Merge pull request #8664 from valeriosetti/issue7764
Conversion function from ecp group to PSA curve
diff --git a/ChangeLog.d/7764.txt b/ChangeLog.d/7764.txt
new file mode 100644
index 0000000..4cd2079
--- /dev/null
+++ b/ChangeLog.d/7764.txt
@@ -0,0 +1,3 @@
+Features
+ * Add functions mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa()
+ to convert between Mbed TLS and PSA curve identifiers.
diff --git a/docs/psa-transition.md b/docs/psa-transition.md
index 067ffaf..617426c 100644
--- a/docs/psa-transition.md
+++ b/docs/psa-transition.md
@@ -725,7 +725,11 @@
An ECC key pair has the type [`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0b6f5d4d5037c54ffa850d8059c32df0) where `curve` is a curve family identifier. A key with this type can be used both for private-key and public-key operations (there is no separate key type for a private key without the corresponding public key).
You can always use a private key for operations on the corresponding public key (as long as the policy permits it).
-A curve is fully determined by a curve family identifier and the private key size in bits. The following table gives the correspondence between legacy and PSA elliptic curve designations.
+A curve is fully determined by a curve family identifier and the private key size in bits. You can use the following functions to convert between the PSA and legacy elliptic curve designations:
+- [`mbedtls_ecc_group_to_psa()`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__psa__tls__helpers/#group__psa__tls__helpers_1ga9c83c095adfec7da99401cf81e164f99) converts from the legacy curve type identifier to PSA curve family and bit-size.
+- [`mbedtls_ecc_group_from_psa()`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__psa__tls__helpers/#group__psa__tls__helpers_1ga6243eb619d5b2f5fe4667811adeb8a12) converts from PSA curve family and bit-size to the legacy identifier.
+
+The following table gives the correspondence between legacy and PSA elliptic curve designations.
| Mbed TLS legacy curve identifier | PSA curve family | Curve bit-size |
| -------------------------------- | ---------------- | -------------- |
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 5f6a053..1b14256 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -110,42 +110,33 @@
/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
*
- * \note This function is provided solely for the convenience of
- * Mbed TLS and may be removed at any time without notice.
- *
* \param grpid An Mbed TLS elliptic curve identifier
* (`MBEDTLS_ECP_DP_xxx`).
- * \param[out] bits On success, the bit size of the curve.
+ * \param[out] bits On success the bit size of the curve; 0 on failure.
*
- * \return The corresponding PSA elliptic curve identifier
- * (`PSA_ECC_FAMILY_xxx`).
- * \return \c 0 on failure (\p grpid is not recognized).
+ * \return If the curve is supported in the PSA API, this function
+ * returns the proper PSA curve identifier
+ * (`PSA_ECC_FAMILY_xxx`). This holds even if the curve is
+ * not supported by the ECP module.
+ * \return \c 0 if the curve is not supported in the PSA API.
*/
psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
size_t *bits);
/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
*
- * \note This function is provided solely for the convenience of
- * Mbed TLS and may be removed at any time without notice.
- *
- * \param curve A PSA elliptic curve identifier
+ * \param family A PSA elliptic curve family identifier
* (`PSA_ECC_FAMILY_xxx`).
* \param bits The bit-length of a private key on \p curve.
- * \param bits_is_sloppy If true, \p bits may be the bit-length rounded up
- * to the nearest multiple of 8. This allows the caller
- * to infer the exact curve from the length of a key
- * which is supplied as a byte string.
*
- * \return The corresponding Mbed TLS elliptic curve identifier
- * (`MBEDTLS_ECP_DP_xxx`).
- * \return #MBEDTLS_ECP_DP_NONE if \c curve is not recognized.
- * \return #MBEDTLS_ECP_DP_NONE if \p bits is not
- * correct for \p curve.
+ * \return If the curve is supported in the PSA API, this function
+ * returns the corresponding Mbed TLS elliptic curve
+ * identifier (`MBEDTLS_ECP_DP_xxx`).
+ * \return #MBEDTLS_ECP_DP_NONE if the combination of \c curve
+ * and \p bits is not supported.
*/
-mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
- size_t bits,
- int bits_is_sloppy);
+mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family,
+ size_t bits);
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
/**@}*/
diff --git a/library/pk_internal.h b/library/pk_internal.h
index 025ee8b..3d5adf8 100644
--- a/library/pk_internal.h
+++ b/library/pk_internal.h
@@ -98,13 +98,13 @@
}
opaque_key_type = psa_get_key_type(&opaque_attrs);
curve = PSA_KEY_TYPE_ECC_GET_FAMILY(opaque_key_type);
- id = mbedtls_ecc_group_of_psa(curve, psa_get_key_bits(&opaque_attrs), 0);
+ id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs));
psa_reset_key_attributes(&opaque_attrs);
} else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0);
+ id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits);
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
id = mbedtls_pk_ec_ro(*pk)->grp.id;
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
diff --git a/library/pkparse.c b/library/pkparse.c
index d36fa3f..5f95545 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -250,7 +250,7 @@
mbedtls_ecp_group_id ecp_group_id;
int ret;
- ecp_group_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0);
+ ecp_group_id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits);
mbedtls_ecp_keypair_init(&ecp_key);
ret = mbedtls_ecp_group_load(&(ecp_key.grp), ecp_group_id);
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index f17e14f..b4dffa9 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5741,7 +5741,7 @@
psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
slot->attr.type);
mbedtls_ecp_group_id grp_id =
- mbedtls_ecc_group_of_psa(curve, bits, 0);
+ mbedtls_ecc_group_from_psa(curve, bits);
if (grp_id == MBEDTLS_ECP_DP_NONE) {
ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index e4a372d..61c9414 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -32,6 +32,61 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
+/* Helper function to verify if the provided EC's family and key bit size are valid.
+ *
+ * Note: "bits" parameter is used both as input and output and it might be updated
+ * in case provided input value is not multiple of 8 ("sloppy" bits).
+ */
+static int check_ecc_parameters(psa_ecc_family_t family, size_t *bits)
+{
+ switch (family) {
+ case PSA_ECC_FAMILY_SECP_R1:
+ switch (*bits) {
+ case 192:
+ case 224:
+ case 256:
+ case 384:
+ case 521:
+ return PSA_SUCCESS;
+ case 528:
+ *bits = 521;
+ return PSA_SUCCESS;
+ }
+ break;
+
+ case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
+ switch (*bits) {
+ case 256:
+ case 384:
+ case 512:
+ return PSA_SUCCESS;
+ }
+ break;
+
+ case PSA_ECC_FAMILY_MONTGOMERY:
+ switch (*bits) {
+ case 448:
+ case 255:
+ return PSA_SUCCESS;
+ case 256:
+ *bits = 255;
+ return PSA_SUCCESS;
+ }
+ break;
+
+ case PSA_ECC_FAMILY_SECP_K1:
+ switch (*bits) {
+ case 192:
+ /* secp224k1 is not and will not be supported in PSA (#3541). */
+ case 256:
+ return PSA_SUCCESS;
+ }
+ break;
+ }
+
+ return PSA_ERROR_INVALID_ARGUMENT;
+}
+
psa_status_t mbedtls_psa_ecp_load_representation(
psa_key_type_t type, size_t curve_bits,
const uint8_t *data, size_t data_length,
@@ -82,16 +137,15 @@
}
mbedtls_ecp_keypair_init(ecp);
+ status = check_ecc_parameters(PSA_KEY_TYPE_ECC_GET_FAMILY(type), &curve_bits);
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+
/* Load the group. */
- grp_id = mbedtls_ecc_group_of_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type),
- curve_bits, !explicit_bits);
+ grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type),
+ curve_bits);
if (grp_id == MBEDTLS_ECP_DP_NONE) {
- /* We can't distinguish between a nonsensical family/size combination
- * (which would warrant PSA_ERROR_INVALID_ARGUMENT) and a
- * well-regarded curve that Mbed TLS just doesn't know about (which
- * would warrant PSA_ERROR_NOT_SUPPORTED). For uniformity with how
- * curves that Mbed TLS knows about but for which support is disabled
- * at build time, return NOT_SUPPORTED. */
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
@@ -285,7 +339,7 @@
psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
attributes->core.type);
mbedtls_ecp_group_id grp_id =
- mbedtls_ecc_group_of_psa(curve, attributes->core.bits, 0);
+ mbedtls_ecc_group_from_psa(curve, attributes->core.bits);
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_grp_id(grp_id);
diff --git a/library/psa_util.c b/library/psa_util.c
index 36b7175..41586e2 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -232,9 +232,7 @@
return PSA_ECC_FAMILY_SECP_K1;
#endif
#if defined(MBEDTLS_ECP_HAVE_SECP224K1)
- case MBEDTLS_ECP_DP_SECP224K1:
- *bits = 224;
- return PSA_ECC_FAMILY_SECP_K1;
+ /* secp224k1 is not and will not be supported in PSA (#3541). */
#endif
#if defined(MBEDTLS_ECP_HAVE_SECP256K1)
case MBEDTLS_ECP_DP_SECP256K1:
@@ -252,11 +250,10 @@
}
}
-mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
- size_t bits,
- int bits_is_sloppy)
+mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family,
+ size_t bits)
{
- switch (curve) {
+ switch (family) {
case PSA_ECC_FAMILY_SECP_R1:
switch (bits) {
#if defined(PSA_WANT_ECC_SECP_R1_192)
@@ -278,11 +275,6 @@
#if defined(PSA_WANT_ECC_SECP_R1_521)
case 521:
return MBEDTLS_ECP_DP_SECP521R1;
- case 528:
- if (bits_is_sloppy) {
- return MBEDTLS_ECP_DP_SECP521R1;
- }
- break;
#endif
}
break;
@@ -309,11 +301,6 @@
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
case 255:
return MBEDTLS_ECP_DP_CURVE25519;
- case 256:
- if (bits_is_sloppy) {
- return MBEDTLS_ECP_DP_CURVE25519;
- }
- break;
#endif
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
case 448:
@@ -329,8 +316,7 @@
return MBEDTLS_ECP_DP_SECP192K1;
#endif
#if defined(PSA_WANT_ECC_SECP_K1_224)
- case 224:
- return MBEDTLS_ECP_DP_SECP224K1;
+ /* secp224k1 is not and will not be supported in PSA (#3541). */
#endif
#if defined(PSA_WANT_ECC_SECP_K1_256)
case 256:
@@ -340,7 +326,6 @@
break;
}
- (void) bits_is_sloppy;
return MBEDTLS_ECP_DP_NONE;
}
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 1bd8b65..eda6f5d 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -684,7 +684,7 @@
PSA import EC keypair: explicit bit-size=255 for secp256r1
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
-import_with_data:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):255:PSA_ERROR_NOT_SUPPORTED
+import_with_data:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):255:PSA_ERROR_INVALID_ARGUMENT
PSA import EC keypair: explicit bit-size=521 for secp521r1 (good)
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_521
@@ -692,7 +692,7 @@
PSA import EC keypair: explicit bit-size=528 for secp521r1 (bad)
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_521
-import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):528:PSA_ERROR_NOT_SUPPORTED
+import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):528:PSA_ERROR_INVALID_ARGUMENT
PSA import EC keypair: explicit bit-size, DER format
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
@@ -716,7 +716,7 @@
PSA import EC keypair: implicit bit-size, not a valid length
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
-import_with_data:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_NOT_SUPPORTED
+import_with_data:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT
PSA import EC keypair: secp256r1, all-bits-zero (bad)
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
@@ -7406,3 +7406,62 @@
PSA derive persistent key: HKDF SHA-256, exportable
persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY
+
+ECP group ID <-> PSA family - SECP192R1
+depends_on:PSA_WANT_ECC_SECP_R1_192
+ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192R1:PSA_ECC_FAMILY_SECP_R1:192
+
+ECP group ID <-> PSA family - SECP224R1
+depends_on:PSA_WANT_ECC_SECP_R1_224
+ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224R1:PSA_ECC_FAMILY_SECP_R1:224
+
+ECP group ID <-> PSA family - SECP256R1
+depends_on:PSA_WANT_ECC_SECP_R1_256
+ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256R1:PSA_ECC_FAMILY_SECP_R1:256
+
+ECP group ID <-> PSA family - SECP384R1
+depends_on:PSA_WANT_ECC_SECP_R1_384
+ecc_conversion_functions:MBEDTLS_ECP_DP_SECP384R1:PSA_ECC_FAMILY_SECP_R1:384
+
+ECP group ID <-> PSA family - SECP521R1
+depends_on:PSA_WANT_ECC_SECP_R1_521
+ecc_conversion_functions:MBEDTLS_ECP_DP_SECP521R1:PSA_ECC_FAMILY_SECP_R1:521
+
+ECP group ID <-> PSA family - BP256R1
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256
+ecc_conversion_functions:MBEDTLS_ECP_DP_BP256R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:256
+
+ECP group ID <-> PSA family - BP384R1
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384
+ecc_conversion_functions:MBEDTLS_ECP_DP_BP384R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:384
+
+ECP group ID <-> PSA family - BP512R1
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512
+ecc_conversion_functions:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512
+
+ECP group ID <-> PSA family - CURVE25519
+depends_on:PSA_WANT_ECC_MONTGOMERY_255
+ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE25519:PSA_ECC_FAMILY_MONTGOMERY:255
+
+ECP group ID <-> PSA family - SECP192K1
+depends_on:PSA_WANT_ECC_SECP_K1_192
+ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192K1:PSA_ECC_FAMILY_SECP_K1:192
+
+ECP group ID <-> PSA family - SECP224K1
+depends_on:PSA_WANT_ECC_SECP_K1_224
+ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224K1:PSA_ECC_FAMILY_SECP_K1:224
+
+ECP group ID <-> PSA family - SECP256K1
+depends_on:PSA_WANT_ECC_SECP_K1_256
+ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256K1:PSA_ECC_FAMILY_SECP_K1:256
+
+ECP group ID <-> PSA family - CURVE448
+depends_on:PSA_WANT_ECC_MONTGOMERY_448
+ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE448:PSA_ECC_FAMILY_MONTGOMERY:448
+
+ECP group ID <-> PSA family - Null values
+ecc_conversion_functions:MBEDTLS_ECP_DP_NONE:0:0
+
+ECP group ID <-> PSA family - Wrong values
+ecc_conversion_functions_fail
+
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 4c08a90..7b6f5ae 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -6,6 +6,8 @@
#include "mbedtls/oid.h"
#include "common.h"
+#include "mbedtls/psa_util.h"
+
/* For MBEDTLS_CTR_DRBG_MAX_REQUEST, knowing that psa_generate_random()
* uses mbedtls_ctr_drbg internally. */
#include "mbedtls/ctr_drbg.h"
@@ -9479,6 +9481,45 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+void ecc_conversion_functions(int grp_id_arg, int psa_family_arg, int bits_arg)
+{
+ mbedtls_ecp_group_id grp_id = grp_id_arg;
+ psa_ecc_family_t ecc_family = psa_family_arg;
+ size_t bits = bits_arg;
+ size_t bits_tmp;
+
+ TEST_EQUAL(ecc_family, mbedtls_ecc_group_to_psa(grp_id, &bits_tmp));
+ TEST_EQUAL(bits, bits_tmp);
+ TEST_EQUAL(grp_id, mbedtls_ecc_group_from_psa(ecc_family, bits));
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+void ecc_conversion_functions_fail()
+{
+ size_t bits;
+
+ /* Invalid legacy curve identifiers. */
+ TEST_EQUAL(0, mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_MAX, &bits));
+ TEST_EQUAL(0, bits);
+ TEST_EQUAL(0, mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_NONE, &bits));
+ TEST_EQUAL(0, bits);
+
+ /* Invalid PSA EC family. */
+ TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(0, 192));
+ /* Invalid bit-size for a valid EC family. */
+ TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_SECP_R1, 512));
+
+ /* Twisted-Edward curves are not supported yet. */
+ TEST_EQUAL(MBEDTLS_ECP_DP_NONE,
+ mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_TWISTED_EDWARDS, 255));
+ TEST_EQUAL(MBEDTLS_ECP_DP_NONE,
+ mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_TWISTED_EDWARDS, 448));
+}
+/* END_CASE */
+
+
/* BEGIN_CASE */
void key_agreement_output(int alg_arg,
int our_key_type_arg, data_t *our_key_data,