Crypto: Align PSA headers entirely to Mbed TLS 3.6.0
This also simplifies the client attributes translation between
client view and service view and reorganized how the Mbed TLS
config files are handled between NS/S (client/service) sides.
At the same time, perform a CMake targets refactoring to allow
exporting a client side view of the config files.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I9a715f9ef40fc223992575ecbac5cf23d162a326
diff --git a/interface/include/psa/crypto_struct.h b/interface/include/psa/crypto_struct.h
index 88b6b53..3913551 100644
--- a/interface/include/psa/crypto_struct.h
+++ b/interface/include/psa/crypto_struct.h
@@ -1,13 +1,7 @@
-/*
- * Copyright (c) 2018-2022, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
/**
* \file psa/crypto_struct.h
*
- * \brief PSA cryptography module: structured type implementations
+ * \brief PSA cryptography module: Mbed TLS structured type implementations
*
* \note This file may not be included directly. Applications must
* include psa/crypto.h.
@@ -18,92 +12,247 @@
* In implementations with isolation between the application and the
* cryptography module, it is expected that the front-end and the back-end
* would have different versions of this file.
+ *
+ * <h3>Design notes about multipart operation structures</h3>
+ *
+ * For multipart operations without driver delegation support, each multipart
+ * operation structure contains a `psa_algorithm_t alg` field which indicates
+ * which specific algorithm the structure is for. When the structure is not in
+ * use, `alg` is 0. Most of the structure consists of a union which is
+ * discriminated by `alg`.
+ *
+ * For multipart operations with driver delegation support, each multipart
+ * operation structure contains an `unsigned int id` field indicating which
+ * driver got assigned to do the operation. When the structure is not in use,
+ * 'id' is 0. The structure contains also a driver context which is the union
+ * of the contexts of all drivers able to handle the type of multipart
+ * operation.
+ *
+ * Note that when `alg` or `id` is 0, the content of other fields is undefined.
+ * In particular, it is not guaranteed that a freshly-initialized structure
+ * is all-zero: we initialize structures to something like `{0, 0}`, which
+ * is only guaranteed to initializes the first member of the union;
+ * GCC and Clang initialize the whole structure to 0 (at the time of writing),
+ * but MSVC and CompCert don't.
+ *
+ * In Mbed TLS, multipart operation structures live independently from
+ * the key. This allows Mbed TLS to free the key objects when destroying
+ * a key slot. If a multipart operation needs to remember the key after
+ * the setup function returns, the operation structure needs to contain a
+ * copy of the key.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_STRUCT_H
#define PSA_CRYPTO_STRUCT_H
+#include "mbedtls/private_access.h"
#ifdef __cplusplus
extern "C" {
#endif
/*
- * Note that the below structures are different from the decalrations in
- * mbed-crypto. This is because TF-M maintains 'front-end' and 'back-end'
- * versions of this header. In the front-end version, exported to NS
- * clients in interface/include/psa, a crypto operation is defined as an
- * opaque handle to a context in the Crypto service. The back-end
- * version, directly included from the mbed-crypto repo by the Crypto
- * service, contains the full definition of the operation structs.
- *
- * One of the functions of the Crypto service is to allocate the back-end
- * operation contexts in its own partition memory (in crypto_alloc.c),
- * and then do the mapping between front-end operation handles passed by
- * NS clients and the corresponding back-end operation contexts. The
- * advantage of doing it this way is that internal mbed-crypto state is never
- * exposed to the NS client.
+ * Include the build-time configuration information header. Here, we do not
+ * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
+ * is basically just an alias to it. This is to ease the maintenance of the
+ * TF-PSA-Crypto repository which has a different build system and
+ * configuration.
*/
+#include "psa/build_info.h"
-struct psa_hash_operation_s
-{
- uint32_t handle;
+/* Include the context definition for the compiled-in drivers for the primitive
+ * algorithms. */
+#include "psa/crypto_driver_contexts_primitives.h"
+
+struct psa_hash_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+ mbedtls_psa_client_handle_t handle;
+#else
+ /** Unique ID indicating which driver got assigned to do the
+ * operation. Since driver contexts are driver-specific, swapping
+ * drivers halfway through the operation is not supported.
+ * ID values are auto-generated in psa_driver_wrappers.h.
+ * ID value zero means the context is not valid or not assigned to
+ * any driver (i.e. the driver context is not active, in use). */
+ unsigned int MBEDTLS_PRIVATE(id);
+ psa_driver_hash_context_t MBEDTLS_PRIVATE(ctx);
+#endif
};
-
-#define PSA_HASH_OPERATION_INIT {0}
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_HASH_OPERATION_INIT { 0 }
+#else
+#define PSA_HASH_OPERATION_INIT { 0, { 0 } }
+#endif
static inline struct psa_hash_operation_s psa_hash_operation_init(void)
{
const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
return v;
}
-struct psa_mac_operation_s
-{
- uint32_t handle;
+struct psa_cipher_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+ mbedtls_psa_client_handle_t handle;
+#else
+ /** Unique ID indicating which driver got assigned to do the
+ * operation. Since driver contexts are driver-specific, swapping
+ * drivers halfway through the operation is not supported.
