Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PK: RSA verification #5159

Closed
mpg opened this issue Nov 12, 2021 · 1 comment · Fixed by #5568
Closed

PK: RSA verification #5159

mpg opened this issue Nov 12, 2021 · 1 comment · Fixed by #5568
Assignees
@superna9999
Labels
enhancement size-s Estimated task size: small (~2d)

Comments

@mpg
Copy link
Contributor

mpg commented Nov 12, 2021
edited
Loading

In library/pk_wrap.c, provide an implementation of rsa_verify_wrap to use psa_verify_hash() instead of mbedtls_rsa_pkcs1_verify() when MBEDTLS_USE_PSA_CRYPTO is enabled.

This will require creating a temporary PSA public key with appropriate permissions. An example of this can be found in ecdsa_verify_wrap() in the same file (note: there are two definitions of ecdsa_very_wrap(), we want to look at the one used with MBEDTLS_USE_PSA_CRYPTO).

Note: when setting up the attributes of the temporary PSA key, when md_alg is MBEDTLS_MD_NONE we need to use PSA_ALG_RSA_PKCS1V15_SIGN_RAW; otherwise we can use the helper function mbedtls_psa_translate_md() to get a PSA alg from to use with PSA_ALG_RSA_PKCS1V15_SIGN().

Note: this function is only used for PKCS#1 v1.5, PSS uses a different key type in PK, so it's not a concern here.

Similar: #5161
@mpg mpg added enhancement Product Backlog size-s Estimated task size: small (~2d) labels Nov 12, 2021
@mpg mpg added this to Incoming Items in OBSOLETE - SEE https://github.com/orgs/Mbed-TLS/projects/3 via automation Nov 12, 2021
@mpg mpg mentioned this issue Nov 12, 2021
Closed
@mpg mpg mentioned this issue Dec 2, 2021
Closed
@mpg mpg changed the title Use PSA for RSA PKCS#1 v1.5 signature verification in PK PK: RSA verification Dec 7, 2021
@mpg mpg moved this from Use PSA Crypto more - part 1 to Use PSA Crypto more - part 2 in OBSOLETE - PLEASE SEE https://github.com/orgs/Mbed-TLS/projects/1 Dec 15, 2021
@superna9999 superna9999 mentioned this issue Feb 22, 2022
Merged
2 tasks
@superna9999
Copy link
Contributor

@mpg Can you assign me this issue and link #5568 ?

@daverodgman daverodgman added this to Use PSA Crypto more - part 2 in EPICs for Mbed TLS Mar 30, 2022
@mpg mpg closed this as completed in #5568 Apr 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@superna9999 superna9999

Labels
enhancement size-s Estimated task size: small (~2d)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

PK: RSA verification superna9999/mbedtls
3 participants
@mpg @superna9999 @gilles-peskine-arm