From 6bf4baef953eac07516a5dc44f96846561e26438 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sun, 24 Feb 2019 17:47:27 +0100
Subject: [PATCH] Remove compilation option MBEDTLS_PSA_HAS_ITS_IO

MBEDTLS_PSA_HAS_ITS_IO is not really useful since it doesn't actually
enable anything except the entropy seed file support, which only
requires the ITS interface and not a native implemetation. Remove it.
---
 configs/config-psa-crypto.h                   | 22 +------------------
 include/mbedtls/config.h                      | 20 -----------------
 include/psa/crypto_extra.h                    |  2 +-
 library/psa_crypto.c                          |  8 ++-----
 library/version_features.c                    |  6 -----
 programs/test/query_config.c                  | 16 --------------
 scripts/config.pl                             |  2 --
 .../test_suite_psa_crypto_entropy.function    |  2 +-
 8 files changed, 5 insertions(+), 73 deletions(-)

diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h
index 0b57d1c7f..7f7c0cf04 100644
--- a/configs/config-psa-crypto.h
+++ b/configs/config-psa-crypto.h
@@ -1146,16 +1146,6 @@
  */
 //#define MBEDTLS_ENTROPY_NV_SEED
 
-/**
- * \def MBEDTLS_PSA_HAS_ITS_IO
- *
- * Enable the non-volatile secure storage usage.
- *
- * This is crucial on systems that do not have a HW TRNG support.
- *
- */
-//#define MBEDTLS_PSA_HAS_ITS_IO
-
 /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
  *
  * In PSA key storage, encode the owner of the key.
@@ -1241,16 +1231,6 @@
  */
 //#define MBEDTLS_PSA_CRYPTO_SPM
 
-/**
- * \def MBEDTLS_PSA_HAS_ITS_IO
- *
- * Enable the non-volatile secure storage usage.
- *
- * This is crucial on systems that do not have a HW TRNG support.
- *
- */
-//#define MBEDTLS_PSA_HAS_ITS_IO
-
 /**
  * \def MBEDTLS_RSA_NO_CRT
  *
@@ -2735,7 +2715,7 @@
  *
  * Requires: MBEDTLS_FS_IO
  */
-#define MBEDTLS_PSA_ITS_FILE_C
+//#define MBEDTLS_PSA_ITS_FILE_C
 
 /**
  * \def MBEDTLS_RIPEMD160_C
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index f27b50e5a..a358a20c4 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1166,16 +1166,6 @@
  */
 //#define MBEDTLS_ENTROPY_NV_SEED
 
-/**
- * \def MBEDTLS_PSA_HAS_ITS_IO
- *
- * Enable the non-volatile secure storage usage.
- *
- * This is crucial on systems that do not have a HW TRNG support.
- *
- */
-//#define MBEDTLS_PSA_HAS_ITS_IO
-
 /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
  *
  * In PSA key storage, encode the owner of the key.
@@ -1261,16 +1251,6 @@
  */
 //#define MBEDTLS_PSA_CRYPTO_SPM
 
-/**
- * \def MBEDTLS_PSA_HAS_ITS_IO
- *
- * Enable the non-volatile secure storage usage.
- *
- * This is crucial on systems that do not have a HW TRNG support.
- *
- */
-//#define MBEDTLS_PSA_HAS_ITS_IO
-
 /**
  * \def MBEDTLS_RSA_NO_CRT
  *
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 5dd47899e..545dd4bcd 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -115,7 +115,7 @@ void mbedtls_psa_crypto_free( void );
  *
  * \note This function is only available on the following platforms:
  * * If the compile-time options MBEDTLS_ENTROPY_NV_SEED and
- *   MBEDTLS_PSA_HAS_ITS_IO are both enabled. Note that you
+ *   MBEDTLS_PSA_CRYPTO_STORAGE_C are both enabled. Note that you
  *   must provide compatible implementations of mbedtls_nv_seed_read
  *   and mbedtls_nv_seed_write.
  * * In a client-server integration of PSA Cryptography, on the client side,
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index cd1499a38..1b554b5b0 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -78,10 +78,6 @@
 #include "mbedtls/sha512.h"
 #include "mbedtls/xtea.h"
 
-#if ( defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_PSA_HAS_ITS_IO) )
-#include "psa/internal_trusted_storage.h"
-#endif
-
 #define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
 