+ * ID values are auto-generated in psa_crypto_driver_wrappers.h
+ * ID value zero means the context is not valid or not assigned to
+ * any driver (i.e. none of the driver contexts are active). */
+ unsigned int MBEDTLS_PRIVATE(id);
+
+ unsigned int MBEDTLS_PRIVATE(iv_required) : 1;
+ unsigned int MBEDTLS_PRIVATE(iv_set) : 1;
+
+ uint8_t MBEDTLS_PRIVATE(default_iv_length);
+
+ psa_driver_cipher_context_t MBEDTLS_PRIVATE(ctx);
+#endif
};
-#define PSA_MAC_OPERATION_INIT {0}
-static inline struct psa_mac_operation_s psa_mac_operation_init(void)
-{
- const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
- return v;
-}
-
-struct psa_cipher_operation_s
-{
- uint32_t handle;
-};
-
-#define PSA_CIPHER_OPERATION_INIT {0}
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_CIPHER_OPERATION_INIT { 0 }
+#else
+#define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } }
+#endif
static inline struct psa_cipher_operation_s psa_cipher_operation_init(void)
{
const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
return v;
}
-struct psa_aead_operation_s
-{
- uint32_t handle;
+/* Include the context definition for the compiled-in drivers for the composite
+ * algorithms. */
+#include "psa/crypto_driver_contexts_composites.h"
+
+struct psa_mac_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+ mbedtls_psa_client_handle_t handle;
+#else
+ /** Unique ID indicating which driver got assigned to do the
+ * operation. Since driver contexts are driver-specific, swapping
+ * drivers halfway through the operation is not supported.
+ * ID values are auto-generated in psa_driver_wrappers.h
+ * ID value zero means the context is not valid or not assigned to
+ * any driver (i.e. none of the driver contexts are active). */
+ unsigned int MBEDTLS_PRIVATE(id);
+ uint8_t MBEDTLS_PRIVATE(mac_size);
+ unsigned int MBEDTLS_PRIVATE(is_sign) : 1;
+ psa_driver_mac_context_t MBEDTLS_PRIVATE(ctx);
+#endif
};
-#define PSA_AEAD_OPERATION_INIT {0}
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_MAC_OPERATION_INIT { 0 }
+#else
+#define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } }
+#endif
+static inline struct psa_mac_operation_s psa_mac_operation_init(void)
+{
+ const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
+ return v;
+}
+
+struct psa_aead_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+ mbedtls_psa_client_handle_t handle;
+#else
+ /** Unique ID indicating which driver got assigned to do the
+ * operation. Since driver contexts are driver-specific, swapping
+ * drivers halfway through the operation is not supported.
+ * ID values are auto-generated in psa_crypto_driver_wrappers.h
+ * ID value zero means the context is not valid or not assigned to
+ * any driver (i.e. none of the driver contexts are active). */
+ unsigned int MBEDTLS_PRIVATE(id);
+
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ psa_key_type_t MBEDTLS_PRIVATE(key_type);
+
+ size_t MBEDTLS_PRIVATE(ad_remaining);
+ size_t MBEDTLS_PRIVATE(body_remaining);
+
+ unsigned int MBEDTLS_PRIVATE(nonce_set) : 1;
+ unsigned int MBEDTLS_PRIVATE(lengths_set) : 1;
+ unsigned int MBEDTLS_PRIVATE(ad_started) : 1;
+ unsigned int MBEDTLS_PRIVATE(body_started) : 1;
+ unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1;
+
+ psa_driver_aead_context_t MBEDTLS_PRIVATE(ctx);
+#endif
+};
+
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_AEAD_OPERATION_INIT { 0 }
+#else
+#define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { 0 } }
+#endif
static inline struct psa_aead_operation_s psa_aead_operation_init(void)
{
const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
return v;
}
-struct psa_key_derivation_s
-{
- uint32_t handle;
+/* Include the context definition for the compiled-in drivers for the key
+ * derivation algorithms. */
+#include "psa/crypto_driver_contexts_key_derivation.h"
+
+struct psa_key_derivation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+ mbedtls_psa_client_handle_t handle;
+#else
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ unsigned int MBEDTLS_PRIVATE(can_output_key) : 1;
+ size_t MBEDTLS_PRIVATE(capacity);
+ psa_driver_key_derivation_context_t MBEDTLS_PRIVATE(ctx);
+#endif
};
-#define PSA_KEY_DERIVATION_OPERATION_INIT {0}
-static inline struct psa_key_derivation_s psa_key_derivation_operation_init(void)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_KEY_DERIVATION_OPERATION_INIT { 0 }
+#else
+/* This only zeroes out the first byte in the union, the rest is unspecified. */
+#define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, { 0 } }
+#endif
+static inline struct psa_key_derivation_s psa_key_derivation_operation_init(
+ void)
{
const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;
return v;
}
+struct psa_key_production_parameters_s {
+ /* Future versions may add other fields in this structure. */
+ uint32_t flags;
+ uint8_t data[];
+};
+
+/** The default production parameters for key generation or key derivation.
