TARGET_TFM_V1_0: compatibility with Mbed TLS 2.24.0

Mbed TLS 2.24.0 requires a few new macros and an inline function in
the PSA Crypto header. This PR adds them to make sure the TF-M v1.0
target (specifically CYTFM_064B0S2_4343W) continues to compile with
the new Mbed TLS.

Note: Support for older versions of TF-M than v1.2 will be dropped,
so existing TF-M targets should migrate to TF-M v1.2 as soon as
possible.

Author: LDong-Arm

platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_V1_0/include/psa/crypto_extra.h

@@ -50,6 +50,91 @@ static inline void psa_set_key_enrollment_algorithm(
     attributes->core.policy.alg2 = alg2;
 }
 
+#if defined(MBEDTLS_ECP_C)
+#include <mbedtls/ecp.h>
+
+/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
+ *
+ * \note This function is provided solely for the convenience of
+ *       Mbed TLS and may be removed at any time without notice.
+ *
+ * \param grpid         An Mbed TLS elliptic curve identifier
+ *                      (`MBEDTLS_ECP_DP_xxx`).
+ * \param[out] bits     On success, the bit size of the curve.
+ *
+ * \return              The corresponding PSA elliptic curve identifier
+ *                      (`PSA_ECC_FAMILY_xxx`).
+ * \return              \c 0 on failure (\p grpid is not recognized).
+ */
+static inline psa_ecc_family_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
+                                                        size_t *bits )
+{
+    switch( grpid )
+    {
+        case MBEDTLS_ECP_DP_SECP192R1:
+            *bits = 192;
+            return( PSA_ECC_FAMILY_SECP_R1 );
+        case MBEDTLS_ECP_DP_SECP224R1:
+            *bits = 224;
+            return( PSA_ECC_FAMILY_SECP_R1 );
+        case MBEDTLS_ECP_DP_SECP256R1:
+            *bits = 256;
+            return( PSA_ECC_FAMILY_SECP_R1 );
+        case MBEDTLS_ECP_DP_SECP384R1:
+            *bits = 384;
+            return( PSA_ECC_FAMILY_SECP_R1 );
+        case MBEDTLS_ECP_DP_SECP521R1:
+            *bits = 521;
+            return( PSA_ECC_FAMILY_SECP_R1 );
+        case MBEDTLS_ECP_DP_BP256R1:
+            *bits = 256;
+            return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
+        case MBEDTLS_ECP_DP_BP384R1:
+            *bits = 384;
+            return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
+        case MBEDTLS_ECP_DP_BP512R1:
+            *bits = 512;
+            return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
+        case MBEDTLS_ECP_DP_CURVE25519:
+            *bits = 255;
+            return( PSA_ECC_FAMILY_MONTGOMERY );
+        case MBEDTLS_ECP_DP_SECP192K1:
+            *bits = 192;
+            return( PSA_ECC_FAMILY_SECP_K1 );
+        case MBEDTLS_ECP_DP_SECP224K1:
+            *bits = 224;
+            return( PSA_ECC_FAMILY_SECP_K1 );
+        case MBEDTLS_ECP_DP_SECP256K1:
+            *bits = 256;
+            return( PSA_ECC_FAMILY_SECP_K1 );
+        case MBEDTLS_ECP_DP_CURVE448:
+            *bits = 448;
+            return( PSA_ECC_FAMILY_MONTGOMERY );
+        default:
+            *bits = 0;
+            return( 0 );
+    }
+}
+
+/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
+ *
+ * \note This function is provided solely for the convenience of
+ *       Mbed TLS and may be removed at any time without notice.
+ *
+ * \param curve         A PSA elliptic curve identifier
+ *                      (`PSA_ECC_FAMILY_xxx`).
+ * \param byte_length   The byte-length of a private key on \p curve.
+ *
+ * \return              The corresponding Mbed TLS elliptic curve identifier
+ *                      (`MBEDTLS_ECP_DP_xxx`).
+ * \return              #MBEDTLS_ECP_DP_NONE if \c curve is not recognized.
+ * \return              #MBEDTLS_ECP_DP_NONE if \p byte_length is not
+ *                      correct for \p curve.
+ */
+//mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
+//                                               size_t byte_length );
+#endif /* MBEDTLS_ECP_C */
+
 #ifdef __cplusplus
 }
 #endif

platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_V1_0/include/psa/crypto_types.h

@@ -53,6 +53,17 @@ typedef int32_t psa_status_t;
  */
 typedef uint32_t psa_key_type_t;
 
