Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing getters on some fields #5005

Closed
sevilS opened this issue Oct 1, 2021 · 3 comments · Fixed by #5642
Closed

Missing getters on some fields #5005

sevilS opened this issue Oct 1, 2021 · 3 comments · Fixed by #5642
Labels
component-crypto Crypto primitives and low-level interfaces enhancement size-s Estimated task size: small (~2d)

Comments

@sevilS
Copy link

sevilS commented Oct 1, 2021

Suggested enhancement

We need access to some of the fields that are now private since version 3.0.0:

mbedtls_pk_context
pk_ctx

mbedtls_ecp_keypair
d

###Justification

mbedtls_pk_context: We have to configure a pk_ctx in order to be able to implement ecdsa_alt functionality

mbedtls_ecp_keypair: Same, for ecdsa_alt functionality we need to provide the key information inside d field
@gilles-peskine-arm gilles-peskine-arm added component-crypto Crypto primitives and low-level interfaces enhancement size-s Estimated task size: small (~2d) Product Backlog labels Oct 1, 2021
@gilles-peskine-arm gilles-peskine-arm mentioned this issue Oct 19, 2021
Closed
@marcobrador
Copy link

Hi! Any update on this?

@daverodgman daverodgman moved this from Mbed TLS early 3.x to High priority 3.0 follow-up in OBSOLETE - PLEASE SEE https://github.com/orgs/Mbed-TLS/projects/1 Jan 10, 2022
@mpg mpg mentioned this issue Jan 10, 2022
Closed
@mpg mpg added the Community label Jan 10, 2022
@mpg
Copy link
Contributor

mpg commented Jan 12, 2022

Hi! Thanks for your report. Could you clarify if you need read or write access to these fields?

Also, it's not clear to me if what you mean exactly by ecdsa_alt functionality. Are you talking about MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and/or MBEDTLS_ECDSA_GENKEY_ALT? If so:

  1. I think it's quite normal for implementors of this function to use the MBEDTLS_PRIVATE macro in order to get access to private fields, and that doesn't mean these fields should be made public to everyone.
  2. It's not clear to me why you need access to pk_ctx in mbedtls_pk_context_t for that, can you clarify?

@sevilS
Copy link
Author

sevilS commented Jan 13, 2022

Hello!
i will try to explain our use case. We use ecdsa_alt functionality. But we don't need the private fields for the function itself, it is for the configuration steps.

In order to use it, we need some information that needs to be recovered in the sign method, this information is basically a key handle. We use the method mbedtls_mpi_read_binary((*mbedtls_ecp_keypair)keyPair->d, ourKeyHandle, ..); to do it.
That's why we need access to d field.

After this call we reassign the value:
(*mbedtls_pk_context_t).pk_ctx = keyPair;
If I am honest, looking at the mbedtls code, this last part is not required, as the method mbedtls_pk_ec is sending the same pointer we assign afterwards. But we need to get access to the d field for sure.

Thanks!

@paul-elliott-arm paul-elliott-arm mentioned this issue Mar 18, 2022
Merged
@daverodgman daverodgman added this to High priority 3.0 follow-up in EPICs for Mbed TLS Mar 30, 2022
@awakecoding awakecoding mentioned this issue Dec 22, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component-crypto Crypto primitives and low-level interfaces enhancement size-s Estimated task size: small (~2d)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add ECP keypair export function mprse/mbedtls
4 participants
@mpg @marcobrador @sevilS @gilles-peskine-arm