Merge pull request #9358 from eleuzi01/replace-curve

Replace MBEDTLS_ECP_HAVE_CURVE* with PSA_WANT counterparts
2025-02-11 09:40:38 +00:00 · 2024-07-18 13:54:26 +00:00 · 2024-07-18 13:54:26 +00:00 · df772da34e
commit df772da34e
parent 7ab9867fa7 ed784efb85
9 changed files with 46 additions and 46 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -5611,7 +5611,7 @@ void mbedtls_ssl_config_init(mbedtls_ssl_config *conf)
 * about this list.
 */
 static const uint16_t ssl_preset_default_groups[] = {
-#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
+#if defined(PSA_WANT_ECC_MONTGOMERY_255)
    MBEDTLS_SSL_IANA_TLS_GROUP_X25519,
 #endif
 #if defined(MBEDTLS_ECP_HAVE_SECP256R1)
@ -5620,7 +5620,7 @@ static const uint16_t ssl_preset_default_groups[] = {
 #if defined(MBEDTLS_ECP_HAVE_SECP384R1)
    MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
 #endif
-#if defined(MBEDTLS_ECP_HAVE_CURVE448)
+#if defined(PSA_WANT_ECC_MONTGOMERY_448)
    MBEDTLS_SSL_IANA_TLS_GROUP_X448,
 #endif
 #if defined(MBEDTLS_ECP_HAVE_SECP521R1)
@ -6273,10 +6273,10 @@ static const struct {
 #if defined(PSA_WANT_ECC_SECP_K1_192)
    { 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192 },
 #endif
-#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
+#if defined(PSA_WANT_ECC_MONTGOMERY_255)
    { 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255 },
 #endif
-#if defined(MBEDTLS_ECP_HAVE_CURVE448)
+#if defined(PSA_WANT_ECC_MONTGOMERY_448)
    { 30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448 },
 #endif
    { 0, MBEDTLS_ECP_DP_NONE, 0, 0 },
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@ -35,11 +35,11 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_192
 pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC_DH"

 PK utils: ECKEY_DH Curve25519
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
 pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE25519:255:32:"EC_DH"

 PK utils: ECKEY_DH Curve448
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_448
 pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE448:448:56:"EC_DH"

 PK utils: ECDSA SECP192R1
@ -1670,5 +1670,5 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1
 pk_copy_public_from_psa:"587CF7C57EB7C6254CBF80CC59846521B4FBCBA8BC4B362A9B043F0DEB49CCA1":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)

 Copy from PSA: non-exportable -> public, Curve25519
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
 pk_copy_public_from_psa:"a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY)
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@ -1017,19 +1017,19 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP5
 pk_parse_public_keyfile_ec:"../framework/data_files/ec_bp512_pub.comp.pem":0

 Parse Public EC Key #10 (RFC 8410, DER, X25519)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_MONTGOMERY_255
 pk_parse_public_keyfile_ec:"../framework/data_files/ec_x25519_pub.der":0

 Parse Public EC Key #11 (RFC 8410, DER, X448)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_MONTGOMERY_448
 pk_parse_public_keyfile_ec:"../framework/data_files/ec_x448_pub.der":0

 Parse Public EC Key #12 (RFC 8410, PEM, X25519)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_MONTGOMERY_255
 pk_parse_public_keyfile_ec:"../framework/data_files/ec_x25519_pub.pem":0

 Parse Public EC Key #13 (RFC 8410, PEM, X448)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_MONTGOMERY_448
 pk_parse_public_keyfile_ec:"../framework/data_files/ec_x448_pub.pem":0

 Parse EC Key #1 (SEC1 DER)
@ -1141,19 +1141,19 @@ depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
 pk_parse_keyfile_ec:"../framework/data_files/ec_prv.specdom.der":"NULL":0

 Parse EC Key #16 (RFC 8410, DER, X25519)
-depends_on:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:PSA_WANT_ECC_MONTGOMERY_255
 pk_parse_keyfile_ec:"../framework/data_files/ec_x25519_prv.der":"NULL":0

 Parse EC Key #17 (RFC 8410, DER, X448)
-depends_on:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:PSA_WANT_ECC_MONTGOMERY_448
 pk_parse_keyfile_ec:"../framework/data_files/ec_x448_prv.der":"NULL":0

 Parse EC Key #18 (RFC 8410, PEM, X25519)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_MONTGOMERY_255
 pk_parse_keyfile_ec:"../framework/data_files/ec_x25519_prv.pem":"NULL":0

 Parse EC Key #19 (RFC 8410, PEM, X448)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_MONTGOMERY_448
 pk_parse_keyfile_ec:"../framework/data_files/ec_x448_prv.pem":"NULL":0

 Key ASN1 (No data)
@ -1167,39 +1167,39 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
 pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT

 Key ASN1 (OneAsymmetricKey X25519, with invalid optional AlgorithIdentifier parameters)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
 pk_parse_key:"3030020100300706032b656e050004220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT

 Key ASN1 (OneAsymmetricKey X25519, with NULL private key)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
 pk_parse_key:"300e020100300506032b656e04020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT

 Key ASN1 (OneAsymmetricKey with invalid AlgorithIdentifier)
 pk_parse_key:"3013020100300a06082b0601040181fd5904020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT

 Key ASN1 (OneAsymmetricKey X25519, with unsupported attributes)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
 pk_parse_key:"304f020100300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c6520436861697273":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT

 Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
 pk_parse_key:"3051020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a598121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT

 Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key and unsupported attributes)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
 pk_parse_key:"3072020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c65204368616972738121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT

 Key ASN1 (Encrypted key PKCS5, trailing garbage data)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519:MBEDTLS_MD_CAN_SHA1:MBEDTLS_CIPHER_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_MD_CAN_SHA1:MBEDTLS_CIPHER_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
 pk_parse_key_encrypted:"307C304006092A864886F70D01050D3033301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC3949100438AD100BAC552FD0AE70BECAFA60F5E519B6180C77E8DB0B9ECC6F23FEDD30AB9BDCA2AF9F97BC470FC3A82DCA2364E22642DE0AF9275A82CB":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH

 Key ASN1 (Encrypted key PKCS12, trailing garbage data)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519:MBEDTLS_MD_CAN_SHA1:MBEDTLS_CIPHER_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_MD_CAN_SHA1:MBEDTLS_CIPHER_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C
 pk_parse_key_encrypted:"3058301C060A2A864886F70D010C0103300E0409CCCCCCCCCCCCCCCCCC02010A04380A8CAF39C4FA001884D0583B323C5E70942444FBE1F650B92F8ADF4AD7BD5049B4748F53A2531139EBF253FE01E8FC925C82C759C944B4D0":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH

 # From RFC8410 Appendix A but made into version 0
 OneAsymmetricKey X25519, doesn't match masking requirements #1
-depends_on:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:PSA_WANT_ECC_MONTGOMERY_255
 pk_parse_fix_montgomery:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f"

 # Full inverse of the expected x25519 pattern:
@ -1208,7 +1208,7 @@ pk_parse_fix_montgomery:"302e020100300506032b656e04220420f8fffffffffffffffffffff
 # - 2nd MSb to 0
 # Note: Montgomery keys are written in Little endian format.
 OneAsymmetricKey X25519, doesn't match masking requirements #2
-depends_on:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:PSA_WANT_ECC_MONTGOMERY_255
 pk_parse_fix_montgomery:"302e020100300506032b656e04220420ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffbf":"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f"

 # Full inverse of the expected x448 pattern:
@ -1216,5 +1216,5 @@ pk_parse_fix_montgomery:"302e020100300506032b656e04220420fffffffffffffffffffffff
 # - MSb to 0
 # Note: Montgomery keys are written in Little endian format.
 OneAsymmetricKey X448, doesn't match masking requirements #3
-depends_on:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:PSA_WANT_ECC_MONTGOMERY_448
 pk_parse_fix_montgomery:"3046020100300506032b656f043a0438ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f":"3046020100300506032b656f043a0438fcffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
--- a/tests/suites/test_suite_pkwrite.data
+++ b/tests/suites/test_suite_pkwrite.data
@ -39,19 +39,19 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_BRAINPOOL_P_R1_512
 pk_write_pubkey_check:"../framework/data_files/ec_bp512_pub.der":TEST_DER

 Public key write check EC X25519
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255
 pk_write_pubkey_check:"../framework/data_files/ec_x25519_pub.pem":TEST_PEM

 Public key write check EC X25519 (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
 pk_write_pubkey_check:"../framework/data_files/ec_x25519_pub.der":TEST_DER

 Public key write check EC X448
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448
 pk_write_pubkey_check:"../framework/data_files/ec_x448_pub.pem":TEST_PEM

 Public key write check EC X448 (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_448
 pk_write_pubkey_check:"../framework/data_files/ec_x448_pub.der":TEST_DER

 Private key write check RSA
@ -111,19 +111,19 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_BRAINPOOL_P_R1_512
 pk_write_key_check:"../framework/data_files/ec_bp512_prv.der":TEST_DER

 Private key write check EC X25519
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255
 pk_write_key_check:"../framework/data_files/ec_x25519_prv.pem":TEST_PEM

 Private key write check EC X25519 (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
 pk_write_key_check:"../framework/data_files/ec_x25519_prv.der":TEST_DER

 Private key write check EC X448
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448
 pk_write_key_check:"../framework/data_files/ec_x448_prv.pem":TEST_PEM

 Private key write check EC X448 (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_448
 pk_write_key_check:"../framework/data_files/ec_x448_prv.der":TEST_DER

 Derive public key RSA
@ -147,9 +147,9 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_BRAINPOOL_P_R1_512
 pk_write_public_from_private:"../framework/data_files/ec_bp512_prv.der":"../framework/data_files/ec_bp512_pub.der"

 Derive public key EC X25519
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
 pk_write_public_from_private:"../framework/data_files/ec_x25519_prv.der":"../framework/data_files/ec_x25519_pub.der"

 Derive public key EC X448
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_448
 pk_write_public_from_private:"../framework/data_files/ec_x448_prv.der":"../framework/data_files/ec_x448_pub.der"
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@ -2924,7 +2924,7 @@ SSL TLS 1.3 Key schedule: PSK binder
 # Vector from RFC 8448
 # For the resumption PSK, see Section 3, 'generate resumption secret "tls13 resumption"'
 # For all other data, see Section 4, 'construct a ClientHello handshake message:'
-depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_MONTGOMERY_255
 ssl_tls13_create_psk_binder:PSA_ALG_SHA_256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3":MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:"63224b2e4573f2d3454ca84b9d009a04f6be9e05711a8396473aefa01e924a14":"3add4fb2d8fdf822a0ca3cf7678ef5e88dae990141c5924d57bb6fa31b9e5f9d"

 SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@ -3610,12 +3610,12 @@ void elliptic_curve_get_properties()
 #else
    TEST_UNAVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192);
 #endif
-#if defined(MBEDTLS_ECP_HAVE_CURVE25519) || defined(PSA_WANT_ECC_MONTGOMERY_255)
+#if defined(PSA_WANT_ECC_MONTGOMERY_255)
    TEST_AVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255);
 #else
    TEST_UNAVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255);
 #endif
-#if defined(MBEDTLS_ECP_HAVE_CURVE448) || defined(PSA_WANT_ECC_MONTGOMERY_448)
+#if defined(PSA_WANT_ECC_MONTGOMERY_448)
    TEST_AVAILABLE_ECC(30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448);
 #else
    TEST_UNAVAILABLE_ECC(30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448);
--- a/tf-psa-crypto/core/psa_util.c
+++ b/tf-psa-crypto/core/psa_util.c
@ -230,7 +230,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
            *bits = 512;
            return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
 #endif
-#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
+#if defined(PSA_WANT_ECC_MONTGOMERY_255)
        case MBEDTLS_ECP_DP_CURVE25519:
            *bits = 255;
            return PSA_ECC_FAMILY_MONTGOMERY;
@ -248,7 +248,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
            *bits = 256;
            return PSA_ECC_FAMILY_SECP_K1;
 #endif
-#if defined(MBEDTLS_ECP_HAVE_CURVE448)
+#if defined(PSA_WANT_ECC_MONTGOMERY_448)
        case MBEDTLS_ECP_DP_CURVE448:
            *bits = 448;
            return PSA_ECC_FAMILY_MONTGOMERY;
--- a/tf-psa-crypto/drivers/builtin/src/oid.c
+++ b/tf-psa-crypto/drivers/builtin/src/oid.c
@ -633,18 +633,18 @@ typedef struct {

 static const oid_ecp_grp_algid_t oid_ecp_grp_algid[] =
 {
-#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
+#if defined(PSA_WANT_ECC_MONTGOMERY_255)
    {
        OID_DESCRIPTOR(MBEDTLS_OID_X25519,               "X25519",       "X25519"),
        MBEDTLS_ECP_DP_CURVE25519,
    },
-#endif /* MBEDTLS_ECP_HAVE_CURVE25519 */
-#if defined(MBEDTLS_ECP_HAVE_CURVE448)
+#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
+#if defined(PSA_WANT_ECC_MONTGOMERY_448)
    {
        OID_DESCRIPTOR(MBEDTLS_OID_X448,                 "X448",         "X448"),
        MBEDTLS_ECP_DP_CURVE448,
    },
-#endif /* MBEDTLS_ECP_HAVE_CURVE448 */
+#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
    {
        NULL_OID_DESCRIPTOR,
        MBEDTLS_ECP_DP_NONE,
--- a/tf-psa-crypto/drivers/builtin/src/pk_internal.h
+++ b/tf-psa-crypto/drivers/builtin/src/pk_internal.h
@ -114,9 +114,9 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_c
 }

 /* Helper for Montgomery curves */
-#if defined(MBEDTLS_ECP_HAVE_CURVE25519) || defined(MBEDTLS_ECP_HAVE_CURVE448)
+#if defined(PSA_WANT_ECC_MONTGOMERY_255) || defined(PSA_WANT_ECC_MONTGOMERY_448)
 #define MBEDTLS_PK_HAVE_RFC8410_CURVES
-#endif /* MBEDTLS_ECP_HAVE_CURVE25519 || MBEDTLS_ECP_DP_CURVE448 */
+#endif /* PSA_WANT_ECC_MONTGOMERY_255 || PSA_WANT_ECC_MONTGOMERY_448 */

 #define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id)  \
    ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448))