diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h
index 420f62485..0b57d1c7f 100644
--- a/configs/config-psa-crypto.h
+++ b/configs/config-psa-crypto.h
@@ -2719,25 +2719,12 @@
*
* Module: library/psa_crypto_storage.c
*
- * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
- *
+ * Requires: MBEDTLS_PSA_CRYPTO_C,
+ * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
+ * the PSA ITS interface
*/
#define MBEDTLS_PSA_CRYPTO_STORAGE_C
-/**
- * \def MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
- *
- * Enable persistent key storage over PSA ITS for the
- * Platform Security Architecture cryptography API.
- *
- * Module: library/psa_crypto_storage_its.c
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C,
- * either MBEDTLS_PSA_HAS_ITS_IO or MBEDTLS_PSA_ITS_FILE_C
- *
- */
-#define MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
-
/**
* \def MBEDTLS_PSA_ITS_FILE_C
*
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 7d6c0c98d..607deb96f 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -526,16 +526,10 @@
#endif
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
- !( defined(MBEDTLS_PSA_CRYPTO_C) && \
- defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) )
+ ! defined(MBEDTLS_PSA_CRYPTO_C)
#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) && \
- ! defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-#error "MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
!defined(MBEDTLS_FS_IO)
#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index f8585c7cb..f27b50e5a 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2761,25 +2761,12 @@
*
* Module: library/psa_crypto_storage.c
*
- * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
- *
+ * Requires: MBEDTLS_PSA_CRYPTO_C,
+ * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
+ * the PSA ITS interface
*/
#define MBEDTLS_PSA_CRYPTO_STORAGE_C
-/**
- * \def MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
- *
- * Enable persistent key storage over PSA ITS for the
- * Platform Security Architecture cryptography API.
- *
- * Module: library/psa_crypto_storage_its.c
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C,
- * either MBEDTLS_PSA_HAS_ITS_IO or MBEDTLS_PSA_ITS_FILE_C
- *
- */
-#define MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
-
/**
* \def MBEDTLS_PSA_ITS_FILE_C
*
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 70b1a136d..72378da78 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -56,7 +56,6 @@ set(src_crypto
psa_crypto.c
psa_crypto_slot_management.c
psa_crypto_storage.c
- psa_crypto_storage_its.c
psa_its_file.c
ripemd160.c
rsa.c
diff --git a/library/Makefile b/library/Makefile
index 0a128380a..6ed5e6861 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -85,7 +85,6 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \
psa_crypto.o \
psa_crypto_slot_management.o \
psa_crypto_storage.o \
- psa_crypto_storage_its.o \
psa_its_file.o \
ripemd160.o rsa_internal.o rsa.o \
sha1.o sha256.o sha512.o \
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 84a6ed558..8af3d081f 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -44,6 +44,138 @@
#define mbedtls_free free
#endif
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+#include "psa_crypto_its.h"
+#else /* Native ITS implementation */
+#include "psa/error.h"
+#include "psa_crypto_service_integration.h"
+#include "psa/internal_trusted_storage.h"
+#endif
+
+/* Determine a file name (ITS file identifier) for the given key file
+ * identifier. The file name must be distinct from any file that is used
+ * for a purpose other than storing a key. Currently, the only such file
+ * is the random seed file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID
+ * and whose value is 0xFFFFFF52. */
+static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t file_id )
+{
+#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) && \
+ defined(PSA_CRYPTO_SECURE)
+ /* Encode the owner in the upper 32 bits. This means that if
+ * owner values are nonzero (as they are on a PSA platform),
+ * no key file will ever have a value less than 0x100000000, so
+ * the whole range 0..0xffffffff is available for non-key files. */
+ uint32_t unsigned_owner = (uint32_t) file_id.owner;
+ return( (uint64_t) unsigned_owner << 32 | file_id.key_id );
+#else
+ /* Use the key id directly as a file name.
