Bad description in ecp.h

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

https://www.trustedfirmware.org/projects/mbed-tls/

Other

5.2k stars 2.54k forks source link

Bad description in ecp.h #9393

Open mazhenke opened 1 month ago

mazhenke commented 1 month ago

In ecp.h, for the nbits:

size_t nbits; /!< For Short Weierstrass: The number of bits in \p P. For Montgomery curves: the number of bits in the private keys. /

but actually for Montgomery curves, nbits is the private key bitlen + 1. For example: Curve25519, nbits is set to 254, but the private key bitlength is at least 255, which is 254 + 1.

gilles-peskine-arm commented 1 month ago

Indeed, for Montgomery curves, ecp_curves.c says

Actually, the required msb for private keys

I have no idea why this choice. @mpg?

But anyway I'll fix the documentation.

mpg commented 1 month ago

I have no idea why this choice. @mpg?

I can't remember right now. I'll think about it and let you know if anything comes back.