+ *
+ * Calling psa_generate_key_ext() or psa_key_derivation_output_key_ext()
+ * with `params=PSA_KEY_PRODUCTION_PARAMETERS_INIT` and
+ * `params_data_length == 0` is equivalent to
+ * calling psa_generate_key() or psa_key_derivation_output_key()
+ * respectively.
+ */
+#define PSA_KEY_PRODUCTION_PARAMETERS_INIT { 0 }
+
+struct psa_key_policy_s {
+ psa_key_usage_t MBEDTLS_PRIVATE(usage);
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ psa_algorithm_t MBEDTLS_PRIVATE(alg2);
+};
+typedef struct psa_key_policy_s psa_key_policy_t;
+
+#define PSA_KEY_POLICY_INIT { 0, 0, 0 }
+static inline struct psa_key_policy_s psa_key_policy_init(void)
+{
+ const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT;
+ return v;
+}
+
/* The type used internally for key sizes.
* Public interfaces use size_t, but internally we use a smaller type. */
typedef uint16_t psa_key_bits_t;
@@ -117,16 +266,39 @@
* conditionals. */
#define PSA_MAX_KEY_BITS 0xfff8
-/* On the client side, only some key attributes are visible.
- * The server has a different definition of psa_key_attributes_s which
- * maintains more attributes.
- */
-#include "crypto_client_struct.h"
struct psa_key_attributes_s {
- struct psa_client_key_attributes_s client;
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
+ int MBEDTLS_PRIVATE(has_slot_number);
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ psa_key_type_t MBEDTLS_PRIVATE(type);
+ psa_key_bits_t MBEDTLS_PRIVATE(bits);
+ psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime);
+ psa_key_policy_t MBEDTLS_PRIVATE(policy);
+ /* This type has a different layout in the client view wrt the
+ * service view of the key id, i.e. in service view usually is
+ * expected to have MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined
+ * thus adding an owner field to the standard psa_key_id_t. For
+ * implementations with client/service separation, this means the
+ * object will be marshalled through a transport channel and
+ * interpreted differently at each side of the transport. Placing
+ * it at the end of structures allows to interpret the structure
+ * at the client without reorganizing the memory layout of the
+ * struct
+ */
+ mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
};
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CLIENT_KEY_ATTRIBUTES_INIT}
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+#define PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER 0, 0,
+#else
+#define PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER
+#endif
+#define PSA_KEY_ATTRIBUTES_INIT { PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER \
+ PSA_KEY_TYPE_NONE, 0, \
+ PSA_KEY_LIFETIME_VOLATILE, \
+ PSA_KEY_POLICY_INIT, \
+ MBEDTLS_SVC_KEY_ID_INIT }
static inline struct psa_key_attributes_s psa_key_attributes_init(void)
{
@@ -137,13 +309,12 @@
static inline void psa_set_key_id(psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t key)
{
- psa_key_lifetime_t lifetime = attributes->client.lifetime;
+ psa_key_lifetime_t lifetime = attributes->MBEDTLS_PRIVATE(lifetime);
- attributes->client.id = (psa_key_id_t)key;
+ attributes->MBEDTLS_PRIVATE(id) = key;
- if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime))
- {
- attributes->client.lifetime =
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
+ attributes->MBEDTLS_PRIVATE(lifetime) =
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_LIFETIME_PERSISTENT,
PSA_KEY_LIFETIME_GET_LOCATION(lifetime));
@@ -153,23 +324,34 @@
static inline mbedtls_svc_key_id_t psa_get_key_id(
const psa_key_attributes_t *attributes)
{
- return (mbedtls_svc_key_id_t)attributes->client.id;
+ return attributes->MBEDTLS_PRIVATE(id);
}
+#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+static inline void mbedtls_set_key_owner_id(psa_key_attributes_t *attributes,
+ mbedtls_key_owner_id_t owner)
+{
+ attributes->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner;
+}
+#endif
+
static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
psa_key_lifetime_t lifetime)
{
- attributes->client.lifetime = lifetime;
- if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime))
- {
- attributes->client.id = 0;
+ attributes->MBEDTLS_PRIVATE(lifetime) = lifetime;
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
+#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ attributes->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = 0;
