Resolve some HMAC dependencies automatically

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

configs/crypto-config-ccm-aes-sha256.h

@@ -2,7 +2,7 @@
  * \file configs/crypto-config-ccm-aes-sha256.h
  *
  * \brief PSA crypto configuration with only symmetric cryptography: CCM-AES,
- *        SHA-256, HMAC and key derivation
+ *        SHA-256 and key derivation (uses HMAC).
  */
 /*
  *  Copyright The Mbed TLS Contributors
@@ -13,12 +13,10 @@
 #define PSA_CRYPTO_CONFIG_H
 
 #define PSA_WANT_ALG_CCM 1
-#define PSA_WANT_ALG_HMAC 1
 #define PSA_WANT_ALG_SHA_256 1
 #define PSA_WANT_ALG_TLS12_PRF 1
 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
 #define PSA_WANT_KEY_TYPE_DERIVE 1
-#define PSA_WANT_KEY_TYPE_HMAC 1
 #define PSA_WANT_KEY_TYPE_AES 1
 #define PSA_WANT_KEY_TYPE_RAW_DATA 1
 

configs/crypto-config-ccm-psk-tls1_2.h

@@ -17,11 +17,9 @@
 #define PSA_CRYPTO_CONFIG_H
 
 #define PSA_WANT_ALG_CCM                        1
-#define PSA_WANT_ALG_HMAC                       1
 #define PSA_WANT_ALG_SHA_256                    1
 #define PSA_WANT_ALG_TLS12_PRF                  1
 #define PSA_WANT_ALG_TLS12_PSK_TO_MS            1
 
 #define PSA_WANT_KEY_TYPE_AES                   1
-#define PSA_WANT_KEY_TYPE_HMAC                  1
 #endif /* PSA_CRYPTO_CONFIG_H */

configs/crypto-config-suite-b.h

@@ -18,7 +18,6 @@
  *
  * Possible improvements:
  * - if 128-bit security is enough, disable secp384r1 and SHA-512
- * - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C
  *
  * To be used in conjunction with configs/config-suite-b.h. */
 
@@ -28,7 +27,6 @@
 #define PSA_WANT_ALG_ECDH                        1
 #define PSA_WANT_ALG_ECDSA                       1
 #define PSA_WANT_ALG_GCM                         1
-#define PSA_WANT_ALG_HMAC                        1
 #define PSA_WANT_ALG_SHA_256                     1
 #define PSA_WANT_ALG_SHA_384                     1
 #define PSA_WANT_ALG_SHA_512                     1
@@ -40,5 +38,4 @@
 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC     1
 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT    1
 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE  1
-#define PSA_WANT_KEY_TYPE_HMAC                   1
 #endif /* PSA_CRYPTO_CONFIG_H */

include/mbedtls/config_psa.h

@@ -22,6 +22,8 @@
 
 #include "psa/crypto_adjust_config_synonyms.h"
 
+#include "psa/crypto_adjust_config_dependencies.h"
+
 #include "mbedtls/config_adjust_psa_superset_legacy.h"
 
 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)

include/psa/crypto_adjust_config_dependencies.h

@@ -0,0 +1,27 @@
+/**
+ * \file psa/crypto_adjust_config_dependencies.h
+ * \brief Adjust PSA configuration by resolving some dependencies.
+ *
+ * See docs/proposed/psa-conditional-inclusion-c.md.
+ * If a cryptographic mechanism A depends on a cryptographic mechanism B and
+ * A is enabled then enable B.
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H
+#define PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H
+
+#if defined(PSA_WANT_ALG_TLS12_PRF) || \
+    defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) || \
+    defined(PSA_WANT_ALG_HKDF) || \
+    defined(PSA_WANT_ALG_HKDF_EXTRACT) || \
+    defined(PSA_WANT_ALG_HKDF_EXPAND) || \
+    defined(PSA_WANT_ALG_PBKDF2_HMAC)
+#define PSA_WANT_ALG_HMAC 1
+#define PSA_WANT_KEY_TYPE_HMAC 1
+#endif
+
+#endif /* PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H */