nrf_security: drivers: cracen: fix ECDH/SPAKE2+ key check

Remove a step that is not needed and that was not
performed properly.

It showed up as an error on CRACEN Lite because
the IP returns a different error code.

ref: DLT-3834

Signed-off-by: Tomi Fontanilles <[email protected]>

subsys/nrf_security/src/drivers/cracen/cracenpsa/src/common.c

@@ -340,7 +340,6 @@ psa_status_t cracen_ecc_check_public_key(const struct sx_pk_ecurve *curve,
 					 const sx_pk_affine_point *in_pnt)
 {
 	int sx_status;
-	int psa_status;
 	char char_x[CRACEN_MAC_ECC_PRIVKEY_BYTES];
 	char char_y[CRACEN_MAC_ECC_PRIVKEY_BYTES];
 
@@ -352,29 +351,22 @@ psa_status_t cracen_ecc_check_public_key(const struct sx_pk_ecurve *curve,
 					  .y = {.sz = n.sz, .bytes = char_y}};
 
 	/* This function checks if the point is on the curve, it also checks
-	 * that both x and y are <= p - 1. So it gives us coverage for 1,2,3.
+	 * that both x and y are <= p - 1. So it gives us coverage for steps 1, 2 and 3.
 	 */
 	sx_status = sx_ec_ptoncurve(curve, in_pnt);
 	if (sx_status != SX_OK) {
 		return silex_statuscodes_to_psa(sx_status);
 	}
 
-	/* Step 4 of the checks, we do (order * pnt) and we expect to get the
-	 * point of infinity as a result. The Cracen returns
-	 * SX_ERR_NOT_INVERTIBLE and not SX_ERR_POINT_AT_INFINITY as expected
+	/* Skip step 4.
+	 * Only do partial key validation as we only support NIST curves and X25519.
+	 * See DLT-3834 for more information.
 	 */
-	sx_status = sx_ecp_ptmult(curve, &n, in_pnt, &scratch_pnt);
-	if (sx_status == SX_ERR_NOT_INVERTIBLE) {
-		psa_status = PSA_SUCCESS;
-	} else {
-		psa_status = (sx_status == SX_OK) ? PSA_ERROR_INVALID_ARGUMENT
-						  : silex_statuscodes_to_psa(sx_status);
-	}
 
 	safe_memzero(scratch_pnt.x.bytes, scratch_pnt.x.sz);
 	safe_memzero(scratch_pnt.x.bytes, scratch_pnt.x.sz);
 
-	return psa_status;
+	return PSA_SUCCESS;
 }
 
 psa_status_t rnd_in_range(uint8_t *n, size_t sz, const uint8_t *upperlimit, size_t retry_limit)