I’m struggling with MBEDTLS on platform STM32F4xx. I had used this product for signing SOAP structure of XML document. So far, to create XML document, canonization (c14n) and prescribed element (tag) I’m usuing library LIBXML. Created cannonization string, HASH (“mbedtls_sha256_ret()”) and base64 (“mbedtls_base64_encode()”) is correct. The result I had comparred with another XML (correct) document.
But, I have a trouble with signature of this. I exported private key from *.p12 file by openssl to *.pem and parsing by mbedtls_pk_parse_key().
Algorithm to signing is RSA-SHA256.
String for this function (sign) after base64 encode is not the same as in correct XML document.
I’m check this key with public key in certificate by mbedtls_pk_check_pair() - with result 0.
I had tried signing by mbedtls_rsa_pkcs1_sign(), mbedtls_pk_sign(), private RSA key from the same *.p12 file - with the same wrong signature.
Which settings of “mbedtls_config.h” affects the signature?
How to correctly sign the SOAP structure, described https://www.w3.org/TR/xmldsig-core1, by the MBEDTLS?