Arm Mbed OS support forum

Support for RSA encryption using OAEP padding with 2 different message digests

Hi all,

I’m porting some code from OpenSSL to Mbed TLS.
The code is encrypting some data using the OpenSSL RSA mode RSA_OAEPWithSHA256AndMGF1SHA1Padding.

This mode uses 2 different message digest functions for the OAEP padding: SHA256 and SHA1.
I was wondering how I can achieve this using Mbed TLS, since it seems the API only allows one message digest function to be set.

What I did so far was:

mbedtls_rsa_set_padding(rsa_key, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
mbedtls_rsa_pkcs1_encrypt(rsa_key, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PUBLIC, payload_len, payload_buf, output_buf);

But it seems this code is equivalent to OpenSSL mode RSA_OAEPWithSHA256AndMGF1SHA256Padding, since I can correctly decrypt the output with this OpenSSL mode (and not with the one I wanted, RSA_OAEPWithSHA256AndMGF1SHA1Padding).

Does anyone know a way of getting 2 different message digest functions in OAEP?

Thanks a lot!