From 92926ff4dce7b2b5e037d4ea5ade1f1f5d431f41 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Wed, 12 Nov 2025 12:55:52 +0100
Subject: [PATCH] library: common: add helper to get PSA algorithm from PK
 sigalg

Add a simple helper to convert from PK sigalg to PSA algorithm. This is
handy when calling mbedtls_pk_can_do_psa() knowing the PK sigalg and the
used MD type.

This is being added in a separate file because it's meant to be consumed
by both ssl and x509 modules. It was not added to tf-psa-crypto because
this is only needed on the mbedtls repo and doing so reduce interdependencies
between the repos.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 library/mbedtls_utils.h | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 library/mbedtls_utils.h

diff --git a/library/mbedtls_utils.h b/library/mbedtls_utils.h
new file mode 100644
index 0000000000..948b391061
--- /dev/null
+++ b/library/mbedtls_utils.h
@@ -0,0 +1,23 @@
+#include "mbedtls/pk.h"
+#include "psa/crypto.h"
+
+#ifndef MBEDTLS_UTILS_H
+#define MBEDTLS_UTILS_H
+
+/* Return the PSA algorithm associated to the given combination of "sigalg" and "hash_alg". */
+static inline int mbedtls_psa_alg_from_pk_sigalg(mbedtls_pk_sigalg_t sigalg,
+                                                 psa_algorithm_t hash_alg)
+{
+    switch (sigalg) {
+        case MBEDTLS_PK_SIGALG_RSA_PKCS1V15:
+            return PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg);
+        case MBEDTLS_PK_SIGALG_RSA_PSS:
+            return PSA_ALG_RSA_PSS(hash_alg);
+        case MBEDTLS_PK_SIGALG_ECDSA:
+            return MBEDTLS_PK_ALG_ECDSA(hash_alg);
+        default:
+            return MBEDTLS_PK_SIGALG_NONE;
+    }
+}
+
+#endif /* MBEDTLS_UTILS_H */