Hi Christian,

We don't provide such a function. Even in the TLS module, the conversion is done indirectly, from TLS::SignatureScheme to Mbed_TLS::mbedtls_{md,pk}_type_t and from those to psa_algorithm_t.

The signature scheme mostly breaks down into a signature algorithm octet and a hash algorithm octet. You can get away with breaking it down as

switch (sigalg & 0xff) { case 0x01: alg = PSA_ALG_RSA_PKCS1_V15_SIGN_BASE; /* etc */ }
switch (sigalg & 0xff00) { case 0x0200: hash_alg = PSA_ALG_SHA1; /* etc */ }
alg |= hash_alg & PSA_ALG_HASH_MASK;

Although do note that the _BASE and _MASK constants are not part of the public API (but they're very unlikely to be removed from 3.6 LTS). Considering that such bit-twiddling comes up quite often, I wonder if we should be less wary of making them official.

Best regards,

--
Gilles Peskine
Mbed TLS developer and PSA Crypto API architect


On 11/05/2024 01:00, Christian Huitema via mbed-tls wrote:
The specification of the "psa_verify_message" function is simple enough: pass a key ID, an algorithm ID, the data that were signed, the signature received from the peer, and receive a status. There is just one tiny problem: in the application, the algorithm ID is specified as a 16 bit TLS SignatureScheme (https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme), which is not quite the same as "psa_algorithm_t". Is there a simple way to covert from TLS SignatureScheme to PSA ALgorithm identifier? Maybe a two columns table?

-- Christian Huitema