You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In library/pk_wrap.c, provide an implementation of rsa_sign_wrap to use psa_sign_hash() instead of mbedtls_rsa_pkcs1_sign().
This will require creating a temporary PSA private key with appropriate permissions. An example of something similar, but with a public key, can be found in ecdsa_verify_wrap() in the same file (note: there are two definitions of ecdsa_very_wrap(), we want to look at the one used with MBEDTLS_USE_PSA_CRYPTO).
Note: when setting up the attributes of the temporary PSA key, when md_alg is MBEDTLS_MD_NONE we need to use PSA_ALG_RSA_PKCS1V15_SIGN_RAW; otherwise we can use the helper function mbedtls_psa_translate_md() to get a PSA alg from to use with PSA_ALG_RSA_PKCS1V15_SIGN().
Note: this function is only used for PKCS#1 v1.5, PSS uses a different key type in PK (which only supports verification, not signing, anyway), so it's not a concern here.
Similar: #5160 and #5274 are also creating a temporary PSA private key.
The text was updated successfully, but these errors were encountered:
In
library/pk_wrap.c
, provide an implementation ofrsa_sign_wrap
to usepsa_sign_hash()
instead ofmbedtls_rsa_pkcs1_sign()
.This will require creating a temporary PSA private key with appropriate permissions. An example of something similar, but with a public key, can be found in
ecdsa_verify_wrap()
in the same file (note: there are two definitions ofecdsa_very_wrap()
, we want to look at the one used withMBEDTLS_USE_PSA_CRYPTO
).Note: when setting up the attributes of the temporary PSA key, when
md_alg
isMBEDTLS_MD_NONE
we need to usePSA_ALG_RSA_PKCS1V15_SIGN_RAW
; otherwise we can use the helper functionmbedtls_psa_translate_md()
to get a PSA alg from to use withPSA_ALG_RSA_PKCS1V15_SIGN()
.Note: this function is only used for PKCS#1 v1.5, PSS uses a different key type in PK (which only supports verification, not signing, anyway), so it's not a concern here.
Similar: #5160 and #5274 are also creating a temporary PSA private key.
The text was updated successfully, but these errors were encountered: