, " ok: locked"); - } else { - ESP_LOGE(TAG, "unlocked, please lock(configure) the ATECC608A chip with help of esp_cryptoauth_utility and try again"); - goto exit; - } - - ESP_LOGI(TAG, " Get the device info (type)..."); - ret = atcab_info(buf); - if (ret != 0) { - ESP_LOGI(TAG, " failed\n ! atcab_info returned %02x", ret); - goto exit; - } - ESP_LOGI(TAG, " ok: %02x %02x", buf[2], buf[3]); - - ESP_LOGI(TAG, " Get the public key..."); - ret = atcab_get_pubkey(0, pubkey); - if (ret != 0) { - ESP_LOGI(TAG, " failed\n ! atcab_get_pubkey returned %02x", ret); - goto exit; - } - ESP_LOGI(TAG, " ok"); - print_public_key(pubkey); - - /* Perform a Sign/Verify Test */ - ret = atca_ecdsa_test(); - if (ret != 0) { - ESP_LOGE(TAG, " ECDSA sign/verify failed"); - goto exit; - } - -exit: - fflush(stdout); - close_mbedtls_rng(); - -} diff --git a/examples/peripherals/secure_element/atecc608_ecdsa/main/idf_component.yml b/examples/peripherals/secure_element/atecc608_ecdsa/main/idf_component.yml deleted file mode 100644 index 6eb177a228a9..000000000000 --- a/examples/peripherals/secure_element/atecc608_ecdsa/main/idf_component.yml +++ /dev/null @@ -1,3 +0,0 @@ -## IDF Component Manager Manifest File -dependencies: - espressif/esp-cryptoauthlib: "^3.3.1" diff --git a/examples/peripherals/secure_element/atecc608_ecdsa/sdkconfig.defaults b/examples/peripherals/secure_element/atecc608_ecdsa/sdkconfig.defaults deleted file mode 100644 index b704bedeffd3..000000000000 --- a/examples/peripherals/secure_element/atecc608_ecdsa/sdkconfig.defaults +++ /dev/null @@ -1,3 +0,0 @@ -CONFIG_ATCA_MBEDTLS_ECDSA=y -CONFIG_ATCA_MBEDTLS_ECDSA_SIGN=y -CONFIG_ATCA_MBEDTLS_ECDSA_VERIFY=y From b300c78864dbc40f7de40e54f6b2cfbc5421b77c Mon Sep 17 00:00:00 2001 From: Shang Zhou Date: Wed, 20 Dec 2023 15:29:39 +0800 Subject: [PATCH 2/2] docs: Update CN translation for esp_tls.rst, mqtt.rst, and peripherals.rst --- docs/en/api-reference/protocols/esp_tls.rst | 4 ++-- docs/en/api-reference/protocols/mqtt.rst | 2 +- .../migration-guides/release-5.x/5.3/peripherals.rst | 2 +- docs/zh_CN/api-reference/protocols/esp_tls.rst | 4 ++-- docs/zh_CN/api-reference/protocols/mqtt.rst | 2 +- .../migration-guides/release-5.x/5.3/peripherals.rst | 11 +++++++++++ 6 files changed, 18 insertions(+), 7 deletions(-) diff --git a/docs/en/api-reference/protocols/esp_tls.rst b/docs/en/api-reference/protocols/esp_tls.rst index 2240f1d60c21..a1ba508c2eeb 100644 --- a/docs/en/api-reference/protocols/esp_tls.rst +++ b/docs/en/api-reference/protocols/esp_tls.rst @@ -143,11 +143,11 @@ The following table shows a typical comparison between WolfSSL and MbedTLS when ATECC608A (Secure Element) with ESP-TLS -------------------------------------------------- - ESP-TLS provides support for using ATECC608A cryptoauth chip with ESP32 series of SoC's. The use of ATECC608A is supported only when ESP-TLS is used with MbedTLS as its underlying SSL/TLS stack. ESP-TLS uses MbedTLS as its underlying TLS/SSL stack by default unless changed manually. + ESP-TLS provides support for using ATECC608A cryptoauth chip with ESP32 series of SoCs. The use of ATECC608A is supported only when ESP-TLS is used with MbedTLS as its underlying SSL/TLS stack. ESP-TLS uses MbedTLS as its underlying TLS/SSL stack by default unless changed manually. .. note:: - ATECC608A chip interfaced to ESP32 must be already configured, for details refer `esp_cryptoauth_utility `_. + ATECC608A chip interfaced to ESP32 must be already configured. For details, please refer to `esp_cryptoauth_utility `_. To enable the secure element support, and use it in your project for TLS connection, you have to follow the below steps: diff --git a/docs/en/api-reference/protocols/mqtt.rst b/docs/en/api-reference/protocols/mqtt.rst index 12139d4be55e..0773d7d8ba40 100644 --- a/docs/en/api-reference/protocols/mqtt.rst +++ b/docs/en/api-reference/protocols/mqtt.rst @@ -151,7 +151,7 @@ It is possible to set authentication parameters through the :cpp:class:`authenti Session ^^^^^^^^^^^ -For MQTT session related configurations, :cpp:class:`session ` fields should be used. +For MQTT session-related configurations, :cpp:class:`session ` fields should be used. ======================= Last Will and Testament diff --git a/docs/en/migration-guides/release-5.x/5.3/peripherals.rst b/docs/en/migration-guides/release-5.x/5.3/peripherals.rst index b68d00668752..1ace4952cf3e 100644 --- a/docs/en/migration-guides/release-5.x/5.3/peripherals.rst +++ b/docs/en/migration-guides/release-5.x/5.3/peripherals.rst @@ -49,6 +49,6 @@ Should be changed to: Secure Element -------------- -ATECC608A secure element interfacing example has been moved to `ESP Cryptoauthlib Repository `_ on GitHub. +The ATECC608A secure element interfacing example has been moved to `ESP Cryptoauthlib Repository `_ on GitHub. This example is also part of the `esp-cryptoauthlib `_ in the component manager registry. diff --git a/docs/zh_CN/api-reference/protocols/esp_tls.rst b/docs/zh_CN/api-reference/protocols/esp_tls.rst index c57fb880a194..534c8b792415 100644 --- a/docs/zh_CN/api-reference/protocols/esp_tls.rst +++ b/docs/zh_CN/api-reference/protocols/esp_tls.rst @@ -143,11 +143,11 @@ MbedTLS 与 WolfSSL 对比 ESP-TLS 中的 ATECC608A(安全元件) -------------------------------------------------- - ESP-TLS 支持在 ESP32-WROOM-32SE 上使用 ATECC608A 加密芯片,但必须将 MbedTLS 作为 ESP-TLS 的底层 SSL/TLS 协议栈。未经手动更改,ESP-TLS 默认以 MbedTLS 为其底层 TLS/SSL 协议栈。 + ESP-TLS 支持在 ESP32 系列芯片上使用 ATECC608A 加密芯片,但必须将 MbedTLS 作为 ESP-TLS 的底层 SSL/TLS 协议栈。未经手动更改,ESP-TLS 默认以 MbedTLS 为其底层 TLS/SSL 协议栈。 .. note:: - 在 ESP32-WROOM-32SE 上的 ATECC608A 芯片必须预先配置,详情请参阅 `esp_cryptoauth_utility `_。 + 在 ESP32 上的 ATECC608A 芯片必须预先配置,详情请参阅 `esp_cryptoauth_utility `_。 要启用安全元件支持,并将其应用于工程 TLS 连接,请遵循以下步骤: diff --git a/docs/zh_CN/api-reference/protocols/mqtt.rst b/docs/zh_CN/api-reference/protocols/mqtt.rst index fa0a47bf6d80..9365dfe850a7 100644 --- a/docs/zh_CN/api-reference/protocols/mqtt.rst +++ b/docs/zh_CN/api-reference/protocols/mqtt.rst @@ -145,7 +145,7 @@ ESP-MQTT 库将始终重新传输未确认的 QoS 1 和 2 发布消息,以避 * :cpp:member:`password `:使用密码 * * :cpp:member:`certificate ` 和 :cpp:member:`key `:进行双向 TLS 身份验证,PEM 或 DER 格式均可 - * :cpp:member:`use_secure_element `:使用 ESP32-WROOM-32SE 中的安全元素 + * :cpp:member:`use_secure_element `:使用 ESP32 中的安全元素 (ATECC608A) * :cpp:member:`ds_data `:使用某些乐鑫设备的数字签名外设 会话 diff --git a/docs/zh_CN/migration-guides/release-5.x/5.3/peripherals.rst b/docs/zh_CN/migration-guides/release-5.x/5.3/peripherals.rst index 7d2530255daa..09d3f4c59c02 100644 --- a/docs/zh_CN/migration-guides/release-5.x/5.3/peripherals.rst +++ b/docs/zh_CN/migration-guides/release-5.x/5.3/peripherals.rst @@ -3,6 +3,9 @@ :link_to_translation:`en:[English]` +驱动程序 +--------------- + 为了细粒度地控制其他组件对外设驱动的依赖,原先位于 `driver` 组件下的驱动程序被拆分到了各自独立的组件中。这些组件包括: - `esp_driver_gptimer` - 通用定时器驱动 @@ -41,3 +44,11 @@ archive: libesp_driver_gpio.a entries: gpio (noflash) + + +安全元素 +-------------- + +ATECC608A 安全元素接口示例现已移至 GitHub 上的 `esp-cryptoauthlib 仓库 `_ 中。 + +该示例也是组件管理器注册表中 `esp-cryptoauthlib `_ 的一部分。