Hello everyone,
I am using NRF5340-DK for my project and I am trying to combine X509 certificates (using MBEDTLS) with RSA operations (using PSA). This is my current proj.conf configuration related to crypto operations:
CONFIG_NRF_SECURITY=y CONFIG_MBEDTLS=y CONFIG_MBEDTLS_ENABLE_HEAP=y CONFIG_MBEDTLS_HEAP_SIZE=50000 CONFIG_MBEDTLS_LEGACY_CRYPTO_C=y CONFIG_MBEDTLS_X509_LIBRARY=y CONFIG_MBEDTLS_X509_USE_C=y CONFIG_MBEDTLS_X509_CRT_PARSE_C=y CONFIG_MBEDTLS_ECP_C=y CONFIG_MBEDTLS_ECDSA_C=y CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR=y CONFIG_PSA_WANT_RSA_KEY_SIZE_1024=y CONFIG_PSA_WANT_ALG_RSA_PKCS1V15_CRYPT=y CONFIG_PSA_WANT_ALG_RSA_PKCS1V15_SIGN=y CONFIG_PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY=y CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT=y
As I am activating NRF_SECURITY for PSA crypto, I need the CONFIG_MBEDTLS_LEGACY_CRYPTO_C in order to compile functions such as 'mbedtls_x509_crt_init'. However, when I set this option, the RSA functions such as import key starts the return INVALID ARGUMENT. Seems that there is some kind of incompability when joining these functionalities. m_privKeyAttr = PSA_KEY_ATTRIBUTES_INIT;
m_pubKeyAttr = PSA_KEY_ATTRIBUTES_INIT;
if (privKey != NULL)
{
/* Configure the private key attributes */
psa_set_key_type(&m_privKeyAttr, PSA_KEY_TYPE_RSA_KEY_PAIR);
psa_set_key_usage_flags(&m_privKeyAttr, PSA_KEY_USAGE_DECRYPT);
psa_set_key_algorithm(&m_privKeyAttr, PSA_ALG_RSA_PKCS1V15_CRYPT);
psa_set_key_bits(&m_privKeyAttr, 1024);
status = psa_import_key(&m_privKeyAttr, privKey, privLen, &m_privKeyId);
if (status != PSA_SUCCESS)
{
return status;
}
}
Can someone help?
BR
