From 0cf680593c796d83624ad66e1d1833429f9c5a4d Mon Sep 17 00:00:00 2001
From: Jaeden Amero <jaeden.amero@arm.com>
Date: Wed, 22 Jul 2020 16:50:57 +0100
Subject: [PATCH 1/2] mbedtls: Specify key length with TF-M

When using TF-M, be sure to specify the length of the key.

Fixes: 0961f312c6b0 ("Make PSA util compatible with Mbed Crypto 3.0.1")
---
 features/mbedtls/inc/mbedtls/psa_util.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/features/mbedtls/inc/mbedtls/psa_util.h b/features/mbedtls/inc/mbedtls/psa_util.h
index 3d884576eb0..59240a336db 100644
--- a/features/mbedtls/inc/mbedtls/psa_util.h
+++ b/features/mbedtls/inc/mbedtls/psa_util.h
@@ -452,6 +452,7 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
     uint16_t tls_ecc_grp_reg_id, size_t *bits )
 {
 #if TARGET_TFM
+    *bits = PSA_ECC_CURVE_BITS( tls_ecc_grp_reg_id );
     return( (psa_ecc_curve_t) tls_ecc_grp_reg_id );
 #else
     const mbedtls_ecp_curve_info *curve_info =

From 61a65c035361245b2b0fdbcb110f9c0ec58160a6 Mon Sep 17 00:00:00 2001
From: Jaeden Amero <jaeden.amero@arm.com>
Date: Wed, 22 Jul 2020 17:03:58 +0100
Subject: [PATCH 2/2] mbedtls: Fix PSA key encoding

When using TF-M, use the PSA_KEY_TYPE_ECC_KEY_PAIR() macro from
mbedtls_psa_parse_tls_ecc_group(), since that function is supposed to
return a psa_key_type_t. This helps to avoid any misencodings when the
return value from mbedtls_psa_parse_tls_ecc_group() is used directly as
a psa_key_type_t without additional encoding.

Fixes: 0961f312c6b0 ("Make PSA util compatible with Mbed Crypto 3.0.1")
---
 features/mbedtls/inc/mbedtls/psa_util.h | 2 +-
 features/mbedtls/src/pk.c               | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/features/mbedtls/inc/mbedtls/psa_util.h b/features/mbedtls/inc/mbedtls/psa_util.h
index 59240a336db..8db118f59d0 100644
--- a/features/mbedtls/inc/mbedtls/psa_util.h
+++ b/features/mbedtls/inc/mbedtls/psa_util.h
@@ -453,7 +453,7 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
 {
 #if TARGET_TFM
     *bits = PSA_ECC_CURVE_BITS( tls_ecc_grp_reg_id );
-    return( (psa_ecc_curve_t) tls_ecc_grp_reg_id );
+    return( PSA_KEY_TYPE_ECC_KEY_PAIR( tls_ecc_grp_reg_id ));
 #else
     const mbedtls_ecp_curve_info *curve_info =
         mbedtls_ecp_curve_info_from_tls_id( tls_ecc_grp_reg_id );
diff --git a/features/mbedtls/src/pk.c b/features/mbedtls/src/pk.c
index 13afa2d4e4f..bbf85d1920a 100644
--- a/features/mbedtls/src/pk.c
+++ b/features/mbedtls/src/pk.c
@@ -620,9 +620,7 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
     /* prepare the key attributes */
 #if TARGET_TFM
     curve_id = mbedtls_ecp_curve_info_from_grp_id( ec->grp.id )->tls_id;
-    key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(
-                                 mbedtls_psa_parse_tls_ecc_group ( curve_id,
-                                 &bits ) );
+    key_type = mbedtls_psa_parse_tls_ecc_group ( curve_id, &bits );
 #else
     curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits );
     key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id );