The specification of the "psa_verify_message" function is simple enough: pass a key ID, an algorithm ID, the data that were signed, the signature received from the peer, and receive a status. There is just one tiny problem: in the application, the algorithm ID is specified as a 16 bit TLS SignatureScheme (https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-sig...), which is not quite the same as "psa_algorithm_t". Is there a simple way to covert from TLS SignatureScheme to PSA ALgorithm identifier? Maybe a two columns table?
-- Christian Huitema
Hi Christian,
We don't provide such a function. Even in the TLS module, the conversion is done indirectly, from TLS::SignatureScheme to Mbed_TLS::mbedtls_{md,pk}_type_t and from those to psa_algorithm_t.
The signature scheme mostly breaks down into a signature algorithm octet and a hash algorithm octet. You can get away with breaking it down as
switch (sigalg & 0xff) { case 0x01: alg = PSA_ALG_RSA_PKCS1_V15_SIGN_BASE; /* etc */ } switch (sigalg & 0xff00) { case 0x0200: hash_alg = PSA_ALG_SHA1; /* etc */ } alg |= hash_alg & PSA_ALG_HASH_MASK;
Although do note that the _BASE and _MASK constants are not part of the public API (but they're very unlikely to be removed from 3.6 LTS). Considering that such bit-twiddling comes up quite often, I wonder if we should be less wary of making them official.
Best regards,
mbed-tls@lists.trustedfirmware.org
-
Christian Huitema -
Gilles Peskine