sys/psa_crypto: correct use of (ECDSA) key_bits #20607
Merged
+14
−32
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Contribution description
The
key_bits
that are part of thepsa_key_attributes_t
are restricted to certain values in the PSA specification. An example is PSA_ECC_FAMILY_SECP_R1, which allows forkey_bits = 256
, among others.However, in https://github.com/RIOT-OS/RIOT/blob/master/examples/psa_crypto/example_ecdsa_p256.c#L91,
key_bits
was set to the size of the exported key, which at least for PSA_ECC_FAMILY_SECP_R1 doesn't match the expectedkey_bits
(as it is defined here to be1+2*key_bits
).Fixing this revealed a unnecessary computation of the
curve_bits
, which actually match thekey_bits
according to the specification. Removed the respective macros and adapted all their usage.Testing procedure
CI should suffice to see that compilation and the tests succeed.
Issues/PRs references
Fixes #20468.
Draft since blocked by #20545: the change inDone ✔️examples/psa_crypto/example_ecdsa_p256.c
needs to be copied totests/sys/psa_crypto_ecdsa*/example_ecdsa_p256.c