From 8e48b11968cdfc7ab71b8e04bcdb2d8e9ba8e414 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dag=20Erik=20Gj=C3=B8rvad?= <dag.erik.gjorvad@nordicsemi.no>
Date: Mon, 10 Feb 2025 11:51:08 +0100
Subject: [PATCH] nrf_security: drivers: cracen: Add Cracen key export for
 SPAKE2P keys
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add support for export of SPAKE2P keys to Cracen.
It currently only supports SECP256R1 keys.

Signed-off-by: Dag Erik Gjørvad <dag.erik.gjorvad@nordicsemi.no>
---
 .../drivers/cracen/cracenpsa/src/key_management.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c
index 3e772aad1d56..45b51a521a05 100644
--- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c
+++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c
@@ -880,7 +880,7 @@ psa_status_t cracen_export_public_key(const psa_key_attributes_t *attributes,
 
 	psa_key_type_t key_type = psa_get_key_type(attributes);
 	*data_length = 0;
-
+	int test = IS_ENABLED(PSA_NEED_CRACEN_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256);
 	if (data_size == 0) {
 		return PSA_ERROR_INVALID_ARGUMENT;
 	}
@@ -896,6 +896,17 @@ psa_status_t cracen_export_public_key(const psa_key_attributes_t *attributes,
 		}
 	}
 
+	if (IS_ENABLED(PSA_NEED_CRACEN_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256)) {
+		if (PSA_KEY_TYPE_IS_SPAKE2P_KEY_PAIR(key_type)) {
+			return export_ecc_public_key_from_keypair(attributes, key_buffer,
+								  key_buffer_size, data, data_size,
+								  data_length);
+		} else if (PSA_KEY_TYPE_IS_SPAKE2P_PUBLIC_KEY(key_type)) {
+			return ecc_export_key(attributes, key_buffer, key_buffer_size, data,
+					      data_size, data_length);
+		}
+	}
+
 	if (key_type == PSA_KEY_TYPE_RSA_KEY_PAIR &&
 	    IS_ENABLED(PSA_NEED_CRACEN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) {
 		return export_rsa_public_key_from_keypair(attributes, key_buffer, key_buffer_size,
@@ -906,7 +917,7 @@ psa_status_t cracen_export_public_key(const psa_key_attributes_t *attributes,
 					     data_size, data_length);
 	}
 
-	return PSA_ERROR_NOT_SUPPORTED;
+	return test;
 }
 
 psa_status_t cracen_import_key(const psa_key_attributes_t *attributes, const uint8_t *data,