Chapter 2. API Reference
Note: These values are subject to change with change in configuration options and version of respective libraries.
Digital Signature with ESP-TLS
ESP-TLS provides support for using the Digital Signature (DS) with ESP32-S2. Use of the DS for TLS is supported
only when ESP-TLS is used with mbedTLS (default stack) as its underlying SSL/TLS stack. For more details on
Digital Signature, please refer to the Digital Signature Documentation. The technical details of Digital Signature such
as how to calculate private key parameters can be found in ESP32-S2 Technical Reference Manual > Digital Signature
(DS) [PDF]. The DS peripheral must be configured before it can be used to perform Digital Signature, see Configure
the DS Peripheral in Digital Signature.
The DS peripheral must be initlized with the required encrypted private key parameters (obtained when the DS
peripheral is configured). ESP-TLS internally initializes the DS peripheral when provided with the required DS
context (DS parameters). Please see the below code snippet for passing the DS context to esp-tls context. The DS
context passed to the esp-tls context should not be freed till the TLS connection is deleted.
#include "esp_tls.h"
esp_ds_data_ctx_t *ds_ctx;
/* initialize ds_ctx with encrypted private key parameters, which can be read from␣
,→the nvs or
provided through the application code */
esp_tls_cfg_t cfg = {
.clientcert_buf = /* the client cert */,
.clientcert_bytes = /* length of the client cert */,
/* other configurations options */
.ds_data = (void *)ds_ctx,
};
Note: When using Digital Signature for the TLS connection, along with the other required params, only the client
cert (clientcert_buf) and the DS params (ds_data) are required and the client key (clientkey_buf) can be set to NULL.
• An example of mutual authentication with the DS peripheral can be found at ssl mutual auth which internally
uses (ESP-TLS) for the TLS connection.
API Reference
Header File
• components/esp-tls/esp_tls.h
Functions
esp_tls_t *esp_tls_init(void)
Create TLS connection.
This function allocates and initializes esp-tls structure handle.
Return tls Pointer to esp-tls as esp-tls handle if successfully initialized, NULL if allocation error
esp_tls_t *esp_tls_conn_new(const char *hostname, int hostlen, int port, const esp_tls_cfg_t *cfg)
Create a new blocking TLS/SSL connection.
This function establishes a TLS/SSL connection with the specified host in blocking manner.
Note: This API is present for backward compatibility reasons. Alternative function with the same functionality
is esp_tls_conn_new_sync (and its asynchronous version esp_tls_conn_new_async)
Return pointer to esp_tls_t, or NULL if connection couldn’t be opened.
Parameters
Espressif Systems 521
Submit Document Feedback
Release v4.4
To Next Page
Loading...
Need help?
General