+/** The type of PSA elliptic curve family identifiers.
+ *
+ * The curve identifier is required to create an ECC key using the
+ * PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
+ * macros.
+ *
+ * Values defined by this standard will never be in the range 0x80-0xff.
+ * Vendors who define additional families must use an encoding in this range.
+ */
+typedef uint8_t psa_ecc_family_t;
+
 /** The type of PSA elliptic curve identifiers.
  *
  * The curve identifier is required to create an ECC key using the

platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_V1_0/include/psa/crypto_values.h

@@ -1696,6 +1696,85 @@
  */
 #define PSA_KEY_DERIVATION_INPUT_SEED       ((psa_key_derivation_step_t)0x0204)
 
+/** Extract the curve from an elliptic curve key type. */
+#define PSA_KEY_TYPE_ECC_GET_FAMILY(type)                        \
+    ((psa_ecc_family_t) (PSA_KEY_TYPE_IS_ECC(type) ?             \
+                        ((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
+                        0))
+
+
+/** SEC Koblitz curves over prime fields.
+ *
+ * This family comprises the following curves:
+ * secp192k1, secp224k1, secp256k1.
+ * They are defined in _Standards for Efficient Cryptography_,
+ * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
+ * https://www.secg.org/sec2-v2.pdf
+ */
+#define PSA_ECC_FAMILY_SECP_K1           ((psa_ecc_family_t) 0x17)
+
+/** SEC random curves over prime fields.
+ *
+ * This family comprises the following curves:
+ * secp192k1, secp224r1, secp256r1, secp384r1, secp521r1.
+ * They are defined in _Standards for Efficient Cryptography_,
+ * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
+ * https://www.secg.org/sec2-v2.pdf
+ */
+#define PSA_ECC_FAMILY_SECP_R1           ((psa_ecc_family_t) 0x12)
+/* SECP160R2 (SEC2 v1, obsolete) */
+#define PSA_ECC_FAMILY_SECP_R2           ((psa_ecc_family_t) 0x1b)
+
+/** SEC Koblitz curves over binary fields.
+ *
+ * This family comprises the following curves:
+ * sect163k1, sect233k1, sect239k1, sect283k1, sect409k1, sect571k1.
+ * They are defined in _Standards for Efficient Cryptography_,
+ * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
+ * https://www.secg.org/sec2-v2.pdf
+ */
+#define PSA_ECC_FAMILY_SECT_K1           ((psa_ecc_family_t) 0x27)
+
+/** SEC random curves over binary fields.
+ *
+ * This family comprises the following curves:
+ * sect163r1, sect233r1, sect283r1, sect409r1, sect571r1.
+ * They are defined in _Standards for Efficient Cryptography_,
+ * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
+ * https://www.secg.org/sec2-v2.pdf
+ */
+#define PSA_ECC_FAMILY_SECT_R1           ((psa_ecc_family_t) 0x22)
+
+/** SEC additional random curves over binary fields.
+ *
+ * This family comprises the following curve:
+ * sect163r2.
+ * It is defined in _Standards for Efficient Cryptography_,
+ * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
+ * https://www.secg.org/sec2-v2.pdf
+ */
 /**@}*/
+#define PSA_ECC_FAMILY_SECT_R2           ((psa_ecc_family_t) 0x2b)
+
+/** Brainpool P random curves.
+ *
+ * This family comprises the following curves:
+ * brainpoolP160r1, brainpoolP192r1, brainpoolP224r1, brainpoolP256r1,
+ * brainpoolP320r1, brainpoolP384r1, brainpoolP512r1.
+ * It is defined in RFC 5639.
+ */
+#define PSA_ECC_FAMILY_BRAINPOOL_P_R1    ((psa_ecc_family_t) 0x30)
+
+/** Curve25519 and Curve448.
+ *
+ * This family comprises the following Montgomery curves:
+ * - 255-bit: Bernstein et al.,
+ *   _Curve25519: new Diffie-Hellman speed records_, LNCS 3958, 2006.
+ *   The algorithm #PSA_ALG_ECDH performs X25519 when used with this curve.
+ * - 448-bit: Hamburg,
+ *   _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
+ *   The algorithm #PSA_ALG_ECDH performs X448 when used with this curve.
+ */
+#define PSA_ECC_FAMILY_MONTGOMERY        ((psa_ecc_family_t) 0x41)
 
 #endif /* PSA_CRYPTO_VALUES_H */