From 4831edc62460735466667e707a4da076c1f8ec43 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 22 Dec 2022 13:11:16 +0530 Subject: [PATCH 1/4] esp32c6/hal: Added support for HMAC and DS on esp32c6 * Update DS test_apps for esp32c6 SoC --- .../port/esp32c6/CMakeLists.txt | 2 - .../esp_hw_support_unity_tests/main/test_ds.c | 5 + .../main/gen_digital_signature_tests.py | 5 +- .../esp_hw_support_unity_tests/main/test_ds.c | 7 +- components/hal/CMakeLists.txt | 3 +- components/hal/esp32c6/include/hal/ds_ll.h | 167 +++++++++++++++ components/hal/esp32c6/include/hal/hmac_ll.h | 191 ++++++++++++++++++ .../mbedtls/port/esp_ds/esp_rsa_sign_alt.c | 2 + 8 files changed, 376 insertions(+), 6 deletions(-) create mode 100644 components/hal/esp32c6/include/hal/ds_ll.h create mode 100644 components/hal/esp32c6/include/hal/hmac_ll.h diff --git a/components/esp_hw_support/port/esp32c6/CMakeLists.txt b/components/esp_hw_support/port/esp32c6/CMakeLists.txt index 7ffc812242f..fed30227f3d 100644 --- a/components/esp_hw_support/port/esp32c6/CMakeLists.txt +++ b/components/esp_hw_support/port/esp32c6/CMakeLists.txt @@ -7,8 +7,6 @@ set(srcs "rtc_clk_init.c" "chip_info.c") if(NOT BOOTLOADER_BUILD) - # list(APPEND srcs "esp_hmac.c" // TODO: IDF-5355 - # "esp_ds.c") // TODO: IDF-5360 list(APPEND srcs "sar_periph_ctrl.c" "esp_crypto_lock.c") diff --git a/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c b/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c index 23c94d45f35..d8d9e3574bc 100644 --- a/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c +++ b/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c @@ -24,6 +24,11 @@ #include "esp32s3/rom/digital_signature.h" #include "esp32s3/rom/aes.h" #include "esp32s3/rom/sha.h" +#elif CONFIG_IDF_TARGET_ESP32C6 +#include "esp32c6/rom/efuse.h" +#include "esp32c6/rom/digital_signature.h" +#include "esp32c6/rom/aes.h" +#include "esp32c6/rom/sha.h" #endif #include "esp_ds.h" diff --git a/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py b/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py index 948f36ae620..9a2b19d487e 100644 --- a/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py +++ b/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py @@ -16,10 +16,11 @@ from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from cryptography.utils import int_to_bytes -supported_targets = {'esp32s2', 'esp32c3', 'esp32s3'} +supported_targets = {'esp32s2', 'esp32c3', 'esp32s3', 'esp32c6'} supported_key_size = {'esp32s2':[4096, 3072, 2048, 1024], 'esp32c3':[3072, 2048, 1024], - 'esp32s3':[4096, 3072, 2048, 1024]} + 'esp32s3':[4096, 3072, 2048, 1024], + 'esp32c6':[3072, 2048, 1024]} NUM_HMAC_KEYS = 3 NUM_MESSAGES = 10 diff --git a/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c b/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c index 23c94d45f35..5ce8e53c531 100644 --- a/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c +++ b/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c @@ -24,6 +24,11 @@ #include "esp32s3/rom/digital_signature.h" #include "esp32s3/rom/aes.h" #include "esp32s3/rom/sha.h" +#elif CONFIG_IDF_TARGET_ESP32C6 +#include "esp32c6/rom/efuse.h" +#include "esp32c6/rom/digital_signature.h" +#include "esp32c6/rom/aes.h" +#include "esp32c6/rom/sha.h" #endif #include "esp_ds.h" @@ -32,7 +37,7 @@ #if CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3 #define DS_MAX_BITS (4096) -#elif CONFIG_IDF_TARGET_ESP32C3 +#else #define DS_MAX_BITS (ETS_DS_MAX_BITS) #endif diff --git a/components/hal/CMakeLists.txt b/components/hal/CMakeLists.txt index 930fbd1e4b2..095233343ee 100644 --- a/components/hal/CMakeLists.txt +++ b/components/hal/CMakeLists.txt @@ -199,7 +199,8 @@ if(NOT BOOTLOADER_BUILD) list(APPEND srcs "spi_flash_hal_gpspi.c" "esp32c6/rtc_cntl_hal.c" - ) + "hmac_hal.c" + "ds_hal.c") endif() diff --git a/components/hal/esp32c6/include/hal/ds_ll.h b/components/hal/esp32c6/include/hal/ds_ll.h new file mode 100644 index 00000000000..49f0630c385 --- /dev/null +++ b/components/hal/esp32c6/include/hal/ds_ll.h @@ -0,0 +1,167 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/******************************************************************************* + * NOTICE + * The hal is not public api, don't use it in application code. + ******************************************************************************/ + +#pragma once + +#include +#include +#include + +#include "soc/hwcrypto_reg.h" +#include "soc/soc_caps.h" + +#ifdef __cplusplus +extern "C" { +#endif + +static inline void ds_ll_start(void) +{ + REG_WRITE(DS_SET_START_REG, 1); +} + +/** + * @brief Wait until DS peripheral has finished any outstanding operation. + */ +static inline bool ds_ll_busy(void) +{ + return (REG_READ(DS_QUERY_BUSY_REG) > 0) ? true : false; +} + +/** + * @brief Busy wait until the hardware is ready. + */ +static inline void ds_ll_wait_busy(void) +{ + while (ds_ll_busy()); +} + +/** + * @brief In case of a key error, check what caused it. + */ +static inline ds_key_check_t ds_ll_key_error_source(void) +{ + uint32_t key_error = REG_READ(DS_QUERY_KEY_WRONG_REG); + if (key_error == 0) { + return DS_NO_KEY_INPUT; + } else { + return DS_OTHER_WRONG; + } +} + +/** + * @brief Write the initialization vector to the corresponding register field. + */ +static inline void ds_ll_configure_iv(const uint32_t *iv) +{ + for (size_t i = 0; i < (SOC_DS_KEY_PARAM_MD_IV_LENGTH / sizeof(uint32_t)); i++) { + REG_WRITE(DS_IV_MEM + (i * 4) , iv[i]); + } +} + +/** + * @brief Write the message which should be signed. + * + * @param msg Pointer to the message. + * @param size Length of msg in bytes. It is the RSA signature length in bytes. + */ +static inline void ds_ll_write_message(const uint8_t *msg, size_t size) +{ + memcpy((uint8_t*) DS_X_MEM, msg, size); + asm volatile ("fence"); +} + +/** + * @brief Write the encrypted private key parameters. + */ +static inline void ds_ll_write_private_key_params(const uint8_t *encrypted_key_params) +{ + /* Note: as the internal peripheral still has RSA 4096 structure, + but C is encrypted based on the actual max RSA length (ETS_DS_MAX_BITS), need to fragment it + when copying to hardware... + + (note if ETS_DS_MAX_BITS == 4096, this should be the same as copying data->c to hardware in one fragment) + */ + typedef struct { uint32_t addr; size_t len; } frag_t; + const frag_t frags[] = { + {DS_Y_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8}, + {DS_M_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8}, + {DS_RB_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8}, + {DS_BOX_MEM, DS_IV_MEM - DS_BOX_MEM}, + }; + const size_t NUM_FRAGS = sizeof(frags)/sizeof(frag_t); + const uint8_t *from = encrypted_key_params; + + for (int i = 0; i < NUM_FRAGS; i++) { + memcpy((uint8_t *)frags[i].addr, from, frags[i].len); + asm volatile ("fence"); + from += frags[i].len; + } +} + +/** + * @brief Begin