You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In library/pk_wrap.c, re-implement the existing wrapper ecdsa_sign_wrap to use psa_sign_message() instead of mbedtls_rsa_pkcs1_sign().
This will require creating a temporary PSA private key with appropriate permissions. An example of something similar, but with a public key, can be found in ecdsa_verify_wrap() in the same file (note: there are currently two definitions of ecdsa_very_wrap(), we want to look at the one that uses PSA).
This also requires transcoding the resulting signature, as PSA encodes it differently from what the current PK API promises (which is what TLS and X.509 want). There's already a function for that: pk_ecdsa_sig_asn1_from_psa(), currently used by pk_opaque_sign_wrap().
The resulting wrapper will most likely look like a mix of the existing (PSA-based) ecdsa_very_wrap() (management of the temporary key) and pk_opaque_sign_wrap() (transcoding of the signature and or parameters / error codes).
Depends on: #5156 (to be able to use PSA without #ifdefs).
The text was updated successfully, but these errors were encountered:
In
library/pk_wrap.c
, re-implement the existing wrapperecdsa_sign_wrap
to usepsa_sign_message()
instead ofmbedtls_rsa_pkcs1_sign()
.This will require creating a temporary PSA private key with appropriate permissions. An example of something similar, but with a public key, can be found in
ecdsa_verify_wrap()
in the same file (note: there are currently two definitions ofecdsa_very_wrap()
, we want to look at the one that uses PSA).This also requires transcoding the resulting signature, as PSA encodes it differently from what the current PK API promises (which is what TLS and X.509 want). There's already a function for that:
pk_ecdsa_sig_asn1_from_psa()
, currently used bypk_opaque_sign_wrap()
.The resulting wrapper will most likely look like a mix of the existing (PSA-based)
ecdsa_very_wrap()
(management of the temporary key) andpk_opaque_sign_wrap()
(transcoding of the signature and or parameters / error codes).Depends on: #5156 (to be able to use PSA without
#ifdef
s).The text was updated successfully, but these errors were encountered: