RSA example fails on psa_sign_hash returning -133

RE: RSA example fails on psa_sign_hash returning -133

Riccardo Gaiati — Wed, 21 May 2025 14:43:13 GMT

Thanks so much for the prompt reply Sigurd. Much appreciated !

RE: RSA example fails on psa_sign_hash returning -133

Sigurd Hellesvik — Wed, 21 May 2025 12:45:52 GMT

Hi Riccardo,

From Features: Asymmetric encryption support, see

Also see
nRF5340 CC312 RSA 2048 psa_asymmetric_encrypt PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) Error Issue

RE: RSA example fails on psa_sign_hash returning -133

Riccardo Gaiati — Wed, 21 May 2025 11:35:08 GMT

Hi Sigurd,

does the PSA Crypto api support 2048 bit RSA OEAP operation, from SDK 2.7.0 upwards ?
Thanks in advance !

Kind regards

Riccardo

RE: RSA example fails on psa_sign_hash returning -133

TBing — Fri, 03 Feb 2023 14:36:37 GMT

Hi John

Thanks for the information!

I think you are correct that a lot might have changed in the SDK around PSA (and mbed_tsl integration).

Fortunately I was able to use the mbed_tsl API directly, but spend quite some time realizing that.

In SDK 2.1.1 the unmodified "RSA" sample that uses PSA does not work (even on the nRF5340DK board). So I will stick with the mbed_tsl API for now.

RE: RSA example fails on psa_sign_hash returning -133

johntaylor2 — Fri, 03 Feb 2023 14:25:13 GMT

Tony,

I ran into PSA_ERROR_NOT_SUPPORT (-134) error when trying to use RSA decryption with a 2048 bit key. I traced down the error to the mbedtls_psa_rsa_export_key() function being conditionally compiled to a hard coded failure. I added the following statements to my prj.conf file and now I am working. Caveat: I am using an older version of the SDK (v1.7) - so YMMV.

CONFIG_MBEDTLS_RSA_C=y
CONFIG_MBEDTLS_PK_WRITE_C=y

RE: RSA example fails on psa_sign_hash returning -133

TBing — Tue, 24 Jan 2023 15:18:28 GMT

Hi Sigurd

Thanks for your effort!

Using the mbed_tsl API does works for RSA 3072 bit encryption.

I think that you should make tickets on the found problems:

- RSA signing sample included in SDK does not work.

- PSA cannot be used for RSA encryption (I could not make it work even for 1024 bit keys)

I have added my mbed_tsl code for other with similar problems:

// Output size must be == keysize == keysizeBits / 8
bool mbedTslTest(const uint8_t *input, size_t input_len, uint8_t *output) {
  mbedtls_rsa_context rsa;

  /* Initialize RSA Context */
  mbedtls_rsa_init(&rsa);

  int ret = mbedtls_rsa_set_padding(&rsa, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA1);
  if (ret) {
    LOG_INF("failed! to confuigure padding: -%04x", -ret);
    return (ret);
  }

  ret = mbedtls_rsa_import_raw(&rsa,
                               &RSA_N_3072[0], sizeof(RSA_N_3072),
                               NULL, 0,
                               NULL, 0,
                               NULL, 0,
                               &RSA_E_3072[0], sizeof(RSA_E_3072));
  
  if (ret) {
    LOG_INF("failed! mbedtls_rsa_import_raw: -%04x", -ret);
    return (ret);
  }

  ret = mbedtls_rsa_complete(&rsa);
  if (ret) {
    LOG_INF("failed! mbedtls_rsa_complete: -%04x", -ret);
    return (ret);
  }

  ret = mbedtls_rsa_rsaes_oaep_encrypt(&rsa, mbedtls_random, NULL, NULL, 0, input_len, input, output);
  if (ret) {
    LOG_INF("failed! mbedtls_rsa_rsaes_oaep_encrypt: -%04x", -ret);
    return false;
  }

  LOG_INF("Success");

  return true;
}

PSA can be use as RNG:

int mbedtls_random( void *p_rng, unsigned char *output,
                             size_t outputLen ){
  psa_status_t status = psa_generate_random(output, outputLen);
  if (status != PSA_SUCCESS) {
    LOG_ERR("psa_generate_random failed! (Error: %d)", outputLen);
    return -1;
  }

  return 0;
}

Regards Tonny

RE: RSA example fails on psa_sign_hash returning -133

Sigurd Hellesvik — Mon, 23 Jan 2023 17:22:27 GMT

Hi,

Checking with our developers, it seems that our PSA Crypto API does not yet support 2048 bit keys.

