Crypto: Clean up psa_key_attributes_t structure definition
Define the type psa_key_attributes_t in the same way as Mbed TLS, as a
struct psa_key_attributes_s which has different definitions on the
client and server sides. This avoids needing to patch upstream
headers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Change-Id: I240349c725facca6e353e309cccfabda289adb46
diff --git a/interface/include/psa/crypto.h b/interface/include/psa/crypto.h
index bb9d0ca..8fb8c43 100644
--- a/interface/include/psa/crypto.h
+++ b/interface/include/psa/crypto.h
@@ -4021,12 +4021,6 @@
* macros whose definitions are implementation-specific. */
#include "psa/crypto_sizes.h"
-/* The file "crypto_client_struct.h" contains definitions for structures
- * whose definitions differ in the client view and the PSA server
- * implementation in TF-M. */
-#include "psa/crypto_client_struct.h"
-
-
/* The file "crypto_struct.h" contains definitions for
* implementation-specific structs that are declared above. */
#include "psa/crypto_struct.h"
diff --git a/interface/include/psa/crypto_struct.h b/interface/include/psa/crypto_struct.h
index f050780..3616f07 100644
--- a/interface/include/psa/crypto_struct.h
+++ b/interface/include/psa/crypto_struct.h
@@ -117,24 +117,33 @@
* conditionals. */
#define PSA_MAX_KEY_BITS 0xfff8
-#define PSA_KEY_ATTRIBUTES_INIT PSA_CLIENT_KEY_ATTRIBUTES_INIT
+/* On the client side, only some key attributes are visible.
+ * The server has a different definition of psa_key_attributes_s which
+ * maintains more attributes.
+ */
+#include "psa/crypto_client_struct.h"
+struct psa_key_attributes_s {
+ struct psa_client_key_attributes_s client;
+};
-static inline struct psa_client_key_attributes_s psa_key_attributes_init(void)
+#define PSA_KEY_ATTRIBUTES_INIT {PSA_CLIENT_KEY_ATTRIBUTES_INIT}
+
+static inline struct psa_key_attributes_s psa_key_attributes_init(void)
{
- const struct psa_client_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
+ const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
return v;
}
static inline void psa_set_key_id(psa_key_attributes_t *attributes,
psa_key_id_t key)
{
- psa_key_lifetime_t lifetime = attributes->lifetime;
+ psa_key_lifetime_t lifetime = attributes->client.lifetime;
- attributes->id = key;
+ attributes->client.id = key;
if( PSA_KEY_LIFETIME_IS_VOLATILE(lifetime))
{
- attributes->lifetime =
+ attributes->client.lifetime =
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_LIFETIME_PERSISTENT,
PSA_KEY_LIFETIME_GET_LOCATION(lifetime));
@@ -144,23 +153,23 @@
static inline psa_key_id_t psa_get_key_id(
const psa_key_attributes_t *attributes)
{
- return attributes->id;
+ return attributes->client.id;
}
static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
psa_key_lifetime_t lifetime)
{
- attributes->lifetime = lifetime;
+ attributes->client.lifetime = lifetime;
if(PSA_KEY_LIFETIME_IS_VOLATILE(lifetime))
{
- attributes->id = 0;
+ attributes->client.id = 0;
}
}
static inline psa_key_lifetime_t psa_get_key_lifetime(
const psa_key_attributes_t *attributes)
{
- return attributes->lifetime;
+ return attributes->client.lifetime;
}
static inline void psa_extend_key_usage_flags(psa_key_usage_t *usage_flags)
@@ -176,52 +185,52 @@
psa_key_usage_t usage_flags)
{
psa_extend_key_usage_flags(&usage_flags);
- attributes->usage = usage_flags;
+ attributes->client.usage = usage_flags;
}
static inline psa_key_usage_t psa_get_key_usage_flags(
const psa_key_attributes_t *attributes)
{
- return attributes->usage;
+ return attributes->client.usage;
}
static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
psa_algorithm_t alg)
{
- attributes->alg = alg;
+ attributes->client.alg = alg;
}
static inline psa_algorithm_t psa_get_key_algorithm(
const psa_key_attributes_t *attributes)
{
- return attributes->alg;
+ return attributes->client.alg;
}
static inline void psa_set_key_type(psa_key_attributes_t *attributes,
psa_key_type_t type)
{
- attributes->type = type;
+ attributes->client.type = type;
}
static inline psa_key_type_t psa_get_key_type(
const psa_key_attributes_t *attributes)
{
- return attributes->type;
+ return attributes->client.type;
}
static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
size_t bits)
{
if (bits > PSA_MAX_KEY_BITS)
- attributes->bits = PSA_KEY_BITS_TOO_LARGE;
+ attributes->client.bits = PSA_KEY_BITS_TOO_LARGE;
else
- attributes->bits = bits;
+ attributes->client.bits = bits;
}
static inline size_t psa_get_key_bits(
const psa_key_attributes_t *attributes)
{
- return attributes->bits;
+ return attributes->client.bits;
}
#ifdef __cplusplus
diff --git a/interface/include/psa/crypto_types.h b/interface/include/psa/crypto_types.h
index 6894984..3337fb4 100644
--- a/interface/include/psa/crypto_types.h
+++ b/interface/include/psa/crypto_types.h
@@ -384,7 +384,7 @@
*
* Once a key has been created, it is impossible to change its attributes.
*/
-typedef struct psa_client_key_attributes_s psa_key_attributes_t;
+typedef struct psa_key_attributes_s psa_key_attributes_t;
/**@}*/
diff --git a/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c b/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
index 3fd70f3..8046a3d4 100644
--- a/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
+++ b/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
@@ -54,7 +54,7 @@
return PSA_ATTEST_ERR_GENERAL;
}
- attestation_key_curve = PSA_KEY_TYPE_ECC_GET_FAMILY(attr.type);
+ attestation_key_curve = PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(&attr));
crypto_res = psa_export_public_key(handle, attestation_public_key,
sizeof(attestation_public_key),