Add support for X.509 certificates

[jimbobbennett]

At the moment this library only supports shared symmetric key authentication. To make it more secure it should add support for X.509 certificates.

[brentru]

@jimbobbennett This is possible in CircuitPython - see https://github.com/adafruit/Adafruit_CircuitPython_AWS_IOT/blob/master/examples/aws_iot_simpletest.py#L120 and https://github.com/adafruit/Adafruit_CircuitPython_AWS_IOT/blob/master/examples/aws_iot_simpletest.py#L123. Though, you may want to incorporate this within your library rather than calling the esp object directly within code.py for certificate handling and nina-firmware checks.

[askpatrickw]

For some additional ESP32-S2 Specific capabilities, which lead me to ask Jim about this

https://docs.espressif.com/projects/esp-idf/en/latest/esp32s2/api-reference/peripherals/ds.html

The Digital Signature (DS) module provides hardware acceleration of signing messages based on RSA. It uses pre-encrypted parameters to calculate a signature. The parameters are encrypted using HMAC as a key-derivation function. In turn, the HMAC uses eFuses as input key. The whole process happens in hardware so that neither the decryption key for the RSA parameters nor the input key for the HMAC key derivation function can be seen by the software while calculating the signature.

Look into the ESP32-S2 Technical Reference Manual (PDF) for more detailed information about the involved hardware during the signature calculation process and the used registers.

I would think this should go into CP... but I'm not 100% sure.

[brentru]

@askpatrickw

I would think this should go into CP... but I'm not 100% sure.

Yep, it'd go into the CP ESP32S2 Build

Do you know if this module also exists for the ESP32? We may be able to add it to nina-fw.

[askpatrickw]

@brentru This is an s2 peripheral only.

[askpatrickw]

I'll move the DSP portion of this to the CP Repo.

https://github.com/adafruit/circuitpython/issues/3341