pk: add an alternative function for checking private/public key pairs
Instead of using the legacy mbedtls_ecp_check_pub_priv() function which
was based on ECP math, we add a new option named eckey_check_pair_psa()
which takes advantage of PSA.
Of course, this is available when MBEDTLS_USE_PSA_CRYPTO in enabled.
Tests were also fixed accordingly.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 408fe5d..a772608 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -955,7 +955,7 @@
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:!MBEDTLS_USE_PSA_CRYPTO */
 void mbedtls_ecp_check_pub_priv(int id_pub, char *Qx_pub, char *Qy_pub,
                                 int id, char *d, char *Qx, char *Qy,
                                 int ret)
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 20f61fc..de531d3 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -489,6 +489,15 @@
     mbedtls_pk_init(&prv);
     mbedtls_pk_init(&alt);
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    /* mbedtls_pk_check_pair() returns either PK or ECP error codes depending
+       on MBEDTLS_USE_PSA_CRYPTO so here we dynamically translate between the
+       two */
+    if (ret == MBEDTLS_ERR_ECP_BAD_INPUT_DATA) {
+        ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
+#endif
+
     TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&pub, pub_file) == 0);
     TEST_ASSERT(mbedtls_pk_parse_keyfile(&prv, prv_file, NULL,
                                          mbedtls_test_rnd_std_rand, NULL)