You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/en/api-reference/protocols/esp_tls.rst
+22Lines changed: 22 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -201,6 +201,28 @@ The following table shows a typical comparison between WolfSSL and MbedTLS when
201
201
202
202
* An example of mutual authentication with the DS peripheral can be found at :example:`ssl mutual auth<protocols/mqtt/ssl_mutual_auth>` which internally uses (ESP-TLS) for the TLS connection.
203
203
204
+
.. only:: SOC_ECDSA_SUPPORTED
205
+
206
+
ECDSA Peripheral with ESP-TLS
207
+
-----------------------------
208
+
209
+
ESP-TLS provides support for using the ECDSA peripheral with {IDF_TARGET_NAME}. The use of ECDSA peripheral is supported only when ESP-TLS is used with MbedTLS as its underlying SSL/TLS stack. The ECDSA private key should be present in the efuse for using the ECDSA peripheral. Please refer to `espefuse.py <https://docs.espressif.com/projects/esptool/en/latest/esp32/espefuse/index.html>`_ documentation for programming the ECDSA key in the efuse.
210
+
To use ECDSA peripheral with ESP-TLS, set ``use_ecdsa_peripheral`` to `true` and set ``ecdsa_key_efuse_blk`` to the efuse block id in which ECDSA private key is stored in the :cpp:type:`esp_tls_cfg_t` config structure.
211
+
This will enable the use of ECDSA peripheral for private key operations. As the client private key is already present in the eFuse, it need not be supplied to the :cpp:type:`esp_tls_cfg_t` structure.
212
+
213
+
.. code-block:: c
214
+
215
+
#include "esp_tls.h"
216
+
esp_tls_cfg_t cfg = {
217
+
.use_ecdsa_peripheral = true,
218
+
.ecdsa_key_efuse_blk = /* efuse block with ecdsa private key */,
219
+
};
220
+
221
+
.. note::
222
+
223
+
When using ECDSA peripheral with TLS, only ``MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`` ciphersuite is supported. If using TLS v1.3, ``MBEDTLS_TLS1_3_AES_128_GCM_SHA256`` ciphersuite is supported.
0 commit comments