1 /*
2  * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
3  *
4  * SPDX-License-Identifier: Apache-2.0
5  */
6 
7 #pragma once
8 
9 #ifndef _ESP_RSA_SIGN_ALT_H_
10 #define _ESP_RSA_SIGN_ALT_H_
11 
12 #ifdef __cplusplus
13 extern "C" {
14 #endif
15 
16 #include "esp_ds.h"
17 #include "mbedtls/md.h"
18 
19 /**
20  * @brief      ESP-DS data context
21  *
22  * @note       This structure includes encrypted private key parameters such as ciphertext_c, initialization vector, efuse_key_id, RSA key length, which are obtained when DS peripheral is configured.
23  */
24 
25 /* Context for encrypted private key data required for DS */
26 typedef struct esp_ds_data_ctx {
27     esp_ds_data_t *esp_ds_data;
28     uint8_t efuse_key_id; /* efuse block id in which DS_KEY is stored e.g. 0,1*/
29     uint16_t rsa_length_bits; /* length of RSA private key in bits e.g. 2048 */
30 } esp_ds_data_ctx_t;
31 
32 /**
33  * @brief       Initializes internal DS data context
34  *
35  * This function allocates and initializes internal ds data context which is used for Digital Signature operation.
36  *
37  * @in          ds_data     ds_data context containing encrypted private key parameters
38  * @return
39  *              - ESP_OK  In case of succees
40  *              - ESP_ERR_NO_MEM In case internal context could not be allocated.
41  *              - ESP_ERR_INVALID_ARG in case input parametrers are NULL
42  *
43  */
44 esp_err_t esp_ds_init_data_ctx(esp_ds_data_ctx_t *ds_data);
45 
46 /**
47  *
48  * @brief      Release the ds lock acquired for the DS operation (then the DS peripheral can be used for other TLS connection)
49  *
50  */
51 void esp_ds_release_ds_lock(void);
52 
53 /**
54  *
55  * @brief       Alternate implementation for mbedtls_rsa_rsassa_pkcs1_v15_sign, Internally makes use
56  *              of DS module to perform hardware accelerated RSA sign operation
57  */
58 int esp_ds_rsa_sign( void *ctx,
59                      int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
60                      mbedtls_md_type_t md_alg, unsigned int hashlen,
61                      const unsigned char *hash, unsigned char *sig );
62 
63 /*
64  * @brief       Get RSA key length in bytes from internal DS context
65  *
66  * @return      RSA key length in bytes
67  */
68 size_t esp_ds_get_keylen(void *ctx);
69 
70 /*
71  * @brief       Set timeout (equal to TLS session timeout), so that DS module usage can be synchronized in case of multiple TLS connections using DS module,
72  */
73 void esp_ds_set_session_timeout(int timeout);
74 #ifdef __cplusplus
75 }
76 #endif
77 
78 #endif /* _ESP_RSA_SIGN_ALT_H_ */
79