Description

The key_bits that are part of the psa_key_attributes_t are restricted to certain values in the PSA specification. An example is PSA_ECC_FAMILY_SECP_R1, which allows for key_bits = 256, among others.

However, in https://github.com/RIOT-OS/RIOT/blob/master/examples/psa_crypto/example_ecdsa_p256.c#L91, key_bits is set to the size of the exported key, which at least for PSA_ECC_FAMILY_SECP_R1 doesn't match the expected key_bits (as it is defined here to be 1+2*key_bits).

Changing key_bits to 256 in the given example apparently breaks other invariants of the current implementation, at least some macros seem to expect wrong values of bits. We would probably need to investigate this in more detail. I pushed the change to https://github.com/mguetschow/RIOT/tree/psa-key-bits-cleanup

Steps to reproduce the issue

1. checkout https://github.com/mguetschow/RIOT/tree/psa-key-bits-cleanup
2. make -C examples/psa_crypto all test

Expected results

all operations should succeed

Actual results

ECDSA failed: PSA_ERROR_INVALID_ARGUMENT

References

Encountered while working on #20334