diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 8aec292fe..45b1932dd 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2771,7 +2771,7 @@ /** * \def MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C * - * Enable persistent key storage over files for the + * Enable direct persistent key storage over files for the * Platform Security Architecture cryptography API. * * Module: library/psa_crypto_storage_file.c @@ -2789,7 +2789,8 @@ * * Module: library/psa_crypto_storage_its.c * - * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_HAS_ITS_IO + * Requires: MBEDTLS_PSA_CRYPTO_C, + * either MBEDTLS_PSA_HAS_ITS_IO or MBEDTLS_PSA_ITS_FILE_C * */ //#define MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C diff --git a/library/psa_crypto_storage_its.c b/library/psa_crypto_storage_its.c index 447c0aebb..8291f1fc3 100644 --- a/library/psa_crypto_storage_its.c +++ b/library/psa_crypto_storage_its.c @@ -27,11 +27,16 @@ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) +#if defined(MBEDTLS_PSA_ITS_FILE_C) +#include "psa_crypto_its.h" +#else /* Native ITS implementation */ #include "psa/error.h" #include "psa_crypto_service_integration.h" +#include "psa/internal_trusted_storage.h" +#endif + #include "psa/crypto.h" #include "psa_crypto_storage_backend.h" -#include "psa/internal_trusted_storage.h" #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data index 613968dd5..f97a5e063 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.data +++ b/tests/suites/test_suite_psa_crypto_persistent_key.data @@ -18,7 +18,7 @@ parse_storage_data_check:"505341004b4559":"":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_KEY_US # Not specific to files, but only run this test in an environment where the maximum size could be reached. Save maximum size persistent raw key -depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C +depends_on:MBEDTLS_PSA_ITS_FILE_C save_large_persistent_key:0:PSA_SUCCESS Save larger than maximum size persistent raw key, should fail