 /* constant-time buffer comparison */
@@ -4423,8 +4419,8 @@ psa_status_t psa_generate_random( uint8_t *output,
     return( mbedtls_to_psa_error( ret ) );
 }
 
-#if ( defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_PSA_HAS_ITS_IO) )
-
+#if defined(MBEDTLS_ENTROPY_NV_SEED) && \
+    defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
 psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
                                          size_t seed_size )
 {
diff --git a/library/version_features.c b/library/version_features.c
index 61a662c1e..92b1af10b 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -411,9 +411,6 @@ static const char *features[] = {
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
     "MBEDTLS_ENTROPY_NV_SEED",
 #endif /* MBEDTLS_ENTROPY_NV_SEED */
-#if defined(MBEDTLS_PSA_HAS_ITS_IO)
-    "MBEDTLS_PSA_HAS_ITS_IO",
-#endif /* MBEDTLS_PSA_HAS_ITS_IO */
 #if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
     "MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER",
 #endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
@@ -435,9 +432,6 @@ static const char *features[] = {
 #if defined(MBEDTLS_PSA_CRYPTO_SPM)
     "MBEDTLS_PSA_CRYPTO_SPM",
 #endif /* MBEDTLS_PSA_CRYPTO_SPM */
-#if defined(MBEDTLS_PSA_HAS_ITS_IO)
-    "MBEDTLS_PSA_HAS_ITS_IO",
-#endif /* MBEDTLS_PSA_HAS_ITS_IO */
 #if defined(MBEDTLS_RSA_NO_CRT)
     "MBEDTLS_RSA_NO_CRT",
 #endif /* MBEDTLS_RSA_NO_CRT */
diff --git a/programs/test/query_config.c b/programs/test/query_config.c
index 3e847e5d9..52db0b2fc 100644
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@@ -1138,14 +1138,6 @@ int query_config( const char *config )
     }
 #endif /* MBEDTLS_ENTROPY_NV_SEED */
 
-#if defined(MBEDTLS_PSA_HAS_ITS_IO)
-    if( strcmp( "MBEDTLS_PSA_HAS_ITS_IO", config ) == 0 )
-    {
-        MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_HAS_ITS_IO );
-        return( 0 );
-    }
-#endif /* MBEDTLS_PSA_HAS_ITS_IO */
-
 #if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
     if( strcmp( "MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER", config ) == 0 )
     {
@@ -1202,14 +1194,6 @@ int query_config( const char *config )
     }
 #endif /* MBEDTLS_PSA_CRYPTO_SPM */
 
-#if defined(MBEDTLS_PSA_HAS_ITS_IO)
-    if( strcmp( "MBEDTLS_PSA_HAS_ITS_IO", config ) == 0 )
-    {
-        MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_HAS_ITS_IO );
-        return( 0 );
-    }
-#endif /* MBEDTLS_PSA_HAS_ITS_IO */
-
 #if defined(MBEDTLS_RSA_NO_CRT)
     if( strcmp( "MBEDTLS_RSA_NO_CRT", config ) == 0 )
     {
diff --git a/scripts/config.pl b/scripts/config.pl
index 5542b2d15..fc71f655d 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -101,7 +101,6 @@ MBEDTLS_PKCS11_C
 MBEDTLS_NO_UDBL_DIVISION
 MBEDTLS_NO_64BIT_MULTIPLICATION
 MBEDTLS_PSA_CRYPTO_SPM
-MBEDTLS_PSA_HAS_ITS_IO
 MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
 MBEDTLS_USE_PSA_CRYPTO
 _ALT\s*$
@@ -125,7 +124,6 @@ MBEDTLS_PLATFORM_TIME_ALT
 MBEDTLS_PLATFORM_FPRINTF_ALT
 MBEDTLS_PSA_CRYPTO_STORAGE_C
 MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
-MBEDTLS_PSA_HAS_ITS_IO
 MBEDTLS_PSA_ITS_FILE_C
 );
 
diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function
index a14657e9f..76a7b5870 100644
--- a/tests/suites/test_suite_psa_crypto_entropy.function
+++ b/tests/suites/test_suite_psa_crypto_entropy.function
@@ -12,7 +12,7 @@
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PSA_HAS_ITS_IO:MBEDTLS_PSA_CRYPTO_C
+ * depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PSA_CRYPTO_STORAGE_C
  * END_DEPENDENCIES
  */