+ * psa_is_key_file_id_valid() in psa_crypto_slot_management.c
+ * is responsible for ensuring that key identifiers do not have a
+ * value that is reserved for non-key files. */
+ return( file_id );
+#endif
+}
+
+psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key, uint8_t *data,
+ size_t data_size )
+{
+ psa_status_t status;
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ struct psa_storage_info_t data_identifier_info;
+
+ status = psa_its_get_info( data_identifier, &data_identifier_info );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ status = psa_its_get( data_identifier, 0, data_size, data );
+
+ return( status );
+}
+
+int psa_is_key_present_in_storage( const psa_key_file_id_t key )
+{
+ psa_status_t ret;
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ struct psa_storage_info_t data_identifier_info;
+
+ ret = psa_its_get_info( data_identifier, &data_identifier_info );
+
+ if( ret == PSA_ERROR_DOES_NOT_EXIST )
+ return( 0 );
+ return( 1 );
+}
+
+psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key,
+ const uint8_t *data,
+ size_t data_length )
+{
+ psa_status_t status;
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ struct psa_storage_info_t data_identifier_info;
+
+ if( psa_is_key_present_in_storage( key ) == 1 )
+ return( PSA_ERROR_ALREADY_EXISTS );
+
+ status = psa_its_set( data_identifier, data_length, data, 0 );
+ if( status != PSA_SUCCESS )
+ {
+ return( PSA_ERROR_STORAGE_FAILURE );
+ }
+
+ status = psa_its_get_info( data_identifier, &data_identifier_info );
+ if( status != PSA_SUCCESS )
+ {
+ goto exit;
+ }
+
+ if( data_identifier_info.size != data_length )
+ {
+ status = PSA_ERROR_STORAGE_FAILURE;
+ goto exit;
+ }
+
+exit:
+ if( status != PSA_SUCCESS )
+ psa_its_remove( data_identifier );
+ return( status );
+}
+
+psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key )
+{
+ psa_status_t ret;
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ struct psa_storage_info_t data_identifier_info;
+
+ ret = psa_its_get_info( data_identifier, &data_identifier_info );
+ if( ret == PSA_ERROR_DOES_NOT_EXIST )
+ return( PSA_SUCCESS );
+
+ if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
+ return( PSA_ERROR_STORAGE_FAILURE );
+
+ ret = psa_its_get_info( data_identifier, &data_identifier_info );
+ if( ret != PSA_ERROR_DOES_NOT_EXIST )
+ return( PSA_ERROR_STORAGE_FAILURE );
+
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_crypto_storage_get_data_length( const psa_key_file_id_t key,
+ size_t *data_length )
+{
+ psa_status_t status;
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ struct psa_storage_info_t data_identifier_info;
+
+ status = psa_its_get_info( data_identifier, &data_identifier_info );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ *data_length = (size_t) data_identifier_info.size;
+
+ return( PSA_SUCCESS );
+}
+
/*
* 32-bit integer manipulation macros (little endian)
*/
diff --git a/library/psa_crypto_storage_its.c b/library/psa_crypto_storage_its.c
deleted file mode 100644
index 8291f1fc3..000000000
--- a/library/psa_crypto_storage_its.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/*
- * PSA storage backend for persistent keys using psa_its APIs.
- */
-/* Copyright (C) 2018, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if defined(MBEDTLS_CONFIG_FILE)
-#include MBEDTLS_CONFIG_FILE
-#else
-#include "mbedtls/config.h"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
-
-#if defined(MBEDTLS_PSA_ITS_FILE_C)
-#include "psa_crypto_its.h"
-#else /* Native ITS implementation */
-#include "psa/error.h"
-#include "psa_crypto_service_integration.h"
-#include "psa/internal_trusted_storage.h"
-#endif
-
-#include "psa/crypto.h"
-#include "psa_crypto_storage_backend.h"
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#endif
-
-/* Determine a file name (ITS file identifier) for the given key file
- * identifier. The file name must be distinct from any file that is used
- * for a purpose other than storing a key. Currently, the only such file
- * is the random seed file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID
- * and whose value is 0xFFFFFF52. */
-static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t file_id )
-{
-#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) && \
- defined(PSA_CRYPTO_SECURE)
- /* Encode the owner in the upper 32 bits. This means that if
- * owner values are nonzero (as they are on a PSA platform),
- * no key file will ever have a value less than 0x100000000, so
- * the whole range 0..0xffffffff is available for non-key files. */
- uint32_t unsigned_owner = (uint32_t) file_id.owner;
- return( (uint64_t) unsigned_owner << 32 | file_id.key_id );
-#else
- /* Use the key id directly as a file name.
