MBEDTLS_SELF_TEST macro

Uncomment to enable p256-m. This is an alternative implementation of key generation, ECDH and (randomized) ECDSA on the curve SECP256R1. Compared to the default implementation: - p256-m has a much smaller code size and RAM footprint. - p256-m is only available via the PSA API. This includes the pk module when #MBEDTLS_USE_PSA_CRYPTO is enabled. - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols over the core arithmetic, or deterministic derivation of keys. We recommend enabling this option if your application uses the PSA API and the only elliptic curve support it needs is ECDH and ECDSA over SECP256R1. If you enable this option, you do not need to enable any ECC-related MBEDTLS_xxx option. You do need to separately request support for the cryptographic mechanisms through the PSA API: - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based configuration; - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS; - #PSA_WANT_ECC_SECP_R1_256; - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed; - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. \def MBEDTLS_PSA_INJECT_ENTROPY Enable support for entropy injection at first boot. This feature is required on systems that do not have a built-in entropy source (TRNG). This feature is currently not supported on systems that have a built-in entropy source. Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED \def MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS Assume all buffers passed to PSA functions are owned exclusively by the PSA function and are not stored in shared memory. This option may be enabled if all buffers passed to any PSA function reside in memory that is accessible only to the PSA function during its execution. This option MUST be disabled whenever buffer arguments are in memory shared with an untrusted party, for example where arguments to PSA calls are passed across a trust boundary. \def MBEDTLS_RSA_NO_CRT Do not use the Chinese Remainder Theorem for the RSA private operation. Uncomment this macro to disable the use of CRT in RSA. \def MBEDTLS_SELF_TEST Enable the checkup functions (*_self_test).

Syntax

Show:

Summary

Declaration

from esp_config.h:961

#define MBEDTLS_SELF_TEST

Notes

To benefit from the smaller code size of p256-m, make sure that you do not enable any ECC-related option not supported by p256-m: this would cause the built-in ECC implementation to be built as well, in order to provide the required option. Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than SECP256R1 are disabled as they are not supported by this driver. Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of the built-in ECC implementation, see docs/driver-only-builds.md. Enabling this option reduces memory usage and code size. Enabling this option causes overlap of input and output buffers not to be supported by PSA functions.