Conversion function from ecp group to PSA curve

[valeriosetti]

Resolves #7764

Depends on #8668

PR checklist

• changelog provided
• backport not required
• tests provided

[mpg]

Looking pretty good. Apart from minor things, the only non-trivial point is about removal of bit_size_is_sloppy.

[mpg]

Also, the CI has quite a lot of things to say. I didn't check, but since I saw a test case failing in the first component, I assume we'll have a lot of occurrences of the same failure:

[2023-12-28T19:38:55.711Z]          PSA import ECC_KEY_PAIR(SECP_K1) 224-bit curve not supported ...... FAILED
[2023-12-28T19:38:55.711Z]            psa_import_key(&attributes, key_material->x, key_material->len, &key_id) == PSA_ERROR_NOT_SUPPORTED
[2023-12-28T19:38:55.711Z]            at line 26, C:/Windows/workspace/mbed-tls-pr-head_PR-8664-head/worktrees/tmpixgncy05/tests/suites/test_suite_psa_crypto_not_supported.function
[2023-12-28T19:38:55.711Z]            lhs = 0xffffffffffffff79 = -135
[2023-12-28T19:38:55.711Z]            rhs = 0xffffffffffffff7a = -134

I suggest we fix this one first, then check if there were others hidden in the results.

[valeriosetti]

Also, the CI has quite a lot of things to say. I didn't check, but since I saw a test case failing in the first component, I assume we'll have a lot of occurrences of the same failure:

Unfortunately yes. This is due to the fact that I tried to improve mbedtls_psa_ecp_load_representation() in order to return PSA_ERROR_INVALID_ARGUMENT and PSA_ERROR_INVALID_ARGUMENT when appropriate, instead of returning always the latter. I will try to check if there is a way to overcome this limitation.

Side note: those tests are supposed to be skipped (according to their description), but they are executed because SECP224K1 is commented out in crypto_config.h. Perhaps also this thing might be fixed sooner or later in this automatic generated test.

[mpg]

LGTM, thanks!

[mpg]

I had a look at the stability checks results, and found them OK:

• A function is renamed - but that function was marked as internal in the previous release.
• Some tests are marked as having disappeared but they just changed due to fixed the value for the secp224k1 private key.

[gilles-peskine-arm]

This mostly looks good, and fulfils the requirements for these functions in #8657 as it currently stands. I'm requesting some minor improvements to the documentation and to the tests. Also an optional suggestion for a minor simplification in the implementation.

[valeriosetti]

Rebase done. Almost all commits were kept unchanged a part from:

• commits concerning aymmetric_key_data.py (which were reverted in the end anyway) due to conflicts. This part was already fixed in Fix incorrect test data for SECP_R1 in automatically generated tests #8668
• last commit (500b92b) which removes support for secp224k1 in order to save few more bytes in the code

[mpg]

Just o note that I've checked the rebase and additional commit and I'm happy with those. Will do a final (hopefully!) round of review when the CI is green.

[valeriosetti]

Will do a final (hopefully!) round of review when the CI is green.

I suspect that the OpenCI encountered several errors in the last run as there are many yellow icons there. Can you please restart it?

[gilles-peskine-arm]

I've restarted the CI.

[valeriosetti]

I forced pushed the last commit because the OpenCI failed again in "Pre-test checks".

[mpg]

LGTM, thanks!

[gilles-peskine-arm]

Looks good to me.

The ABI differences reported by the CI are about mbedtls_ecc_group_of_psa, which was previously documented as an experimental function, so not actually part of the public ABI, thus a false positive.