I am not sure I completely understand the PSA API for key exchange.
I have been creating a private key, exporting the public key, passing that successfully to the peer, obtaining the peer's public key, and I want to use psa_raw_key_agreement to obtain the shared secret. But it fails in:
if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; }
The value of "alg" is 0x06000609, computed as PSA_ALG_ECDSA(PSA_ALG_SHA_256). That's probably wrong, but I do not know why...
-- Christian Huitema
On 9/13/2023 5:04 PM, Christian Huitema via mbed-tls wrote:
I am not sure I completely understand the PSA API for key exchange.
I have been creating a private key, exporting the public key, passing that successfully to the peer, obtaining the peer's public key, and I want to use psa_raw_key_agreement to obtain the shared secret. But it fails in:
if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; }
The value of "alg" is 0x06000609, computed as PSA_ALG_ECDSA(PSA_ALG_SHA_256). That's probably wrong, but I do not know why...
I understand better now. For sec256r1, I am setting alg to PSA_ALG_ECDH, and the tests are passing. But it took a lot of trial and error, trying to parse the documentation, looking at usage in the source code, etc.
-- Christian Huitema
mbed-tls@lists.trustedfirmware.org
-
Christian Huitema