signing procedure. + */ +static inline void ds_ll_start_sign(void) +{ + REG_WRITE(DS_SET_CONTINUE_REG, 1); +} + +/** + * @brief check the calculated signature. + * + * @return + * - DS_SIGNATURE_OK if no issue is detected with the signature. + * - DS_SIGNATURE_PADDING_FAIL if the padding of the private key parameters is wrong. + * - DS_SIGNATURE_MD_FAIL if the message digest check failed. This means that the message digest calculated using + * the private key parameters fails, i.e., the integrity of the private key parameters is not protected. + * - DS_SIGNATURE_PADDING_AND_MD_FAIL if both padding and message digest check fail. + */ +static inline ds_signature_check_t ds_ll_check_signature(void) +{ + uint32_t result = REG_READ(DS_QUERY_CHECK_REG); + switch(result) { + case 0: + return DS_SIGNATURE_OK; + case 1: + return DS_SIGNATURE_MD_FAIL; + case 2: + return DS_SIGNATURE_PADDING_FAIL; + default: + return DS_SIGNATURE_PADDING_AND_MD_FAIL; + } +} + +/** + * @brief Read the signature from the hardware. + * + * @param result The signature result. + * @param size Length of signature result in bytes. It is the RSA signature length in bytes. + */ +static inline void ds_ll_read_result(uint8_t *result, size_t size) +{ + memcpy(result, (uint8_t*) DS_Z_MEM, size); + asm volatile ("fence"); +} + +/** + * @brief Exit the signature operation. + * + * @note This does not deactivate the module. Corresponding clock/reset bits have to be triggered for deactivation. + */ +static inline void ds_ll_finish(void) +{ + REG_WRITE(DS_SET_FINISH_REG, 1); + ds_ll_wait_busy(); +} + +#ifdef __cplusplus +} +#endif diff --git a/components/hal/esp32c6/include/hal/hmac_ll.h b/components/hal/esp32c6/include/hal/hmac_ll.h new file mode 100644 index 00000000000..f4f95bd8363 --- /dev/null +++ b/components/hal/esp32c6/include/hal/hmac_ll.h @@ -0,0 +1,191 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/******************************************************************************* + * NOTICE + * The hal is not public api, don't use it in application code. + * See readme.md in soc/include/hal/readme.md + ******************************************************************************/ + +#pragma once + +#include + +#include "soc/system_reg.h" +#include "soc/hwcrypto_reg.h" +#include "hal/hmac_hal.h" + +#define SHA256_BLOCK_SZ 64 +#define SHA256_DIGEST_SZ 32 + +#define EFUSE_KEY_PURPOSE_HMAC_DOWN_JTAG 6 +#define EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE 7 +#define EFUSE_KEY_PURPOSE_HMAC_UP 8 +#define EFUSE_KEY_PURPOSE_HMAC_DOWN_ALL 5 + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Makes the peripheral ready for use, after enabling it. + */ +static inline void hmac_ll_start(void) +{ + REG_WRITE(HMAC_SET_START_REG, 1); +} + +/** + * @brief Determine where the HMAC output should go. + * + * The HMAC peripheral can be configured to deliver its output to the user directly, or to deliver + * the output directly to another peripheral instead, e.g. the Digital Signature peripheral. + */ +static inline void hmac_ll_config_output(hmac_hal_output_t config) +{ + switch(config) { + case HMAC_OUTPUT_USER: + REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_UP); + break; + case HMAC_OUTPUT_DS: + REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE); + break; + case HMAC_OUTPUT_JTAG_ENABLE: + REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_DOWN_JTAG); + break; + case HMAC_OUTPUT_ALL: + REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_DOWN_ALL); + break; + default: + ; // do nothing, error will be indicated by hmac_hal_config_error() + } +} + +/** + * @brief Selects which hardware key should be used. + */ +static inline void hmac_ll_config_hw_key_id(uint32_t key_id) +{ + REG_WRITE(HMAC_SET_PARA_KEY_REG, key_id); +} + +/** + * @brief Apply and check configuration. + * + * Afterwards, the configuration can be checked for errors with hmac_hal_config_error(). + */ +static inline void hmac_ll_config_finish(void) +{ + REG_WRITE(HMAC_SET_PARA_FINISH_REG, 1); +} + +/** + * + * @brief Query HMAC error state after configuration actions. + * + * @return + * - 1 or greater on error + * - 0 on success + */ +static inline uint32_t hmac_ll_config_error(void) +{ + return REG_READ(HMAC_QUERY_ERROR_REG); +} + +/** + * Wait until the HAL is ready for the next interaction. + */ +static inline void hmac_ll_wait_idle(void) +{ + uint32_t query; + do { + query = REG_READ(HMAC_QUERY_BUSY_REG); + } while(query != 0); +} + +/** + * @brief Write a message block of 512 bits to the HMAC peripheral. + */ +static inline void hmac_ll_write_block_512(const uint32_t *block) +{ + const size_t REG_WIDTH = sizeof(uint32_t); + for (size_t i = 0; i < SHA256_BLOCK_SZ / REG_WIDTH; i++) { + REG_WRITE(HMAC_WR_MESSAGE_MEM + (i * REG_WIDTH), block[i]); + } + + REG_WRITE(HMAC_SET_MESSAGE_ONE_REG, 1); +} + +/** + * @brief Read the 256 bit HMAC. + */ +static inline void hmac_ll_read_result_256(uint32_t *result) +{ + const size_t REG_WIDTH = sizeof(uint32_t); + for (size_t i = 0; i < SHA256_DIGEST_SZ / REG_WIDTH; i++) { + result[i] = REG_READ(HMAC_RD_RESULT_MEM + (i * REG_WIDTH)); + } +} + +/** + * @brief Clean the HMAC result provided to other hardware. + */ +static inline void hmac_ll_clean(void) +{ + REG_WRITE(HMAC_SET_INVALIDATE_DS_REG, 1); + REG_WRITE(HMAC_SET_INVALIDATE_JTAG_REG, 1); +} + +/** + * @brief Signals that the following block will be the padded last block. + */ +static inline void hmac_ll_msg_padding(void) +{ + REG_WRITE(HMAC_SET_MESSAGE_PAD_REG, 1); +} + +/** + * @brief Signals that all blocks have been written and a padding block will automatically be applied by hardware. + * + * Only applies if the message length is a multiple of 512 bits. + * See the chip TRM HMAC chapter for more details. + */ +static inline void hmac_ll_msg_end(void) +{ + REG_WRITE(HMAC_SET_MESSAGE_END_REG, 1); +} + +/** + * @brief The message including padding fits into one block, so no further action needs to be taken. + * + * This is called after the one-block-message has been written. + */ +static inline void hmac_ll_msg_one_block(void) +{ + REG_WRITE(HMAC_ONE_BLOCK_REG, 1); +} + +/** + * @brief Indicate that more blocks will be written after the last block. + */ +static inline void hmac_ll_msg_continue(void) +{ + REG_WRITE(HMAC_SET_MESSAGE_ING_REG, 1); +} + +/** + * @brief Clear the HMAC result. + * + * Use this after reading the HMAC result or if aborting after any of the other steps above. + */ +static inline void hmac_ll_calc_finish(void) +{ + REG_WRITE(HMAC_SET_RESULT_FINISH_REG, 2); +} + +#ifdef __cplusplus +} +#endif diff --git a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c index 539f21451af..c975a407d7b 100644 --- a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c +++ b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c @@ -16,6 +16,8 @@ #include "esp32h4/rom/digital_signature.h" #elif