- * psa_is_key_file_id_valid() in psa_crypto_slot_management.c
- * is responsible for ensuring that key identifiers do not have a
- * value that is reserved for non-key files. */
- return( file_id );
-#endif
-}
-
-psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key, uint8_t *data,
- size_t data_size )
-{
- psa_status_t status;
- psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
- struct psa_storage_info_t data_identifier_info;
-
- status = psa_its_get_info( data_identifier, &data_identifier_info );
- if( status != PSA_SUCCESS )
- return( status );
-
- status = psa_its_get( data_identifier, 0, data_size, data );
-
- return( status );
-}
-
-int psa_is_key_present_in_storage( const psa_key_file_id_t key )
-{
- psa_status_t ret;
- psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
- struct psa_storage_info_t data_identifier_info;
-
- ret = psa_its_get_info( data_identifier, &data_identifier_info );
-
- if( ret == PSA_ERROR_DOES_NOT_EXIST )
- return( 0 );
- return( 1 );
-}
-
-psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key,
- const uint8_t *data,
- size_t data_length )
-{
- psa_status_t status;
- psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
- struct psa_storage_info_t data_identifier_info;
-
- if( psa_is_key_present_in_storage( key ) == 1 )
- return( PSA_ERROR_ALREADY_EXISTS );
-
- status = psa_its_set( data_identifier, data_length, data, 0 );
- if( status != PSA_SUCCESS )
- {
- return( PSA_ERROR_STORAGE_FAILURE );
- }
-
- status = psa_its_get_info( data_identifier, &data_identifier_info );
- if( status != PSA_SUCCESS )
- {
- goto exit;
- }
-
- if( data_identifier_info.size != data_length )
- {
- status = PSA_ERROR_STORAGE_FAILURE;
- goto exit;
- }
-
-exit:
- if( status != PSA_SUCCESS )
- psa_its_remove( data_identifier );
- return( status );
-}
-
-psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key )
-{
- psa_status_t ret;
- psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
- struct psa_storage_info_t data_identifier_info;
-
- ret = psa_its_get_info( data_identifier, &data_identifier_info );
- if( ret == PSA_ERROR_DOES_NOT_EXIST )
- return( PSA_SUCCESS );
-
- if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
- return( PSA_ERROR_STORAGE_FAILURE );
-
- ret = psa_its_get_info( data_identifier, &data_identifier_info );
- if( ret != PSA_ERROR_DOES_NOT_EXIST )
- return( PSA_ERROR_STORAGE_FAILURE );
-
- return( PSA_SUCCESS );
-}
-
-psa_status_t psa_crypto_storage_get_data_length( const psa_key_file_id_t key,
- size_t *data_length )
-{
- psa_status_t status;
- psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
- struct psa_storage_info_t data_identifier_info;
-
- status = psa_its_get_info( data_identifier, &data_identifier_info );
- if( status != PSA_SUCCESS )
- return( status );
-
- *data_length = (size_t) data_identifier_info.size;
-
- return( PSA_SUCCESS );
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C */
diff --git a/library/version_features.c b/library/version_features.c
index 6ad9988d7..61a662c1e 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -714,9 +714,6 @@ static const char *features[] = {
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
"MBEDTLS_PSA_CRYPTO_STORAGE_C",
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
- "MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C",
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C */
#if defined(MBEDTLS_PSA_ITS_FILE_C)
"MBEDTLS_PSA_ITS_FILE_C",
#endif /* MBEDTLS_PSA_ITS_FILE_C */
diff --git a/programs/test/query_config.c b/programs/test/query_config.c
index 7c1f8b4e8..3e847e5d9 100644
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@@ -1946,14 +1946,6 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
- if( strcmp( "MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C", config ) == 0 )
- {
- MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C );
- return( 0 );
- }
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C */
-
#if defined(MBEDTLS_PSA_ITS_FILE_C)
if( strcmp( "MBEDTLS_PSA_ITS_FILE_C", config ) == 0 )
{
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index 99f0f2768..41357eea4 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -302,7 +302,6 @@
-