I am working on signing a string with an RSA key with SHA-1 and have been having trouble with various error codes such as -133, -134, and -135.
Currently using nRF9160 with the nRF Connect SDK v2.2.0 on a MacOS development enviornment.
I am actually developing on an nRF9160 Feather board, however I am fairly certain the configuration files are correct for this board.
The sample, without modification, works correctly for the SHA-256 signing example.
The signature acts as a validation check and the insecure risk of SHA-1 is not a problem.
I have been able to successfully load the 384 bit keys that I am using. I don't believe a hash is being used, the string is not very long. I have computed the expected BASE64 output of the signature, it is located at the top of the main.c file. There are also functions added to convert between BASE64 and binary format as the RSA key will be read off an SD card in BASE64 format.
I have found another thread that is close to this issue and from what I read the TF-M does not support SHA-1, which might be my issue, but I am not sure how to go about disabling the TF-M support to use another method that supports SHA-1. How would I go about disabling the TF-M support to move the RSA SHA-1 signing functionality from hardware to software?
RE: nRF5340 CryptoCell-312 SHA-1 Support via PSA Crypto API
I am uploading the project and any advice that can be provided would be helpful.
This is the samples/crypto/rsa sample with some modifications.
Any help would be appreciated.
