nrfconnect
diff --git a/‎subsys/nrf_security/src/drivers/cracen/cracenpsa/cracenpsa.cmake
+6 b/‎subsys/nrf_security/src/drivers/cracen/cracenpsa/cracenpsa.cmake
+6
diff --git a/‎subsys/nrf_security/src/drivers/cracen/cracenpsa/include/cracen_psa.h
+51 b/‎subsys/nrf_security/src/drivers/cracen/cracenpsa/include/cracen_psa.h
+51
diff --git a/‎subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ecc.c
+105 b/‎subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ecc.c
+105
@@ -44,7 +44,12 @@ endif()
 if(CONFIG_PSA_NEED_CRACEN_ASYMMETRIC_SIGNATURE_DRIVER)
   list(APPEND cracen_driver_sources
     ${CMAKE_CURRENT_LIST_DIR}/src/sign.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/ecdsa.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/ecc.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/rndinrange.c
     ${CMAKE_CURRENT_LIST_DIR}/src/ed25519.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/util.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/hmac.c
   )
 endif()
 
@@ -64,6 +69,7 @@ if(CONFIG_PSA_NEED_CRACEN_KEY_MANAGEMENT_DRIVER OR CONFIG_PSA_NEED_CRACEN_KMU_DR
   list(APPEND cracen_driver_sources
     ${CMAKE_CURRENT_LIST_DIR}/src/ed25519.c
     ${CMAKE_CURRENT_LIST_DIR}/src/key_management.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/ecdsa.c
   )
 endif()
 
 
@@ -377,4 +377,55 @@ int ed25519ph_verify(const uint8_t *pubkey, const char *message,
 int ed25519_create_pubkey(const uint8_t *privkey,
 				uint8_t *pubkey);
 
