MBEDTLS_ECDSA_DETERMINISTIC macro

\def MBEDTLS_ECP_RESTARTABLE Enable "non-blocking" ECC operations that can return early and be resumed. This allows various functions to pause by returning #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in order to further progress and eventually complete their operation. This is controlled through mbedtls_ecp_set_max_ops() which limits the maximum number of ECC operations a function may perform before pausing; see mbedtls_ecp_set_max_ops() for more information. This is useful in non-threaded environments if you want to avoid blocking for too long on ECC (and, hence, X.509 or SSL/TLS) operations. This option: - Adds xxx_restartable() variants of existing operations in the following modules, with corresponding restart context types: - ECP (for Short Weierstrass curves only): scalar multiplication (mul), linear combination (muladd); - ECDSA: signature generation & verification; - PK: signature generation & verification; - X509: certificate chain verification. - Adds mbedtls_ecdh_enable_restart() in the ECDH module. - Changes the behaviour of TLS 1.2 clients (not servers) when using the ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC computations restartable: - ECDH operations from the key exchange, only for Short Weierstrass curves, only when MBEDTLS_USE_PSA_CRYPTO is not enabled. - verification of the server's key exchange signature; - verification of the server's certificate chain; - generation of the client's signature if client authentication is used, with an ECC key/certificate. Requires: MBEDTLS_ECP_C Uncomment this macro to enable restartable ECC computations. Uncomment to enable using new bignum code in the ECC modules. \warning This is currently experimental, incomplete and therefore should not be used in production. \def MBEDTLS_ECDSA_DETERMINISTIC Enable deterministic ECDSA (RFC 6979). Standard ECDSA is "fragile" in the sense that lack of entropy when signing may result in a compromise of the long-term signing key. This is avoided by the deterministic variant. Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C Comment this macro to disable deterministic ECDSA.

Syntax

Show:

Summary

Declaration

from esp_config.h:540

#define MBEDTLS_ECDSA_DETERMINISTIC

Notes

In the cases above, the usual SSL/TLS functions, such as mbedtls_ssl_handshake(), can now return MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS. When this option and MBEDTLS_USE_PSA_CRYPTO are both enabled, restartable operations in PK, X.509 and TLS (see above) are not using PSA. On the other hand, ECDH computations in TLS are using PSA, and are not restartable. These are temporary limitations that should be lifted in the future. This option only works with the default software implementation of elliptic curve functionality. It is incompatible with MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT.