feat(mbedtls/ecdsa): Introduce PSA ECDSA driver

docs/doxygen/Doxyfile

@@ -296,7 +296,7 @@ INPUT = \
     $(PROJECT_PATH)/components/lwip/include/apps/esp_sntp.h \
     $(PROJECT_PATH)/components/lwip/include/apps/ping/ping_sock.h \
     $(PROJECT_PATH)/components/mbedtls/esp_crt_bundle/include/esp_crt_bundle.h \
-    $(PROJECT_PATH)/components/mbedtls/port/include/ecdsa/ecdsa_alt.h \
+    $(PROJECT_PATH)/components/mbedtls/port/psa_driver/include/psa_crypto_driver_esp_ecdsa_contexts.h \
     $(PROJECT_PATH)/components/nvs_flash/include/nvs_flash.h \
     $(PROJECT_PATH)/components/nvs_flash/include/nvs.h \
     $(PROJECT_PATH)/components/nvs_flash/include/nvs_bootloader.h \

docs/en/api-reference/peripherals/ecdsa.rst

@@ -134,7 +134,8 @@ The ECDSA peripheral in Mbed TLS stack is integrated by overriding the ECDSA sig
 
 For a particular TLS context, additional APIs have been supplied to populate certain fields (e.g., private key ctx) to differentiate routing to hardware. ESP-TLS layer integrates these APIs internally and hence no additional work is required at the application layer. However, for custom use-cases please refer to API details below.
 
+
 API Reference
 -------------
 
-.. include-build-file:: inc/ecdsa_alt.inc
+.. include-build-file:: inc/psa_crypto_driver_esp_ecdsa_contexts.inc

docs/en/migration-guides/release-6.x/6.0/security.rst

@@ -26,7 +26,7 @@ ESP-IDF v6.0 updates to Mbed TLS v4.0, where **PSA Crypto is the primary cryptog
 
 - **Breaking change**: In Mbed TLS v4.0, **most legacy cryptography APIs have been removed** and PSA Crypto is the primary interface. If your application directly uses legacy ``mbedtls_*`` cryptography primitives, you may need to migrate to PSA Crypto APIs.
 - **Breaking change**: ``psa_crypto_init()`` must be called before any cryptographic operation, including indirect operations such as parsing keys/certificates or starting a TLS handshake. ESP-IDF initializes PSA during normal startup; however, code that runs earlier than the normal startup sequence must call ``psa_crypto_init()`` explicitly.
-- **New API**: ``esp_ecdsa_free_pk_context(mbedtls_pk_context *key_ctx)`` was added (``ecdsa/ecdsa_alt.h``). If your application initializes a PK context with a hardware-backed ECDSA key using ``esp_ecdsa_set_pk_context()``, use ``esp_ecdsa_free_pk_context()`` to free it. With PSA-backed Mbed TLS v4.x, ``mbedtls_pk_free()`` does not deallocate the manually created keypair structure in this case.
+- **Breaking change**: ``esp_ecdsa_load_pubkey()``, ``esp_ecdsa_privkey_load_mpi()``, ``esp_ecdsa_privkey_load_pk_context()``, ``esp_ecdsa_set_pk_context()``, ``esp_ecdsa_tee_load_pubkey()`` and ``esp_ecdsa_tee_set_pk_context()`` have been deprecated and removed. The legacy ``esp_ecdsa_pk_conf_t`` configuration is replaced by ``esp_ecdsa_opaque_key_t``, which represents an hardware-backed ECDSA opaque key. Applications can populate this structure and import it via ``psa_import_key()``, enabling all ECDSA operations through standard PSA Crypto APIs.
 - **Breaking change**: APIs that previously required an application-provided RNG callback (``f_rng``, ``p_rng``) have changed in Mbed TLS v4.0 to use the PSA RNG instead. Update application code to the new prototypes (for example X.509 write APIs, SSL cookie setup, and SSL ticket setup).
 - **Breaking change**: TLS 1.2 / DTLS 1.2 interoperability may be affected because Mbed TLS v4.0 removes support for key exchanges based on finite-field DHE and RSA key exchange without forward secrecy (and static ECDH). If a peer requires removed suites, TLS connections may fail; update server/client cipher suite configuration accordingly.
 - **Breaking change**: certificates/peers using elliptic curves of less than 250 bits (for example secp192r1/secp224r1) are no longer supported in certificates and in TLS.

docs/sphinx-known-warnings.txt

@@ -184,16 +184,6 @@ If declarator-id:
     struct esp_cam_ctlr_csi_config_t
     --------------------------------^
 
-ecdsa_alt.inc:line: WARNING: Error in declarator or parameters-and-qualifiers
-If pointer to member declarator:
-  Invalid C++ declaration: Expected identifier in nested name. [error at 25]
-    union esp_ecdsa_pk_conf_t
-    -------------------------^
-If declarator-id:
-  Invalid C++ declaration: Expected identifier in nested name. [error at 25]
-    union esp_ecdsa_pk_conf_t
-    -------------------------^
-
 i2c_master.inc:line: WARNING: Duplicate C++ declaration, also defined at api-reference/peripherals/i2c:line.
 Declaration is '.. cpp:member:: uint8_t * data'.
 isp_types.inc:line: WARNING: Error in declarator or parameters-and-qualifiers

docs/zh_CN/api-reference/peripherals/ecdsa.rst

@@ -137,4 +137,4 @@ ECDSA 外设依靠硬件真随机数生成器 (TRNG) 来满足其内部熵要求
 API 参考
 --------
 
-.. include-build-file:: inc/ecdsa_alt.inc
+.. include-build-file:: inc/psa_crypto_driver_esp_ecdsa_contexts.inc

docs/zh_CN/migration-guides/release-6.x/6.0/security.rst

@@ -26,7 +26,7 @@ ESP-IDF v6.0 已升级至 Mbed TLS v4.0，**PSA Crypto 成为主要加密接口*
 
 - **重大变更**：在 Mbed TLS v4.0 中，**大多数传统加密 API 已被移除**，PSA Crypto 成为主要接口。如果应用直接使用传统的 ``mbedtls_*`` 加密原语，则无法直接兼容，需迁移到 PSA Crypto API。
 - **重大变更**：在执行任何加密操作之前（包括解析密钥/证书或启动 TLS 握手等操作），必须调用 ``psa_crypto_init()``。ESP-IDF 在常规启动过程中会初始化 PSA，因此大多数应用保持兼容；但对于早于常规启动流程运行的代码，需显式调用 ``psa_crypto_init()``。
-- **新增 API**：新增 ``esp_ecdsa_free_pk_context(mbedtls_pk_context *key_ctx)``，参见 ``ecdsa/ecdsa_alt.h``。如果应用使用 ``esp_ecdsa_set_pk_context()`` 初始化包含硬件 ECDSA 密钥的 PK 上下文，应使用 ``esp_ecdsa_free_pk_context()`` 进行释放。在基于 PSA 的 Mbed TLS v4.x 中，``mbedtls_pk_free()`` 无法释放此种情况下手动创建的密钥对结构。
+- **重大变更**：``esp_ecdsa_load_pubkey()``、``esp_ecdsa_privkey_load_mpi()``、``esp_ecdsa_privkey_load_pk_context()``、``esp_ecdsa_set_pk_context()``、``esp_ecdsa_tee_load_pubkey()`` 和 ``esp_ecdsa_tee_set_pk_context()`` 已被弃用并移除。旧的 ``esp_ecdsa_pk_conf_t`` 配置已被 ``esp_ecdsa_opaque_key_t`` 取代，后者支持由 ECDSA 硬件提供的不透明密钥。应用程序可以配置该结构体并通过 ``psa_import_key()`` 导入，从而使用标准 PSA Crypto API 启用所有 ECDSA 操作。
 - **重大变更**：原需应用提供 RNG 回调（``f_rng``、``p_rng``）的 API，在 Mbed TLS v4.0 中已改为使用 PSA RNG。使用旧函数原型的代码将无法直接兼容，需要更新为新的 API 定义（例如 X.509 写入 API、SSL cookie 设置以及 SSL ticket 设置）。
 - **重大变更**：TLS 1.2 / DTLS 1.2 的互操作性可能受到影响，因为 Mbed TLS v4.0 移除了对基于有限域 DHE、无前向保密的 RSA 密钥交换（以及静态 ECDH）的支持。如果对等端需要使用已移除的密码套件，TLS 连接将不兼容并可能失败；需相应更新服务器或客户端的密码套件配置。
 - **重大变更**：证书或对等端中使用的椭圆曲线位数小于 250 位（例如 secp192r1/secp224r1）已不再受支持。