You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
MbedTLS needs this because C-implementations of the JWT ES256, ES256K, ES384 and ES512 depend on the signature protocol as defined by the official JWT RFC 7518 document (ECDSA chapter).
Since MbedTLS v3, most fields of the library's data structures are private. That's... great!
But some usages out there need deeper access to these structs, ECP internals, etc...
In my implementation of JWT (l8w8jwt), I upgraded to the latest version of MbedTLS.
For signing and verifying RFC standard-compliant tokens using one of the above mentioned ECDSA variants, I now had to resort to the nasty MBEDTLS_PRIVATE() macro to get access to the ECP internals needed for handling the token signatures (for me, this is kind of a regression since this wasn't necessary before: what was fully legit earlier, now feels like an illegal usage of the library).
Same applies to the public key context of an X.509 certificate (since those can be used for verifying JWTs as well).
Check it out:
The following are examples of where I had to now resort to the MBEDTLS_PRIVATE() macro to retain functionality (not the only ones, but the main ones). Search the l8w8jwt repo for "MBEDTLS_PRIVATE" to find them all.
mbedtls_x509_crt::pk will be public in Mbed TLS 3.1 (#4842).
The fields of mbedtls_ecp_keypair have been requested for other reasons, we're tracking this in #4838, so I'm closing this issue because the remaining part is a duplicate.
Suggested enhancement
Getter functions (as suggested to be posted here according to the official migration guide to v3.0.0) for the following MbedTLS x509/ecp internals:
mbedtls_x509_crt::pkmbedtls_ecp_keypair::grpmbedtls_ecp_keypair::Qmbedtls_ecp_keypair::dJustification
MbedTLS needs this because C-implementations of the JWT ES256, ES256K, ES384 and ES512 depend on the signature protocol as defined by the official JWT RFC 7518 document (ECDSA chapter).
Since MbedTLS v3, most fields of the library's data structures are private. That's... great!
But some usages out there need deeper access to these structs, ECP internals, etc...
In my implementation of JWT (l8w8jwt), I upgraded to the latest version of MbedTLS.
For signing and verifying RFC standard-compliant tokens using one of the above mentioned ECDSA variants, I now had to resort to the nasty
MBEDTLS_PRIVATE()macro to get access to the ECP internals needed for handling the token signatures (for me, this is kind of a regression since this wasn't necessary before: what was fully legit earlier, now feels like an illegal usage of the library).Same applies to the public key context of an X.509 certificate (since those can be used for verifying JWTs as well).
Check it out:
The following are examples of where I had to now resort to the
MBEDTLS_PRIVATE()macro to retain functionality (not the only ones, but the main ones). Search the l8w8jwt repo for "MBEDTLS_PRIVATE" to find them all.mbedtls_x509_crt::pkmbedtls_ecp_keypair::grpmbedtls_ecp_keypair::Qmbedtls_ecp_keypair::dCheers, and thanks for developing this awesome library and being so awesome with the community! :)
The text was updated successfully, but these errors were encountered: