alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-22 17:10:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: added config member to store block number for hign part of ecdsa key

Browse Source
This commit is contained in:
nilesh.kale
2025-07-21 15:40:52 +05:30
parent 08e781c876
commit dedc9889de
23 changed files with 146 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
components/esp_https_server/include/esp_https_server.h
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2018-2023 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2018-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -100,10 +100,13 @@ struct httpd_ssl_config {
/** Use ECDSA peripheral to use private key */
bool use_ecdsa_peripheral;
/*!< The efuse block where ECDSA key is stored. If two blocks are used to store the key, then the macro ESP_TLS_ECDSA_COMBINE_KEY_BLOCKS() can be used to combine them. The macro is defined in esp_tls.h */
/** The efuse block where ECDSA key is stored. For SECP384R1 curve, if two blocks are used, set this to the low block and use ecdsa_key_efuse_blk_high for the high block. */
uint8_t ecdsa_key_efuse_blk;
/*!< ECDSA curve to use (SECP256R1 or SECP384R1) */
/** The high efuse block for ECDSA key (used only for SECP384R1 curve). If not set (0), only ecdsa_key_efuse_blk is used. */
uint8_t ecdsa_key_efuse_blk_high;
/** ECDSA curve to use (SECP256R1 or SECP384R1) */
esp_tls_ecdsa_curve_t ecdsa_curve;
/** Transport Mode (default secure) */
@@ -189,6 +192,7 @@ typedef struct httpd_ssl_config httpd_ssl_config_t;
.prvtkey_len = 0, \
.use_ecdsa_peripheral = false, \
.ecdsa_key_efuse_blk = 0, \
.ecdsa_key_efuse_blk_high = 0, \
.ecdsa_curve = ESP_TLS_ECDSA_CURVE_SECP256R1, \
.transport_mode = HTTPD_SSL_TRANSPORT_SECURE, \
.port_secure = 443, \

3
components/esp_https_server/src/https_server.c
View File

@@ -333,6 +333,9 @@ static esp_err_t create_secure_context(const struct httpd_ssl_config *config, ht
#ifdef CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN
(*ssl_ctx)->tls_cfg->use_ecdsa_peripheral = config->use_ecdsa_peripheral;
(*ssl_ctx)->tls_cfg->ecdsa_key_efuse_blk = config->ecdsa_key_efuse_blk;
#if SOC_ECDSA_SUPPORT_CURVE_P384
(*ssl_ctx)->tls_cfg->ecdsa_key_efuse_blk_high = config->ecdsa_key_efuse_blk_high;
#endif
(*ssl_ctx)->tls_cfg->ecdsa_curve = config->ecdsa_curve;
#else
ESP_LOGE(TAG, "Please enable the support for signing using ECDSA peripheral in menuconfig.");