diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index b2d4633de5..6dfaa13001 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -89,7 +89,7 @@ static inline void psa_set_key_enrollment_algorithm( psa_key_attributes_t *attributes, psa_algorithm_t alg2) { - attributes->policy.alg2 = alg2; + attributes->core.policy.alg2 = alg2; } /** Retrieve the enrollment algorithm policy from key attributes. @@ -101,7 +101,7 @@ static inline void psa_set_key_enrollment_algorithm( static inline psa_algorithm_t psa_get_key_enrollment_algorithm( const psa_key_attributes_t *attributes) { - return( attributes->policy.alg2 ); + return( attributes->core.policy.alg2 ); } /**@}*/ diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 0ddc7a3ebe..fea59df379 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -309,18 +309,25 @@ static inline struct psa_key_policy_s psa_key_policy_init( void ) return( v ); } +typedef struct +{ + psa_key_type_t type; + psa_key_lifetime_t lifetime; + psa_key_id_t id; + psa_key_policy_t policy; + size_t bits; +} psa_core_key_attributes_t; + +#define PSA_CORE_KEY_ATTRIBUTES_INIT {0, 0, 0, {0, 0, 0}, 0} + struct psa_key_attributes_s { - psa_key_id_t id; - psa_key_lifetime_t lifetime; - psa_key_policy_t policy; - psa_key_type_t type; - size_t bits; + psa_core_key_attributes_t core; void *domain_parameters; size_t domain_parameters_size; }; -#define PSA_KEY_ATTRIBUTES_INIT {0, 0, {0, 0, 0}, 0, 0, NULL, 0} +#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0} static inline struct psa_key_attributes_s psa_key_attributes_init( void ) { const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT; @@ -330,53 +337,53 @@ static inline struct psa_key_attributes_s psa_key_attributes_init( void ) static inline void psa_set_key_id(psa_key_attributes_t *attributes, psa_key_id_t id) { - attributes->id = id; - if( attributes->lifetime == PSA_KEY_LIFETIME_VOLATILE ) - attributes->lifetime = PSA_KEY_LIFETIME_PERSISTENT; + attributes->core.id = id; + if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE ) + attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT; } static inline psa_key_id_t psa_get_key_id( const psa_key_attributes_t *attributes) { - return( attributes->id ); + return( attributes->core.id ); } static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes, psa_key_lifetime_t lifetime) { - attributes->lifetime = lifetime; + attributes->core.lifetime = lifetime; if( lifetime == PSA_KEY_LIFETIME_VOLATILE ) - attributes->id = 0; + attributes->core.id = 0; } static inline psa_key_lifetime_t psa_get_key_lifetime( const psa_key_attributes_t *attributes) { - return( attributes->lifetime ); + return( attributes->core.lifetime ); } static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes, psa_key_usage_t usage_flags) { - attributes->policy.usage = usage_flags; + attributes->core.policy.usage = usage_flags; } static inline psa_key_usage_t psa_get_key_usage_flags( const psa_key_attributes_t *attributes) { - return( attributes->policy.usage ); + return( attributes->core.policy.usage ); } static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes, psa_algorithm_t alg) { - attributes->policy.alg = alg; + attributes->core.policy.alg = alg; } static inline psa_algorithm_t psa_get_key_algorithm( const psa_key_attributes_t *attributes) { - return( attributes->policy.alg ); + return( attributes->core.policy.alg ); } /* This function is declared in crypto_extra.h, which comes after this @@ -392,7 +399,7 @@ static inline void psa_set_key_type(psa_key_attributes_t *attributes, if( attributes->domain_parameters == NULL ) { /* Common case: quick path */ - attributes->type = type; + attributes->core.type = type; } else { @@ -407,19 +414,19 @@ static inline void psa_set_key_type(psa_key_attributes_t *attributes, static inline psa_key_type_t psa_get_key_type( const psa_key_attributes_t *attributes) { - return( attributes->type ); + return( attributes->core.type ); } static inline void psa_set_key_bits(psa_key_attributes_t *attributes, size_t bits) { - attributes->bits = bits; + attributes->core.bits = bits; } static inline size_t psa_get_key_bits( const psa_key_attributes_t *attributes) { - return( attributes->bits ); + return( attributes->core.bits ); } #endif /* PSA_CRYPTO_STRUCT_H */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8752528038..4721f6bfe2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1086,7 +1086,7 @@ psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes, attributes->domain_parameters = copy; attributes->domain_parameters_size = data_length; - attributes->type = type; + attributes->core.type = type; return( PSA_SUCCESS ); } @@ -1153,11 +1153,11 @@ exit: static void psa_get_key_slot_attributes( psa_key_slot_t *slot, psa_key_attributes_t *attributes ) { - attributes->id = slot->persistent_storage_id; - attributes->lifetime = slot->lifetime; - attributes->policy = slot->policy; - attributes->type = slot->type; - attributes->bits = psa_get_key_slot_bits( slot ); + attributes->core.id = slot->persistent_storage_id; + attributes->core.lifetime = slot->lifetime; + attributes->core.policy = slot->policy; + attributes->core.type = slot->type; + attributes->core.bits = psa_get_key_slot_bits( slot ); } /** Retrieve all the publicly-accessible attributes of a key. @@ -1454,21 +1454,21 @@ static psa_status_t psa_start_key_creation( return( status ); slot = *p_slot; - status = psa_set_key_policy_internal( slot, &attributes->policy ); + status = psa_set_key_policy_internal( slot, &attributes->core.policy ); if( status != PSA_SUCCESS ) return( status ); - slot->lifetime = attributes->lifetime; + slot->lifetime = attributes->core.lifetime; - if( attributes->lifetime != PSA_KEY_LIFETIME_VOLATILE ) + if( attributes->core.lifetime != PSA_KEY_LIFETIME_VOLATILE ) { - status = psa_validate_persistent_key_parameters( attributes->lifetime, - attributes->id, + status = psa_validate_persistent_key_parameters( attributes->core.lifetime, + attributes->core.id, p_drv, 1 ); if( status != PSA_SUCCESS ) return( status ); - slot->persistent_storage_id = attributes->id; + slot->persistent_storage_id = attributes->core.id; } - slot->type = attributes->type; + slot->type = attributes->core.type; #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* For a key in a secure element, we need to do three things: @@ -1628,9 +1628,9 @@ static psa_status_t psa_check_key_slot_attributes( const psa_key_slot_t *slot, const psa_key_attributes_t *attributes ) { - if( attributes->type != 0 ) + if( attributes->core.type != 0 ) { - if( attributes->type != slot->type ) + if( attributes->core.type != slot->type ) return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -1667,9 +1667,9 @@ static psa_status_t psa_check_key_slot_attributes( } } - if( attributes->bits != 0 ) + if( attributes->core.bits != 0 ) { - if( attributes->bits != psa_get_key_slot_bits( slot ) ) + if( attributes->core.bits != psa_get_key_slot_bits( slot ) ) return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -1772,7 +1772,7 @@ psa_status_t psa_copy_key( psa_key_handle_t source_handle, if( status != PSA_SUCCESS ) goto exit; - status = psa_restrict_key_policy( &actual_attributes.policy, + status = psa_restrict_key_policy( &actual_attributes.core.policy, &source_slot->policy ); if( status != PSA_SUCCESS ) goto exit; @@ -4706,7 +4706,7 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut if( status == PSA_SUCCESS ) { status = psa_generate_derived_key_internal( slot, - attributes->bits, + attributes->core.bits, operation ); } if( status == PSA_SUCCESS ) @@ -5744,7 +5744,7 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes, if( status == PSA_SUCCESS ) { status = psa_generate_key_internal( - slot, attributes->bits, + slot, attributes->core.bits, attributes->domain_parameters, attributes->domain_parameters_size ); } if( status == PSA_SUCCESS ) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 86584907c4..d335b758e9 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -40,9 +40,9 @@ typedef struct { psa_key_type_t type; - psa_key_policy_t policy; psa_key_lifetime_t lifetime; psa_key_file_id_t persistent_storage_id; + psa_key_policy_t policy; unsigned allocated : 1; union { diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index aece47d01c..58b0f38079 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -198,7 +198,7 @@ psa_status_t psa_find_se_slot_for_key( psa_drv_se_allocate_key_t p_allocate = NULL; /* If the lifetime is wrong, it's a bug in the library. */ - if( driver->lifetime != attributes->lifetime ) + if( driver->lifetime != psa_get_key_lifetime( attributes ) ) return( PSA_ERROR_CORRUPTION_DETECTED ); /* If the driver doesn't support key creation in any way, give up now. */ diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index e63dcdae6e..6add6b860b 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -133,7 +133,7 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *p_slot ) goto exit; p_slot->lifetime = psa_get_key_lifetime( &attributes ); p_slot->type = psa_get_key_type( &attributes ); - p_slot->policy = attributes.policy; + p_slot->policy = attributes.core.policy; #if defined(MBEDTLS_PSA_CRYPTO_SE_C) if( psa_key_lifetime_is_external( p_slot->lifetime ) ) diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index b8569beb8a..4113fb7e1c 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -328,11 +328,11 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, memcpy( *key_data, storage_format->key_data, *key_data_length ); } - GET_UINT32_LE( attributes->lifetime, storage_format->lifetime, 0 ); - GET_UINT32_LE( attributes->type, storage_format->type, 0 ); - GET_UINT32_LE( attributes->policy.usage, storage_format->policy, 0 ); - GET_UINT32_LE( attributes->policy.alg, storage_format->policy, sizeof( uint32_t ) ); - GET_UINT32_LE( attributes->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) ); + GET_UINT32_LE( attributes->core.lifetime, storage_format->lifetime, 0 ); + GET_UINT32_LE( attributes->core.type, storage_format->type, 0 ); + GET_UINT32_LE( attributes->core.policy.usage, storage_format->policy, 0 ); + GET_UINT32_LE( attributes->core.policy.alg, storage_format->policy, sizeof( uint32_t ) ); + GET_UINT32_LE( attributes->core.policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) ); return( PSA_SUCCESS ); } diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 1d06d62e73..887ff84d1a 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1225,7 +1225,7 @@ void import( data_t *data, int type_arg, PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); if( attr_bits != 0 ) - TEST_EQUAL( attr_bits, got_attributes.bits ); + TEST_EQUAL( attr_bits, psa_get_key_bits( &got_attributes ) ); PSA_ASSERT( psa_destroy_key( handle ) ); test_operations_on_invalid_handle( handle );