RT-Thread-packages
/
esp-idf
зеркало из https://github-proxy.rt-thread.io/RT-Thread-packages/esp-idf.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126
							ESP-TLS
=======

Overview
--------

The ESP-TLS component provides a simplified API interface for accessing the commonly used TLS functionality. 
It supports common scenarios like CA certification validation, SNI, ALPN negotiation, non-blocking connection among others. 
All the configuration can be specified in the ``esp_tls_cfg_t`` data structure. Once done, TLS communication can be conducted using the following APIs:

    * :cpp:func:`esp_tls_conn_new`: for opening a new TLS connection.
    * :cpp:func:`esp_tls_conn_read`: for reading from the connection.
    * :cpp:func:`esp_tls_conn_write`: for writing into the connection.
    * :cpp:func:`esp_tls_conn_delete`: for freeing up the connection.

Any application layer protocol like HTTP1, HTTP2 etc can be executed on top of this layer.                       

Application Example
-------------------

Simple HTTPS example that uses ESP-TLS to establish a secure socket connection: :example:`protocols/https_request`.

Tree structure for ESP-TLS component
-------------------------------------
    .. highlight:: none

    ::

        ├── esp_tls.c
        ├── esp_tls.h
        ├── esp_tls_mbedtls.c
        ├── esp_tls_wolfssl.c
        └── private_include
            ├── esp_tls_mbedtls.h
            └── esp_tls_wolfssl.h

The ESP-TLS  component has a file :component_file:`esp-tls/esp_tls.h` which contain the public API headers for the component. Internally ESP-TLS component uses one
of the two SSL/TLS Libraries between mbedtls and wolfssl for its operation. API specific to mbedtls are present in :component_file:`esp-tls/private_include/esp_tls_mbedtls.h` and API
specific to wolfssl are present in :component_file:`esp-tls/private_include/esp_tls_wolfssl.h`.

Underlying SSL/TLS Library Options
----------------------------------
The ESP-TLS  component has an option to use mbedtls or wolfssl as their underlying SSL/TLS library. By default only mbedtls is available and is
used, wolfssl SSL/TLS library is available publicly at https://github.com/espressif/esp-wolfssl. The repository provides wolfssl component in binary format, it
also provides few examples which are useful for understanding the API. Please refer the repository README.md for
information on licensing and other options. Please see below option for using wolfssl in your project.

.. note::   `As the library options are internal to ESP-TLS, switching the libries will not change ESP-TLS specific code for a project.`

How to use wolfssl with ESP-IDF
-------------------------------
There are two ways to use wolfssl in your project

1) Directly add wolfssl as a component in your project with following three commands.::

    (First change directory (cd) to your project directory)
    mkdir components
    cd components
    git clone https://github.com/espressif/esp-wolfssl.git

2) Add wolfssl as an extra component in your project.

* Download wolfssl with::

    git clone https://github.com/espressif/esp-wolfssl.git

* Include  esp-wolfssl in ESP-IDF with setting EXTRA_COMPONENT_DIRS in CMakeLists.txt/Makefile of your project as done in `wolfssl/examples <https://github.com/espressif/esp-wolfssl/tree/master/examples>`_. For reference see Optional Project variables in :doc:`build-system.</api-guides/build-system>`

After above steps, you will have option to choose wolfssl as underlying SSL/TLS library in configuration menu of your project as follows::

    idf.py/make menuconfig -> ESP-TLS -> choose SSL/TLS Library -> mbedtls/wolfssl

Comparison between mbedtls and wolfssl
--------------------------------------
The following table shows a typical comparison between wolfssl and mbedtls when :example:`protocols/https_request` example `(which has server authentication)` was run with both
SSL/TLS libraries and with all respective configurations set to default.
`(mbedtls IN_CONTENT length and OUT_CONTENT length were set to 16384 bytes and 4096 bytes respectively)`

    +---------------------+------------+-----------+
    | Property            |  Wolfssl   |  Mbedtls  |
    +=====================+============+===========+
    | Total Heap Consumed |  ~19 Kb    |  ~37 Kb   |
    +---------------------+------------+-----------+
    | Task Stack Used     |  ~2.2 Kb   |  ~3.6 Kb  |
    +---------------------+------------+-----------+
    |     Bin size        |  ~858 Kb   |  ~736 Kb  |
    +---------------------+------------+-----------+

.. note::    `These values are subject to change with change in configuration options and version of respective libraries`.

ATECC608A (Secure Element) with ESP-TLS
--------------------------------------------------

ESP-TLS provides support for using ATECC608A cryptoauth chip with ESP32-WROOM-32SE.
Use of ATECC608A is supported only when ESP-TLS is used with mbedTLS as its underlying SSL/TLS stack.
ESP-TLS uses mbedtls as its underlying TLS/SSL stack by default unless changed manually.

.. note:: ATECC608A chip on ESP32-WROOM-32SE must be already configured and provisioned, for details refer `esp_cryptoauth_utility <https://github.com/espressif/esp-cryptoauthlib/blob/master/esp_cryptoauth_utility/README.md#esp_cryptoauth_utility>`_

To enable the secure element support, and use it in you project for TLS connection, you will have to follow below steps

1) Add `esp-cryptoauthlib <https://github.com/espressif/esp-cryptoauthlib>`_ in your project, for details please refer `esp-cryptoauthlib with ESP_IDF <https://github.com/espressif/esp-cryptoauthlib#how-to-use-esp-cryptoauthlib-with-esp-idf>`_

2) Enable following menuconfig option::

    menuconfig->Component config->ESP-TLS->Use Secure Element (ATECC608A) with ESP-TLS

3) Select type of ATECC608A chip with following option::

    menuconfig->Component config->esp-cryptoauthlib->Choose Type of ATECC608A chip

to know more about different types of ATECC608A chips and how to obtain type of ATECC608A connected to your ESP module please visit `ATECC608A chip type <https://github.com/espressif/esp-cryptoauthlib/blob/master/esp_cryptoauth_utility/README.md#find-type-of-atecc608a-chip-connected-to-esp32-wroom32-se>`_

4) Enable use of ATECC608A in ESP-TLS by providing following config option in `esp_tls_cfg_t`

.. code-block:: c

        esp_tls_cfg_t cfg = {
            /* other configurations options */
            .use_secure_element = true,
        };

API Reference
-------------

.. include-build-file:: inc/esp_tls.inc