Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why the cofactor A from secp256r1 of ECDSA is NULL #8045

Closed
fuxingguo16 opened this issue Aug 9, 2023 · 5 comments · Fixed by #6999
Closed

Why the cofactor A from secp256r1 of ECDSA is NULL #8045

fuxingguo16 opened this issue Aug 9, 2023 · 5 comments · Fixed by #6999

Comments

@fuxingguo16
Copy link

Suggested enhancement

Justification

Mbed TLS needs this because
@tom-cosgrove-arm
Copy link
Contributor

tom-cosgrove-arm commented Aug 9, 2023
edited
Loading

Can you give a bit more information, please? The cofactor for P-256 is 1 - where are you seeing NULL?

@gilles-peskine-arm
Copy link
Contributor

gilles-peskine-arm commented Aug 9, 2023
edited
Loading

A.p == NULL means that the value of A is equal to P - 3. The implementation of curve arithmetic optimizes this case.

This will be clarified in #6999.

@gilles-peskine-arm gilles-peskine-arm mentioned this issue Aug 9, 2023
Merged
3 tasks
@fuxingguo16
Copy link
Author

A.p == NULL means that the value of A is equal to P - 3. The implementation of curve arithmetic optimizes this case.

This will be clarified in #6999.

OK,I got it,Thanks ~~

@fuxingguo16
Copy link
Author

In standard Mbed TLS, if the elliptic curve parameters (including the A coefficient) are changed when using a known key pair for signing and verifying, will it have an impact on the results of signing and verifying?

A.p == NULL means that the value of A is equal to P - 3. The implementation of curve arithmetic optimizes this case.

This will be clarified in #6999.

In standard Mbed TLS, if the elliptic curve parameters (including the A coefficient) are changed when using a known key pair for signing and verifying, will it have an impact on the results of signing and verifying?

@gilles-peskine-arm
Copy link
Contributor

Mbed TLS has optimized arithmetic for the curves that it supports, and uses the mbedtls_ecp_group_id to dispatch in some internal functions. We do not support changing the parameters. Only standard curves are supported.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Doc: Add note on special use of A in ecp group structure ivq/mbedtls
3 participants
@gilles-peskine-arm @tom-cosgrove-arm @fuxingguo16