+int be_cmp(const unsigned char *a, const unsigned char *b, size_t sz, int carry);
+
+struct sx_pk_ecurve;
+
+struct ecdsa_signature {
+	size_t sz; /**< Total signature size, in bytes. */
+	char *r;   /**< Signature element "r". */
+	char *s;   /**< Signature element "s". */
+};
+struct eccsk {
+	const struct sx_pk_ecurve *curve;
+	char *d;
+};
+
+struct eccpk {
+	const struct sx_pk_ecurve *curve;
+	char *qx;
+	char *qy;
+};
+
+struct ecc_keypair {
+	struct eccsk sk;
+	struct eccpk pk;
+};
+
+
+int ecc_create_genpubkey(char *priv_key, char *pub_key, const struct sx_pk_ecurve *curve);
+
+int ecc_create_genprivkey(const struct sx_pk_ecurve *curve,
+			      char *priv_key, size_t priv_key_size);
+
+
+int cracen_ecdsa_verify(char *pubkey, const struct sxhashalg *hashalg, const uint8_t *message,
+				       size_t message_length, const struct sx_pk_ecurve *curve,
+				       const uint8_t *signature);
+
+int cracen_ecdsa_sign(const struct eccsk *privkey, size_t privkey_size,
+		const struct sxhashalg *hashalg, const struct sx_pk_ecurve *curve,const uint8_t *message,
+		size_t message_length, uint8_t *signature, size_t signature_size, size_t *signature_length);
+
+int cracen_ecdsa_sign_deterministic(const struct eccsk *privkey, size_t privkey_size,
+		const struct sxhashalg *hashalg, const struct sx_pk_ecurve *curve,const uint8_t *digest,
+		size_t digest_length, uint8_t *signature, size_t signature_size, size_t *signature_length);
+
+int rndinrange_create(const unsigned char *n, size_t nsz, unsigned char *out);
+
+int mac_create_hmac(const struct sxhashalg *hashalg, struct sxhash *hashopctx, const char *key,
+			size_t keysz, char *workmem, size_t workmemsz);
+
+int hmac_produce(struct sxhash *hashctx, const struct sxhashalg *hashalg, char *out, size_t sz, char *workmem);
+
 #endif /* CRACEN_PSA_H */
@@ -0,0 +1,105 @@
+/* ECC key pair generation.
+ * Based on FIPS 186-4, section B.4.2 "Key Pair Generation by Testing
+ * Candidates".
+ *
+ * Copyright (c) 2023 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include <string.h>
+#include <silexpk/core.h>
+#include <silexpk/iomem.h>
+#include <silexpk/cmddefs/ecc.h>
+#include <cracen/statuscodes.h>
+#include "cracen_psa.h"
+#include <zephyr/sys/printk.h>
+#include <zephyr/logging/log.h>
+
+#define MAX_ECC_ATTEMPTS 10
+LOG_MODULE_REGISTER(ecc, LOG_LEVEL_DBG);
+
+int ecc_create_genpubkey(char *priv_key, char *pub_key, const struct sx_pk_ecurve *curve)
+{
+	const char **outputs;
+	struct sx_pk_acq_req pkreq;
+	struct sx_pk_inops_ecp_mult inputs;
+	int opsz;
+	int status;
+	int attempts = MAX_ECC_ATTEMPTS;
+	for (int i = 0; i <= MAX_ECC_ATTEMPTS; i++) {
+		LOG_INF("ECC test");
+		pkreq = sx_pk_acquire_req(SX_PK_CMD_ECC_PTMUL);
+		if (pkreq.status) {
+			return pkreq.status;
+		}
+		LOG_INF("list_ecc_inslots");
+		pkreq.status = sx_pk_list_ecc_inslots(pkreq.req, curve, 0,
+						(struct sx_pk_slot *)&inputs);
+		if (pkreq.status) {
+			return pkreq.status;
+		}
+
+		opsz = sx_pk_curve_opsize(curve);
+		LOG_INF("curve_opsize");
+
+		/* Write the private key (random) into ba414ep device memory */
+		sx_wrpkmem(inputs.k.addr, priv_key, opsz);
+		sx_pk_write_curve_gen(pkreq.req, curve, inputs.px, inputs.py);
+		LOG_INF("curve_write");
+
+		sx_pk_run(pkreq.req);
+		LOG_INF("pk_has_finished");
+
+		status = sx_pk_has_finished(pkreq.req);
+		LOG_INF("sx_pk_wait");
+
+		status = sx_pk_wait(pkreq.req);
+		if (status != SX_OK) {
+			return status;
+		}
+		LOG_INF("output_ops");
+	/* 	static int on_generated_public(struct sitask *t, struct siwq *wq) */
+		outputs = sx_pk_get_output_ops(pkreq.req);
+		LOG_INF("outputs");
+
+		/* When countermeasures are used, the operation may fail with error code
+		* SX_ERR_NOT_INVERTIBLE. In this case we can try again.
+		*/
+		if (status == SX_ERR_NOT_INVERTIBLE) {
+			sx_pk_release_req(pkreq.req);
+			if (i == MAX_ECC_ATTEMPTS) {
+				return SX_ERR_TOO_MANY_ATTEMPTS;
+			}
+		} else {
+			break;
+		}
+
+	}
+	sx_rdpkmem(pub_key, outputs[0], opsz);
+
+	sx_rdpkmem(pub_key + opsz, outputs[1], opsz);
+	sx_pk_release_req(pkreq.req);
+	LOG_INF("last wait");
+	return status;
+}
+
+int ecc_create_genprivkey(const struct sx_pk_ecurve *curve,
+			      char *priv_key, size_t priv_key_size)
+{
+	size_t keysz = (size_t)sx_pk_curve_opsize(curve);
+	int status;
+	int opsz = sx_pk_curve_opsize(curve);
+	const char *curve_n = sx_pk_curve_order(curve);
+
+	if (priv_key_size < keysz) {
+		return SX_ERR_OUTPUT_BUFFER_TOO_SMALL;
+	}
+
+	/* generate private key, a random in [1, n-1], where n is the curve
+	 * order
+	 */
+	status = rndinrange_create((const unsigned char *)curve_n, opsz, priv_key);
+
+	return status;
+}