From 63cb13e4949e358697a1edc2a22ccbd722c3c0ed Mon Sep 17 00:00:00 2001
From: Elena Uziunaite <elena.uziunaite@arm.com>
Date: Thu, 5 Sep 2024 12:43:14 +0100
Subject: [PATCH] Replace MBEDTLS_ECP_HAVE_SECP224K1 with
 PSA_WANT_ECC_SECP_K1_224

Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
---
 include/mbedtls/config_adjust_legacy_crypto.h | 3 ---
 library/ssl_tls.c                             | 2 +-
 tests/suites/test_suite_ssl.function          | 4 ++--
 tf-psa-crypto/core/psa_util.c                 | 2 +-
 tf-psa-crypto/drivers/builtin/src/oid.c       | 4 ++--
 tf-psa-crypto/tests/suites/test_suite_pk.data | 2 +-
 6 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h
index 7a375d8646a6..455538817d20 100644
--- a/include/mbedtls/config_adjust_legacy_crypto.h
+++ b/include/mbedtls/config_adjust_legacy_crypto.h
@@ -387,9 +387,6 @@
 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
 #define MBEDTLS_ECP_HAVE_CURVE25519
 #endif
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
-#define MBEDTLS_ECP_HAVE_SECP224K1
-#endif
 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
 #define MBEDTLS_ECP_HAVE_SECP224R1
 #endif
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 49b373905596..b5eb781b47f5 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6241,7 +6241,7 @@ static const struct {
 #if defined(PSA_WANT_ECC_SECP_R1_224)
     { 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224 },
 #endif
-#if defined(MBEDTLS_ECP_HAVE_SECP224K1)
+#if defined(PSA_WANT_ECC_SECP_K1_224)
     { 20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224 },
 #endif
 #if defined(PSA_WANT_ECC_SECP_R1_192)
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 7b71fab1c6aa..667f7ec6f431 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3580,7 +3580,7 @@ void elliptic_curve_get_properties()
 #else
     TEST_UNAVAILABLE_ECC(23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256);
 #endif
-#if defined(PSA_WANT_ECC_SECP_K1_256) || defined(PSA_WANT_ECC_SECP_K1_256)
+#if defined(PSA_WANT_ECC_SECP_K1_256)
     TEST_AVAILABLE_ECC(22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256);
 #else
     TEST_UNAVAILABLE_ECC(22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256);
@@ -3595,7 +3595,7 @@ void elliptic_curve_get_properties()
 #else
     TEST_UNAVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224);
 #endif
-#if defined(MBEDTLS_ECP_HAVE_SECP224K1) || defined(PSA_WANT_ECC_SECP_K1_224)
+#if defined(PSA_WANT_ECC_SECP_K1_224)
     TEST_AVAILABLE_ECC(20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224);
 #else
     TEST_UNAVAILABLE_ECC(20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224);
diff --git a/tf-psa-crypto/core/psa_util.c b/tf-psa-crypto/core/psa_util.c
index 779a852a51f5..36ad0ce59a98 100644
--- a/tf-psa-crypto/core/psa_util.c
+++ b/tf-psa-crypto/core/psa_util.c
@@ -240,7 +240,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
             *bits = 192;
             return PSA_ECC_FAMILY_SECP_K1;
 #endif
-#if defined(MBEDTLS_ECP_HAVE_SECP224K1)
+#if defined(PSA_WANT_ECC_SECP_K1_224)
     /* secp224k1 is not and will not be supported in PSA (#3541). */
 #endif
 #if defined(PSA_WANT_ECC_SECP_K1_256)
diff --git a/tf-psa-crypto/drivers/builtin/src/oid.c b/tf-psa-crypto/drivers/builtin/src/oid.c
index 6c0e373c71f0..c8b6f1adcf6e 100644
--- a/tf-psa-crypto/drivers/builtin/src/oid.c
+++ b/tf-psa-crypto/drivers/builtin/src/oid.c
@@ -578,12 +578,12 @@ static const oid_ecp_grp_t oid_ecp_grp[] =
         MBEDTLS_ECP_DP_SECP192K1,
     },
 #endif /* PSA_WANT_ECC_SECP_K1_192 */
-#if defined(MBEDTLS_ECP_HAVE_SECP224K1)
+#if defined(PSA_WANT_ECC_SECP_K1_224)
     {
         OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1",    "secp224k1"),
         MBEDTLS_ECP_DP_SECP224K1,
     },
-#endif /* MBEDTLS_ECP_HAVE_SECP224K1 */
+#endif /* PSA_WANT_ECC_SECP_K1_224 */
 #if defined(PSA_WANT_ECC_SECP_K1_256)
     {
         OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1",    "secp256k1"),
diff --git a/tf-psa-crypto/tests/suites/test_suite_pk.data b/tf-psa-crypto/tests/suites/test_suite_pk.data
index 6a75facab110..47534dadf6ca 100644
--- a/tf-psa-crypto/tests/suites/test_suite_pk.data
+++ b/tf-psa-crypto/tests/suites/test_suite_pk.data
@@ -668,7 +668,7 @@ pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:0
 
 ## Currently buggy: https://github.com/ARMmbed/mbed-crypto/issues/336
 # PSA wrapped sign: SECP224K1
-# depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP224K1
+# depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_K1_224
 # pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224:0
 
 PSA wrapped sign: SECP256K1