feat(esp-tls): Add unified private key interface via esp_key_config_t

Add ESP_KEY_SOURCE_BUFFER and ESP_KEY_SOURCE_PSA key sources so all
hardware backends (DS, ECDSA, secure element) are accessed via PSA
key IDs through a single esp_tls_cfg_t.client_key field.
This commit is contained in:
Aditya Patwardhan
2026-04-08 18:37:10 +05:30
parent d51e467e7c
commit 36090b7161
17 changed files with 270 additions and 236 deletions

View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2018-2025 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2018-2026 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -105,6 +105,9 @@ struct httpd_ssl_config {
/** Private key byte length */
size_t prvtkey_len;
/** Unified key config. Takes precedence over prvtkey_pem when set */
const esp_key_config_t *server_key;
/** Use ECDSA peripheral to use private key */
bool use_ecdsa_peripheral;
@@ -129,9 +132,6 @@ struct httpd_ssl_config {
/** Enable tls session tickets */
bool session_tickets;
/** Enable secure element for server session */
bool use_secure_element;
/** User callback for esp_https_server */
esp_https_server_user_cb *user_cb;
@@ -227,7 +227,6 @@ typedef struct httpd_ssl_config httpd_ssl_config_t;
.port_secure = 443, \
.port_insecure = 80, \
.session_tickets = false, \
.use_secure_element = false, \
.user_cb = NULL, \
.ssl_userdata = NULL, \
.cert_select_cb = NULL, \