关于SHA256+RSA3072验签无法导入N的问题

yishui66

一、背景
现需求公钥在产线上写入N和E，下位机能支持用N和E验签。

二、现状
我在ME05的demo（即RSA_example.c）里尝试进行实现，（实际是要在LE05里跑的）

测试代码如下：

//确定了问题不在哈希，也不在签名，也不在长度，而在 N 导入不正确。
void test_rsa_import(void)
{
    int ret;
    mbedtls_rsa_context rsa;
    mbedtls_mpi N_mpi, E_mpi;

    mbedtls_rsa_init(&rsa);
    mbedtls_mpi_init(&N_mpi);
    mbedtls_mpi_init(&E_mpi);

    // 先打印 N/E_mpi 确认
    print_bytes("N input (first bytes)", N, 16);
    print_bytes("E input", E, sizeof(E));

    // 导入 N/E
    if ((ret = mbedtls_mpi_read_binary(&N_mpi, N, sizeof(N))) != 0) {
        PRINTF("Failed to read N_mpi: -0x%x\r\n", -ret);
        goto cleanup;
    }
    if ((ret = mbedtls_mpi_read_binary(&E_mpi, E, sizeof(E))) != 0) {
        PRINTF("Failed to read E_mpi: -0x%x\r\n", -ret);
        goto cleanup;
    }
    print_rsa_pubkey(&rsa);
    rsa.MBEDTLS_PRIVATE(len) = mbedtls_mpi_size(&N_mpi);
    if ((ret = mbedtls_rsa_import(&rsa, &N_mpi, NULL, NULL, NULL, &E_mpi)) != 0) {
        PRINTF("rsa_import failed: -0x%x\r\n", -ret);
        goto cleanup;
    }
    print_rsa_pubkey(&rsa);
    if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
        PRINTF("rsa_complete failed: -0x%x\r\n", -ret);
        goto cleanup;
    }

    if ((ret = mbedtls_rsa_check_pubkey(&rsa)) != 0) {
        PRINTF("rsa_check_pubkey failed: -0x%x\r\n", -ret);
        goto cleanup;
    }

    PRINTF("rsa.len = %zu bytes\r\n", mbedtls_mpi_size(&rsa.MBEDTLS_PRIVATE(N)));
    print_rsa_pubkey(&rsa);

cleanup:
    mbedtls_rsa_free(&rsa);
    mbedtls_mpi_free(&N_mpi);
    mbedtls_mpi_free(&E_mpi);
}

串口打印出的内容如下：

也就是N导入失败。
我确认过哈希值，签名值，原始N,E 均正确。
完整验签代码如下：

int RSA_verify_with_N_E(void)
{
    int ret = 0;
    mbedtls_rsa_context rsa;
    mbedtls_mpi N_mpi, E_mpi;

    mbedtls_rsa_init(&rsa);
    mbedtls_mpi_init(&N_mpi);
    mbedtls_mpi_init(&E_mpi);

    /* 导入模数和公钥指数 */
    if ((ret = mbedtls_mpi_read_binary(&N_mpi, N, sizeof(N))) != 0) {
        PRINTF("Failed to read N: -0x%X\n", -ret);
        goto cleanup;
    }

    if ((ret = mbedtls_mpi_read_binary(&E_mpi, E, sizeof(E))) != 0) {
        PRINTF("Failed to read E: -0x%X\n", -ret);
        goto cleanup;
    }

    print_bytes("N_mpi before import", N, sizeof(N));
    print_bytes("E_mpi before import", E, sizeof(E));
    PRINTF("N_mpi size = %zu, E_mpi size = %zu\r\n", mbedtls_mpi_size(&N_mpi), mbedtls_mpi_size(&E_mpi));

    if ((ret = mbedtls_rsa_import(&rsa, &N_mpi, NULL, NULL, NULL, &E_mpi)) != 0) {
        PRINTF("rsa_import failed: -0x%X\n", -ret);
        goto cleanup;
    }

    if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
        PRINTF("rsa_complete failed: -0x%X\n", -ret);
        goto cleanup;
    }

    if ((ret = mbedtls_rsa_check_pubkey(&rsa)) != 0) {
        PRINTF("rsa_check_pubkey failed: -0x%X\n", -ret);
        goto cleanup;
    }

    PRINTF("rsa.len = %zu bytes\n", mbedtls_mpi_size(&rsa.MBEDTLS_PRIVATE(N)));
    print_rsa_pubkey(&rsa);

    /* 计算 SHA-256 哈希 */
    uint8_t hash[32];
    if ((ret = mbedtls_md(
            mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
            message, sizeof(message),
            hash)) != 0) {
        PRINTF("SHA256 computation failed: -0x%X\n", -ret);
        goto cleanup;
    }
    PRINTF("SHA256 hash", hash, sizeof(hash));

    /* 验签，hashlen 固定 32 */
    ret = mbedtls_rsa_rsassa_pkcs1_v15_verify(
        &rsa,
        MBEDTLS_MD_SHA256,
        32,
        hash,
        signature_data
    );

    if (ret == 0) {
        PRINTF("SIGNATURE VERIFIED SUCCESSFULLY!\n");
    } else {
        PRINTF("SIGNATURE VERIFICATION FAILED: -0x%X\n", -ret);
    }

cleanup:
    mbedtls_rsa_free(&rsa);
    mbedtls_mpi_free(&N_mpi);
    mbedtls_mpi_free(&E_mpi);

    return ret;
}

请云途大佬帮忙看看该怎么实现背景中描述的应用场景

感谢

我的ME工程如附件：c5b497a7-76a6-4132-94f4-f8fd43340db1-MbedTls_with_PSA_Demo.zip

Frank

DerKey_convert.zip 参考这个文件