Merge pull request #6389 from gilles-peskine-arm/ecdsa-use-psa-without-pkwrite

Remove pkwrite dependency in pk using PSA for ECDSA

include/mbedtls/build_info.h

@@ -82,24 +82,13 @@
 
 /* The PK wrappers need pk_write functions to format RSA key objects
  * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO,
- * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext().
- * PSA crypto also needs pk_write to export RSA keys (otherwise the build
- * goes through but psa_export_key() and psa_export_public_key() fail on
- * RSA keys), and pk_parse to work with RSA keys in almost any way.
- */
+ * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). */
 #if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C)
 #define MBEDTLS_PK_C
 #define MBEDTLS_PK_WRITE_C
 #define MBEDTLS_PK_PARSE_C
 #endif
 
-/* Under MBEDTLS_USE_PSA_CRYPTO, the pk module needs pk_write functions
- * to pass ECC keys to PSA. */
-#if defined(MBEDTLS_PK_C) &&                                    \
-    defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECP_C)
-#define MBEDTLS_PK_WRITE_C
-#endif
-
 #if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
 #undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
 #undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED

include/mbedtls/psa_util.h

@@ -257,6 +257,9 @@ static inline int mbedtls_psa_get_ecc_oid_from_id(
 #define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \
     PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
 
+#define MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH \
+    PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
+
 /* Expose whatever RNG the PSA subsystem uses to applications using the
  * mbedtls_xxx API. The declarations and definitions here need to be
  * consistent with the implementation in library/psa_crypto_random_impl.h.