Chapter 2. API Reference
• key_id: the HMAC key ID determining the HMAC key of the HMAC which will be used to
decrypt the signing key data
• signature: the destination of the signature, should be (data->rsa_length + 1)*4 bytes long
esp_err_t esp_ds_start_sign(const void *message, const esp_ds_data_t *data, hmac_key_id_t
key_id, esp_ds_context_t **esp_ds_ctx)
Start the signing process.
This function yields a context object which needs to be passed to esp_ds_finish_sign() to finish the
signing process.
Note This function locks the HMAC, SHA, AES and RSA components, so the user has to ensure to call
esp_ds_finish_sign() in a timely manner.
Return
• ESP_OK if successful, the ds operation was started now and has to be finished with
esp_ds_finish_sign()
• ESP_ERR_INVALID_ARG if one of the parameters is NULL or data->rsa_length is too long or 0
• ESP_ERR_HW_CRYPTO_DS_HMAC_FAIL if there was an HMAC failure during retrieval of
the decryption key
• ESP_ERR_NO_MEM if there hasn’t been enough memory to allocate the context object
• ESP_ERR_HW_CRYPTO_DS_INVALID_KEY if there’s a problem with passing the HMAC
key to the DS component
Parameters
• message: the message to be signed; its length is determined by data->rsa_length
• data: the encrypted signing key data (AES encrypted RSA key + IV)
• key_id: the HMAC key ID determining the HMAC key of the HMAC which will be used to
decrypt the signing key data
• esp_ds_ctx: the context object which is needed for finishing the signing process later
bool esp_ds_is_busy(void)
Return true if the DS peripheral is busy, otherwise false.
Note Only valid if esp_ds_start_sign() was called before.
esp_err_t esp_ds_finish_sign(void *signature, esp_ds_context_t *esp_ds_ctx)
Finish the signing process.
Return
• ESP_OK if successful, the ds operation has been finished and the result is written to signature.
• ESP_ERR_INVALID_ARG if one of the parameters is NULL
• ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST if the message digest didn’t match; the sig-
nature is invalid.
• ESP_ERR_HW_CRYPTO_DS_INVALID_PADDING if the message padding is incorrect, the sig-
nature can be read though since the message digest matches.
Parameters
• signature: the destination of the signature, should be (data->rsa_length + 1)*4 bytes long
• esp_ds_ctx: the context object retreived by esp_ds_start_sign()
esp_err_t esp_ds_encrypt_params(esp_ds_data_t *data, const void *iv, const esp_ds_p_data_t
*p_data, const void *key)
Encrypt the private key parameters.
Return
• ESP_OK if successful, the ds operation has been finished and the result is written to signature.
• ESP_ERR_INVALID_ARG if one of the parameters is NULL or p_data->rsa_length is too long
Parameters
• data: Output buffer to store encrypted data, suitable for later use generating signatures. The al-
located memory must be in internal memory and word aligned since it’s filled by DMA. Both is
asserted at run time.
• iv: Pointer to 16 byte IV buffer, will be copied into‘data’. Should be randomly generated bytes
each time.
• p_data: Pointer to input plaintext key data. The expectation is this data will be deleted after this
process is done and ‘data’is stored.
Espressif Systems 278
Submit Document Feedback
Release v4.4
To Next Page
Loading...
Need help?
General