I'm adding mbedtls support to wpa_supplicatant and I need the cofactor to support EAP-PWD

I’m in the process of added mbedtls support to wpa_supplicant.

I’ve gotten EAP-MD5 working and have moved on to EAP-PWD. EAP-PWD requires the elliptic curve cofactor. Which it appears that mbedtls doesn’t have an API to call, or internal variable the stores the cofactor.

Is there a way to obtains the cofactor either via calculating or some other means?


PS - for reference where are the snippets of code from wpa_supplicant’s OpenSSL wrapper:
int crypto_ec_cofactor(struct crypto_ec *e, struct crypto_bignum *cofactor)
return EC_GROUP_get_cofactor(e->group, (BIGNUM *) cofactor,
e->bnctx) == 0 ? -1 : 0;

Hi @carlg
Thank you for your interest in Mbed TLS!

Unfortunately, There isn’t an API to get the cofactor, as these are not commonly needed by applications, however, in Mbed TLS, all of the weierstrass curves we implement have a cofactor of one. Curve25519 has 8, Curve448 has 4.

You can find the value of the curves’ cofactr h in this standard, chapters 2 and 3.

Mbed TLS Team member