CONFIG_IDF_TARGET_ESP32S3 #include "esp32s3/rom/digital_signature.h" +#elif CONFIG_IDF_TARGET_ESP32C6 +#include "esp32c6/rom/digital_signature.h" #else #error "Selected target does not support esp_rsa_sign_alt (for DS)" #endif From 4084ab38a1f291f78f48f5ffac1df5fdb2b79660 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 4 Jan 2023 11:10:04 +0530 Subject: [PATCH 2/4] esp32c6/soc: Enable DS and HMAC capabilities for esp32c6 in soc_caps.h --- .../test_apps/esp_hw_support_unity_tests/main/test_ds.c | 2 +- components/soc/esp32c6/include/soc/Kconfig.soc_caps.in | 8 ++++++++ components/soc/esp32c6/include/soc/soc_caps.h | 4 ++-- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c b/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c index d8d9e3574bc..5ce8e53c531 100644 --- a/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c +++ b/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c @@ -37,7 +37,7 @@ #if CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3 #define DS_MAX_BITS (4096) -#elif CONFIG_IDF_TARGET_ESP32C3 +#else #define DS_MAX_BITS (ETS_DS_MAX_BITS) #endif diff --git a/components/soc/esp32c6/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c6/include/soc/Kconfig.soc_caps.in index b001779a7c2..e29c80be02c 100644 --- a/components/soc/esp32c6/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c6/include/soc/Kconfig.soc_caps.in @@ -115,6 +115,14 @@ config SOC_SHA_SUPPORTED bool default y +config SOC_HMAC_SUPPORTED + bool + default y + +config SOC_DIG_SIGN_SUPPORTED + bool + default y + config SOC_ECC_SUPPORTED bool default y diff --git a/components/soc/esp32c6/include/soc/soc_caps.h b/components/soc/esp32c6/include/soc/soc_caps.h index ec98b49af03..dc40251e6ce 100644 --- a/components/soc/esp32c6/include/soc/soc_caps.h +++ b/components/soc/esp32c6/include/soc/soc_caps.h @@ -55,8 +55,8 @@ #define SOC_AES_SUPPORTED 1 // #define SOC_MPI_SUPPORTED 1 #define SOC_SHA_SUPPORTED 1 -// #define SOC_HMAC_SUPPORTED 1 // TODO: IDF-5355 -// #define SOC_DIG_SIGN_SUPPORTED 1 // TODO: IDF-5360 +#define SOC_HMAC_SUPPORTED 1 +#define SOC_DIG_SIGN_SUPPORTED 1 #define SOC_ECC_SUPPORTED 1 #define SOC_FLASH_ENC_SUPPORTED 1 #define SOC_SECURE_BOOT_SUPPORTED 1 From 2a46fecb36f924cf14c4c8ed174adeb74a4d73d4 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 11 Jan 2023 08:47:27 +0530 Subject: [PATCH 3/4] esp32c6: Enable documentation for esp32c6 hmac and ds --- docs/docs_not_updated/esp32c6.txt | 2 -- docs/en/api-reference/peripherals/hmac.rst | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/docs_not_updated/esp32c6.txt b/docs/docs_not_updated/esp32c6.txt index daf64f9c7cd..f178449d90b 100644 --- a/docs/docs_not_updated/esp32c6.txt +++ b/docs/docs_not_updated/esp32c6.txt @@ -76,7 +76,6 @@ api-reference/storage/mass_mfg api-reference/storage/index api-reference/peripherals api-reference/peripherals/usb_host -api-reference/peripherals/hmac api-reference/peripherals/usb_device api-reference/peripherals/dac api-reference/peripherals/touch_element @@ -84,7 +83,6 @@ api-reference/peripherals/secure_element api-reference/peripherals/sdio_slave api-reference/peripherals/touch_pad api-reference/peripherals/adc_calibration -api-reference/peripherals/ds api-reference/peripherals/index api-reference/peripherals/sdmmc_host api-reference/kconfig diff --git a/docs/en/api-reference/peripherals/hmac.rst b/docs/en/api-reference/peripherals/hmac.rst index a09962e32a3..e12d26236ee 100644 --- a/docs/en/api-reference/peripherals/hmac.rst +++ b/docs/en/api-reference/peripherals/hmac.rst @@ -102,7 +102,7 @@ Setup .. note:: The API *esp_efuse_write_field_bit(ESP_EFUSE_SOFT_DIS_JTAG)* can be used to burn "soft JTAG disable" bit on {IDF_TARGET_NAME}. -.. only:: esp32s3 or esp32c3 or esp32h4 +.. only:: not esp32s2 .. note:: The API *esp_efuse_write_field_cnt(ESP_EFUSE_SOFT_DIS_JTAG, ESP_EFUSE_SOFT_DIS_JTAG[0]->bit_count)* can be used to burn "soft JTAG disable" bits on {IDF_TARGET_NAME}. From 45c6631a009b38b4a1cfa23f29c6478ed578c36d Mon Sep 17 00:00:00 2001 From: Laukik Hase Date: Thu, 19 Jan 2023 10:00:00 +0530 Subject: [PATCH 4/4] ci: Enable build stage for `mqtt/ssl_ds` example for esp32c6 --- examples/protocols/mqtt/ssl_ds/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/examples/protocols/mqtt/ssl_ds/README.md b/examples/protocols/mqtt/ssl_ds/README.md index 6a321bd483e..7658f5bad39 100644 --- a/examples/protocols/mqtt/ssl_ds/README.md +++ b/examples/protocols/mqtt/ssl_ds/README.md @@ -1,10 +1,10 @@ -| Supported Targets | ESP32-C3 | ESP32-S2 | ESP32-S3 | -| ----------------- | -------- | -------- | -------- | +| Supported Targets | ESP32-C3 | ESP32-C6 | ESP32-S2 | ESP32-S3 | +| ----------------- | -------- | -------- | -------- | -------- | # ESP-MQTT SSL Mutual Authentication with Digital Signature (See the README.md file in the upper level 'examples' directory for more information about examples.) -Espressif's ESP32-S2, ESP32-S3 and ESP32-C3 MCU have a built-in Digital Signature (DS) Peripheral, which provides hardware acceleration for RSA signature. More details can be found at [Digital Signature with ESP-TLS](https://docs.espressif.com/projects/esp-idf/en/latest/esp32s2/api-reference/protocols/esp_tls.html#digital-signature-with-esp-tls). +Espressif's ESP32-S2, ESP32-S3, ESP32-C3 and ESP32-C6 MCU have a built-in Digital Signature (DS) Peripheral, which provides hardware acceleration for RSA signature. More details can be found at [Digital Signature with ESP-TLS](https://docs.espressif.com/projects/esp-idf/en/latest/esp32s2/api-reference/protocols/esp_tls.html#digital-signature-with-esp-tls). This example connects to the broker test.mosquitto.org using ssl transport with client certificate(RSA) and as a demonstration subscribes/unsubscribes and sends a message on certain topic.The RSA signature operation required in the ssl connection is performed with help of the Digital Signature (DS) peripheral. (Please note that the public broker is maintained by the community so may not be always available, for details please visit http://test.mosquitto.org) @@ -14,12 +14,12 @@ It uses ESP-MQTT library which implements mqtt client to connect to mqtt broker. ### Hardware Required -This example can be executed on any ESP32-S2, ESP32-S3, ESP32-C3 board (which has a built-in DS peripheral), the only required interface is WiFi and connection to internet. +This example can be executed on any ESP32-S2, ESP32-S3, ESP32-C3 or ESP32-C6 board (which has a built-in DS peripheral), the only required interface is WiFi and connection to internet. ### Configure the project #### 1) Selecting the target -As the project is to be built for the target ESP32-S2, ESP32-S3, ESP32-C3 it should be selected with the following command +As the project is to be built for the target ESP32-S2, ESP32-S3, ESP32-C3 or ESP32-C6 it should be selected with the following command ``` idf.py set-target /* target */ ```