-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create getter functions for ECP internals and X.509 public key context #5081
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Suggested enhancement
Getter functions (as suggested to be posted here according to the official migration guide to v3.0.0) for the following MbedTLS x509/ecp internals:
mbedtls_x509_crt::pk
mbedtls_ecp_keypair::grp
mbedtls_ecp_keypair::Q
mbedtls_ecp_keypair::d
Justification
MbedTLS needs this because C-implementations of the JWT ES256, ES256K, ES384 and ES512 depend on the signature protocol as defined by the official JWT RFC 7518 document (ECDSA chapter).
Since MbedTLS v3, most fields of the library's data structures are private. That's... great!
But some usages out there need deeper access to these structs, ECP internals, etc...
In my implementation of JWT (l8w8jwt), I upgraded to the latest version of MbedTLS.
For signing and verifying RFC standard-compliant tokens using one of the above mentioned ECDSA variants, I now had to resort to the nasty
MBEDTLS_PRIVATE()
macro to get access to the ECP internals needed for handling the token signatures (for me, this is kind of a regression since this wasn't necessary before: what was fully legit earlier, now feels like an illegal usage of the library).Same applies to the public key context of an X.509 certificate (since those can be used for verifying JWTs as well).
Check it out:
The following are examples of where I had to now resort to the
MBEDTLS_PRIVATE()
macro to retain functionality (not the only ones, but the main ones). Search the l8w8jwt repo for "MBEDTLS_PRIVATE" to find them all.mbedtls_x509_crt::pk
mbedtls_ecp_keypair::grp
mbedtls_ecp_keypair::Q
mbedtls_ecp_keypair::d
Cheers, and thanks for developing this awesome library and being so awesome with the community! :)
The text was updated successfully, but these errors were encountered: