TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 7fad3ef3b5577e9b36ac9a25c9ad0e1ad9b97a63^! / . / include
commit7fad3ef3b5577e9b36ac9a25c9ad0e1ad9b97a63[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Wed Feb 28 01:08:27 2024 +0100
committerGilles Peskine <Gilles.Peskine@arm.com>Wed Feb 28 01:30:24 2024 +0100
tree9554174eb69473ab5ab29203449236dfc622920f
parent0f40a41cea69cf781f44ca29e8df0d76bc4010da [diff]
Switch key slots to psa_key_attributes_t

Switch `psa_key_slot_t` to the full `psa_key_attributes_t`, now that this
structure only has psa_core_key_attributes_t`.

To minimize the diff without breaking the build much, temporarily make
`psa_key_attributes_t` contain either the `core` field or all the fields.
This allows both things like `slot->attr.core.type` and `slot->attr.type`
to exist. The build breaks with compilers that don't support anonymous
unions and structs, which are only standard C since C11.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index a0218e3..e4d85be 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h

@@ -312,6 +312,34 @@
     mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
 } psa_core_key_attributes_t;
 
+struct psa_key_attributes_s {
+    union {
+        psa_core_key_attributes_t MBEDTLS_PRIVATE(core);
+        struct {
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+    psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+    psa_key_type_t MBEDTLS_PRIVATE(type);
+    psa_key_bits_t MBEDTLS_PRIVATE(bits);
+    psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime);
+    psa_key_policy_t MBEDTLS_PRIVATE(policy);
+    psa_key_attributes_flag_t MBEDTLS_PRIVATE(flags);
+    /* This type has a different layout in the client view wrt the
+     * service view of the key id, i.e. in service view usually is
+     * expected to have MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined
+     * thus adding an owner field to the standard psa_key_id_t. For
+     * implementations with client/service separation, this means the
+     * object will be marshalled through a transport channel and
+     * interpreted differently at each side of the transport. Placing
+     * it at the end of structures allows to interpret the structure
+     * at the client without reorganizing the memory layout of the
+     * struct
+     */
+    mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
+        };
+    };
+};
+
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
 #define PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER 0,
 #else
@@ -323,11 +351,7 @@
                                        PSA_KEY_POLICY_INIT, 0,          \
                                        MBEDTLS_SVC_KEY_ID_INIT }
 
-struct psa_key_attributes_s {
-    psa_core_key_attributes_t MBEDTLS_PRIVATE(core);
-};
-
-#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT }
+#define PSA_KEY_ATTRIBUTES_INIT { { PSA_CORE_KEY_ATTRIBUTES_INIT } }
 
 static inline struct psa_key_attributes_s psa_key_attributes_init(void)
 {