Instead, I suggest that you use the mbedtls API directly.
I think the API you look for is https://github.com/nrfconnect/sdk-mbedtls/blob/main/library/psa_crypto_rsa.h.

Regards,
Sigurd Hellesvik

RE: RSA example fails on psa_sign_hash returning -133

TBing — Fri, 20 Jan 2023 14:47:29 GMT

Hi Sigurd

If you remove the psa_export_public_key, and related then you are not doing public key encryption using a public (only) key.

The method psa_asymmetric_encrypt is intended to use a public key without the private part.

This is the purpose of asymmetric cryptography, so this approach will not work.

RE: RSA example fails on psa_sign_hash returning -133

Sigurd Hellesvik — Fri, 20 Jan 2023 14:38:37 GMT

To start, I will test our rsa sample.

I only changed the size from 1024 to 2048, and i t seems that it is psa_export_public_key fails with -147.
If I remove psa_export_public_key and the anything which use the public key, the sample runs without error.

I have looked a bit at why the encryption is NOT_PERMITTED, but have not found out why this is.

I will look some more into this and return with more information on Monday.

Regards,
Sigurd Hellesvik

RE: RSA example fails on psa_sign_hash returning -133

TBing — Fri, 20 Jan 2023 07:47:58 GMT

Hi Sigurd

We want to use the CryptoCell, so our requirement has been lowered to the supported 2048 bit keys.

I have used the code sample from the nRFSDK 2.1.0 called RSA that performs RSA signature and signature verification.

As described this sample fails at my end, when using the nRF5340DK board with error -133.

I have attached the sample including my enhancements to perform RSA encryption.

Per default, encryption is tested. Signature can be tested by uncommenting the line:

#define TEST_RSA_ENCRYPTION (1)

The test shows:

1) RSA signature/verification fails with -133.

2) RSA key generation using keys above 1024 bits hangs the program.

3) RSA encryption using key size 1024 fails with -133.

We need to perform a 2048 bit RSA OEAP operation, which should be supported according to the documentation / nRF5340 datasheet.

I appreciate your effort, hope you are able to help solving this issue.

Regards Tonny

devzone.nordicsemi.com/.../rsa_5F00_encrypt_5F00_or_5F00_sign_5F00_test.zip

RE: RSA example fails on psa_sign_hash returning -133

Sigurd Hellesvik — Thu, 19 Jan 2023 13:13:55 GMT

Hi,

Can you share the lines of code (or sample) you use to do RSA OAEP?
(Use Insert->Code to insert code)

[quote user=""]1) I have a requirement to implement RSA OAEP(SHA1) public key encryption using 3072 bit keys. The CryptoCell on the nRF5340 has a upper limit of 2048 bit keys. The question is, how can I implement the required encryption operation? Is using mbed_tsl directly an option or is the 2048 bit key limit also imposed on this API?[/quote]

For a quick look, I were not able to figure out what the Mbed TLS key limit would be.
From our Driver configurations and supported features:
"If a specific cryptographic feature is not supported by a PSA driver but the algorithm is configured to be used, then Built-in Mbed TLS will be enabled to ensure the feature is available."

So you can use Mbed TLS for this from the PSA API.
Using the Mbed TLS API directly is also an option, but I recommend trying the PSA API first.
Can you try to use Mbed TLS to do the same operation, and see if it works that way?

[quote user=""]2) When attempting to do RSA OAEP(SHA1) using a supposedly supported 2048 bit key, this fails with return code -147 (PSA_ERROR_HARDWARE_FAILURE). There are no sample code performing RSA public key encryption using the CryptoCell, is this operation not supported?[/quote]

Which function returns this error?

Do you get the same error for 1024?

Regards,
Sigurd Hellesvik

RE: RSA example fails on psa_sign_hash returning -133

Sigurd Hellesvik — Wed, 18 Jan 2023 09:50:47 GMT

Hi,

I will look into this and return with more information tomorrow.

Regards,
Sigurd Hellesvik