Issue with RSA Intermediate Certificate Import using HSE

Hello Team,

We are currently facing an issue during the import and authentication of an RSA intermediate certificate using the HSE APIs.

After implementing the necessary changes to support RSA certificates, we attempted to import the intermediate RSA certificate and verify it using the corresponding root public key. However, despite trying various combinations of tbsOffset, tbsLen, and signOffset values within the certificate structure, the HSE consistently returns the response code: HSE_SRV_RSP_VERIFY_FAILED

We have verified the certificates, and the key data used, and the root public key appears to be correctly configured. The issue persists across different offset configurations and certificates.

Could you please help us identify what might be going wrong or guide us on the correct interpretation of the offsets (especially rsaModulusOffset, rsaExponentOffset, tbsOffset, tbsLen, and signOffset) in the context of the RSA certificate structure? Additionally, are there any specific requirements or checks performed internally by HSE that might be causing the verification to fail?

We have followed the same approach as demonstrated for ECC certificate import (via HSE_ImportECCCert) in the hse_certificate.c file, which was shared in the HSE FW version HSE_DEMOAPP_S32G3XX_0_2_64_0. For your reference, we have attached this file along with our request.

We are happy to provide further details such as the certificate content, root public key, and service descriptor configuration if needed.

Looking forward to your support.