I have one problem report and some related questions:
Problem report:
When executing the RSA sampe provided with SDK 2.1.0 on the nRD5340DK board the psa_sign_hash function fails with -133 (PSA_ERROR_NOT_PERMITTED).
The explanation PSA_ERROR_NOT_PERMITTED informs me that a policy is preventing the operation. But as I am using a unmodified sample code. I cannot see which policy change I should have caused. Can you help finding the cause of this behavior?
Questions:
1) I have a requirement to implement RSA OAEP(SHA1) public key encryption using 3072 bit keys. The CryptoCell on the nRF5340 has a upper limit of 2048 bit keys. The question is, how can I implement the required encryption operation? Is using mbed_tsl directly an option or is the 2048 bit key limit also imposed on this API?
2) When attempting to do RSA OAEP(SHA1) using a supposedly supported 2048 bit key, this fails with return code -147 (PSA_ERROR_HARDWARE_FAILURE). There are no sample code performing RSA public key encryption using the CryptoCell, is this operation not supported?
