From ab5ec9d3a488f33aef46f3b477260b66b9653ad3 Mon Sep 17 00:00:00 2001
From: Ryan Everett <ryan.everett@arm.com>
Date: Thu, 25 Apr 2024 15:05:31 +0100
Subject: [PATCH] Add a crypto config file for ccm-psk-tls1_2.h

Also convert legacy symbols to their PSA equivalents.
This does not change code compiled when this config is active with PSA
enabled

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
---
 configs/config-ccm-psk-tls1_2.h        |  7 +++---
 configs/crypto-config-ccm-psk-tls1_2.h | 30 ++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 3 deletions(-)
 create mode 100644 configs/crypto-config-ccm-psk-tls1_2.h

diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index d49adfd725..cbc7dab867 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -22,19 +22,20 @@
  * See README.txt for usage instructions.
  */
 
+#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-ccm-psk-tls1_2.h"
+
+#define MBEDTLS_PSA_CRYPTO_CONFIG
+
 /* System support */
 //#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */
 /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */
 
 /* Mbed TLS modules */
-#define MBEDTLS_AES_C
-#define MBEDTLS_CCM_C
 #define MBEDTLS_CIPHER_C
 #define MBEDTLS_CTR_DRBG_C
 #define MBEDTLS_ENTROPY_C
 #define MBEDTLS_MD_C
 #define MBEDTLS_NET_C
-#define MBEDTLS_SHA256_C
 #define MBEDTLS_SSL_CLI_C
 #define MBEDTLS_SSL_SRV_C
 #define MBEDTLS_SSL_TLS_C
diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h
new file mode 100644
index 0000000000..2891b4e007
--- /dev/null
+++ b/configs/crypto-config-ccm-psk-tls1_2.h
@@ -0,0 +1,30 @@
+/**
+ * \file crypto-config-ccm-psk-tls1_2.h
+ *
+ * \brief Minimal crypto configuration for TLS 1.2 with
+ * PSK and AES-CCM ciphersuites
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/**
+ * To be used in conjunction with configs/config-ccm-psk-tls1_2.h
+ * or configs/config-ccm-psk-dtls1_2.h. */
+
+#ifndef PSA_CRYPTO_CONFIG_H
+#define PSA_CRYPTO_CONFIG_H
+
+#define PSA_WANT_ALG_CCM                        1
+#define PSA_WANT_ALG_CCM_STAR_NO_TAG            1
+#define PSA_WANT_ALG_ECB_NO_PADDING             1
+#define PSA_WANT_ALG_HMAC                       1
+#define PSA_WANT_ALG_SHA_256                    1
+#define PSA_WANT_ALG_TLS12_PRF                  1
+#define PSA_WANT_ALG_TLS12_PSK_TO_MS            1
+#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS       1
+
+#define PSA_WANT_KEY_TYPE_AES                   1
+#define PSA_WANT_KEY_TYPE_HMAC                  1
+#endif /* PSA_CRYPTO_CONFIG_H */