git.openwrt.org Git - openwrt/staging/jow.git/commit

author	Hauke Mehrtens <hauke@hauke-m.de>
	Sun, 24 Jun 2018 19:27:41 +0000 (21:27 +0200)
committer	Jo-Philipp Wich <jo@mein.io>
	Tue, 18 Dec 2018 16:32:19 +0000 (17:32 +0100)
commit	bac4a1b063ee253be05ae0a605bf98b337ae3159
tree	289893c93a43f4b096a0e26b21e312d94146cbcf	tree \| snapshot
parent	9399e56d9c2c89911ae71190deb309bd34579170	commit \| diff

mbedtls: Activate deterministic ECDSA

With deterministic ECDSA the value k needed for the ECDSA signature is
not randomly generated any more, but generated from a hash over the
private key and the message to sign. If the value k used in a ECDSA
signature or the relationship between the two values k used in two
different ECDSA signatures over the same content is know to an attacker
he can derive the private key pretty easily. Using deterministic ECDSA
as defined in the RFC6979 removes this problem by deriving the value k
deterministically from the private key and the content which gets
signed.

The resulting signature is still compatible to signatures generated not
deterministic.

This increases the size of the ipk on mips 24Kc by about 2 KByte.
old:
166.240 libmbedtls_2.11.0-1_mips_24kc.ipk
new:
167.811 libmbedtls_2.11.0-1_mips_24kc.ipk

This does not change the ECDSA performance in a measurable way.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from b19622044d492e9eff9d880d6bc1fc9486774886)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>