You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In library/pk_wrap.c, provide an implementation of rsa_verify_wrap to use psa_verify_hash() instead of mbedtls_rsa_pkcs1_verify() when MBEDTLS_USE_PSA_CRYPTO is enabled.
This will require creating a temporary PSA public key with appropriate permissions. An example of this can be found in ecdsa_verify_wrap() in the same file (note: there are two definitions of ecdsa_very_wrap(), we want to look at the one used with MBEDTLS_USE_PSA_CRYPTO).
Note: when setting up the attributes of the temporary PSA key, when md_alg is MBEDTLS_MD_NONE we need to use PSA_ALG_RSA_PKCS1V15_SIGN_RAW; otherwise we can use the helper function mbedtls_psa_translate_md() to get a PSA alg from to use with PSA_ALG_RSA_PKCS1V15_SIGN().
Note: this function is only used for PKCS#1 v1.5, PSS uses a different key type in PK, so it's not a concern here.
In
library/pk_wrap.c
, provide an implementation ofrsa_verify_wrap
to usepsa_verify_hash()
instead ofmbedtls_rsa_pkcs1_verify()
whenMBEDTLS_USE_PSA_CRYPTO
is enabled.This will require creating a temporary PSA public key with appropriate permissions. An example of this can be found in
ecdsa_verify_wrap()
in the same file (note: there are two definitions ofecdsa_very_wrap()
, we want to look at the one used withMBEDTLS_USE_PSA_CRYPTO
).Note: when setting up the attributes of the temporary PSA key, when
md_alg
isMBEDTLS_MD_NONE
we need to usePSA_ALG_RSA_PKCS1V15_SIGN_RAW
; otherwise we can use the helper functionmbedtls_psa_translate_md()
to get a PSA alg from to use withPSA_ALG_RSA_PKCS1V15_SIGN()
.Note: this function is only used for PKCS#1 v1.5, PSS uses a different key type in PK, so it's not a concern here.
Similar: #5161
The text was updated successfully, but these errors were encountered: