RIOT icon indicating copy to clipboard operation
RIOT copied to clipboard

Published 20 hours ago verified publisher icon RIOT-OS

sys/psa_crypto: correct use of (ECDSA) key_bits

Open mguetschow opened this issue 10 months ago • 1 comments

Contribution description

The key_bits that are part of the psa_key_attributes_t are restricted to certain values in the PSA specification. An example is PSA_ECC_FAMILY_SECP_R1, which allows for key_bits = 256, among others.

However, in https://github.com/RIOT-OS/RIOT/blob/master/examples/psa_crypto/example_ecdsa_p256.c#L91, key_bits was set to the size of the exported key, which at least for PSA_ECC_FAMILY_SECP_R1 doesn't match the expected key_bits (as it is defined here to be 1+2*key_bits).

Fixing this revealed a unnecessary computation of the curve_bits, which actually match the key_bits according to the specification. Removed the respective macros and adapted all their usage.

Testing procedure

CI should suffice to see that compilation and the tests succeed.

Issues/PRs references

Fixes #20468.

Draft since blocked by #20545: the change in examples/psa_crypto/example_ecdsa_p256.c needs to be copied to tests/sys/psa_crypto_ecdsa*/example_ecdsa_p256.c

mguetschow avatar Apr 22 '24 10:04 mguetschow

Murdock results

:heavy_check_mark: PASSED

15e48f0cf3aeeb1ba2b31bd1c2782b2e96fa29f3 sys/psa_crypto: correct use of (ECDSA) key_bits

Success Failures Total Runtime
10083 0 10083 13m:20s

Artifacts

riot-ci avatar Apr 22 '24 12:04 riot-ci

Thank you all! :tada:

mguetschow avatar May 16 '24 11:05 mguetschow

Thank you all! :tada:

mguetschow avatar May 16 '24 11:05 mguetschow