+#else
+ attributes->MBEDTLS_PRIVATE(id) = 0;
+#endif
}
}
static inline psa_key_lifetime_t psa_get_key_lifetime(
const psa_key_attributes_t *attributes)
{
- return attributes->client.lifetime;
+ return attributes->MBEDTLS_PRIVATE(lifetime);
}
static inline void psa_extend_key_usage_flags(psa_key_usage_t *usage_flags)
@@ -187,53 +369,129 @@
psa_key_usage_t usage_flags)
{
psa_extend_key_usage_flags(&usage_flags);
- attributes->client.usage = usage_flags;
+ attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags;
}
static inline psa_key_usage_t psa_get_key_usage_flags(
const psa_key_attributes_t *attributes)
{
- return attributes->client.usage;
+ return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage);
}
static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
psa_algorithm_t alg)
{
- attributes->client.alg = alg;
+ attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg;
}
static inline psa_algorithm_t psa_get_key_algorithm(
const psa_key_attributes_t *attributes)
{
- return attributes->client.alg;
+ return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg);
}
static inline void psa_set_key_type(psa_key_attributes_t *attributes,
psa_key_type_t type)
{
- attributes->client.type = type;
+ attributes->MBEDTLS_PRIVATE(type) = type;
}
static inline psa_key_type_t psa_get_key_type(
const psa_key_attributes_t *attributes)
{
- return attributes->client.type;
+ return attributes->MBEDTLS_PRIVATE(type);
}
static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
size_t bits)
{
if (bits > PSA_MAX_KEY_BITS) {
- attributes->client.bits = PSA_KEY_BITS_TOO_LARGE;
+ attributes->MBEDTLS_PRIVATE(bits) = PSA_KEY_BITS_TOO_LARGE;
} else {
- attributes->client.bits = bits;
+ attributes->MBEDTLS_PRIVATE(bits) = (psa_key_bits_t) bits;
}
}
static inline size_t psa_get_key_bits(
const psa_key_attributes_t *attributes)
{
- return attributes->client.bits;
+ return attributes->MBEDTLS_PRIVATE(bits);
+}
+
+/**
+ * \brief The context for PSA interruptible hash signing.
+ */
+struct psa_sign_hash_interruptible_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+ mbedtls_psa_client_handle_t handle;
+#else
+ /** Unique ID indicating which driver got assigned to do the
+ * operation. Since driver contexts are driver-specific, swapping
+ * drivers halfway through the operation is not supported.
+ * ID values are auto-generated in psa_crypto_driver_wrappers.h
+ * ID value zero means the context is not valid or not assigned to
+ * any driver (i.e. none of the driver contexts are active). */
+ unsigned int MBEDTLS_PRIVATE(id);
+
+ psa_driver_sign_hash_interruptible_context_t MBEDTLS_PRIVATE(ctx);
+
+ unsigned int MBEDTLS_PRIVATE(error_occurred) : 1;
+
+ uint32_t MBEDTLS_PRIVATE(num_ops);
+#endif
+};
+
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 }
+#else
+#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0, 0 }
+#endif
+
+static inline struct psa_sign_hash_interruptible_operation_s
+psa_sign_hash_interruptible_operation_init(void)
+{
+ const struct psa_sign_hash_interruptible_operation_s v =
+ PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT;
+
+ return v;
+}
+
+/**
+ * \brief The context for PSA interruptible hash verification.
+ */
+struct psa_verify_hash_interruptible_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+ mbedtls_psa_client_handle_t handle;
+#else
+ /** Unique ID indicating which driver got assigned to do the
+ * operation. Since driver contexts are driver-specific, swapping
+ * drivers halfway through the operation is not supported.
+ * ID values are auto-generated in psa_crypto_driver_wrappers.h
+ * ID value zero means the context is not valid or not assigned to
+ * any driver (i.e. none of the driver contexts are active). */
+ unsigned int MBEDTLS_PRIVATE(id);
+
+ psa_driver_verify_hash_interruptible_context_t MBEDTLS_PRIVATE(ctx);
+
+ unsigned int MBEDTLS_PRIVATE(error_occurred) : 1;
+
+ uint32_t MBEDTLS_PRIVATE(num_ops);
+#endif
+};
+
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 }
+#else
+#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0, 0 }
+#endif
+
+static inline struct psa_verify_hash_interruptible_operation_s
+psa_verify_hash_interruptible_operation_init(void)
+{
+ const struct psa_verify_hash_interruptible_operation_s v =
+ PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT;
+
+ return v;
}
#ifdef __cplusplus