Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PK: RSA signing #5162

Closed
mpg opened this issue Nov 12, 2021 · 0 comments · Fixed by #5571
Closed

PK: RSA signing #5162

mpg opened this issue Nov 12, 2021 · 0 comments · Fixed by #5571
Assignees
@superna9999
Labels
enhancement size-s Estimated task size: small (~2d)

Comments

@mpg
Copy link
Contributor

mpg commented Nov 12, 2021
edited
Loading

In library/pk_wrap.c, provide an implementation of rsa_sign_wrap to use psa_sign_hash() instead of mbedtls_rsa_pkcs1_sign().

This will require creating a temporary PSA private key with appropriate permissions. An example of something similar, but with a public key, can be found in ecdsa_verify_wrap() in the same file (note: there are two definitions of ecdsa_very_wrap(), we want to look at the one used with MBEDTLS_USE_PSA_CRYPTO).

Note: when setting up the attributes of the temporary PSA key, when md_alg is MBEDTLS_MD_NONE we need to use PSA_ALG_RSA_PKCS1V15_SIGN_RAW; otherwise we can use the helper function mbedtls_psa_translate_md() to get a PSA alg from to use with PSA_ALG_RSA_PKCS1V15_SIGN().

Note: this function is only used for PKCS#1 v1.5, PSS uses a different key type in PK (which only supports verification, not signing, anyway), so it's not a concern here.

Similar: #5160 and #5274 are also creating a temporary PSA private key.
@mpg mpg added enhancement Product Backlog size-s Estimated task size: small (~2d) labels Nov 12, 2021
@mpg mpg added this to Incoming Items in OBSOLETE - SEE https://github.com/orgs/Mbed-TLS/projects/3 via automation Nov 12, 2021
@mpg mpg changed the title Use PSA for RSA PKCS#1 v1.5 signature verification in PK Use PSA for RSA PKCS#1 v1.5 signature generation in PK Nov 12, 2021
This was referenced Dec 2, 2021
Closed
Closed
@mpg mpg changed the title Use PSA for RSA PKCS#1 v1.5 signature generation in PK PK: RSA signing in PK Dec 7, 2021
@mpg mpg changed the title PK: RSA signing in PK PK: RSA signing Dec 7, 2021
@mpg mpg moved this from Use PSA Crypto more - part 1 to Use PSA Crypto more - part 2 in OBSOLETE - PLEASE SEE https://github.com/orgs/Mbed-TLS/projects/1 Dec 15, 2021
@superna9999 superna9999 mentioned this issue Feb 22, 2022
Merged
2 tasks
@superna9999 superna9999 self-assigned this Mar 7, 2022
@daverodgman daverodgman added this to Use PSA Crypto more - part 2 in EPICs for Mbed TLS Mar 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@superna9999 superna9999

Labels
enhancement size-s Estimated task size: small (~2d)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

PK: RSA signing superna9999/mbedtls
2 participants
@mpg @superna9999