mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-04 13:13:31 +00:00
Get rid of flags in attributes
The `flags` field in `psa_key_attributes_t` was a general mechanism that only ever got used for a single flag: to indicate that the `slot_number` field has been set. We have switched to a dedicated indicator for that, so we can now remove `flags`. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
parent
972539c241
commit
e92796ef98
@ -266,29 +266,6 @@ typedef uint16_t psa_key_bits_t;
|
||||
* conditionals. */
|
||||
#define PSA_MAX_KEY_BITS 0xfff8
|
||||
|
||||
/** A mask of flags that can be stored in key attributes.
|
||||
*
|
||||
* This type is also used internally to store flags in slots. Internal
|
||||
* flags are defined in library/psa_crypto_core.h. Internal flags may have
|
||||
* the same value as external flags if they are properly handled during
|
||||
* key creation and in psa_get_key_attributes.
|
||||
*/
|
||||
typedef uint16_t psa_key_attributes_flag_t;
|
||||
|
||||
#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER \
|
||||
((psa_key_attributes_flag_t) 0x0001)
|
||||
|
||||
/* A mask of key attribute flags used externally only.
|
||||
* Only meant for internal checks inside the library. */
|
||||
#define MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ( \
|
||||
MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER | \
|
||||
0)
|
||||
|
||||
/* A mask of key attribute flags used both internally and externally.
|
||||
* Currently there aren't any. */
|
||||
#define MBEDTLS_PSA_KA_MASK_DUAL_USE ( \
|
||||
0)
|
||||
|
||||
struct psa_key_attributes_s {
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
|
||||
@ -298,7 +275,6 @@ struct psa_key_attributes_s {
|
||||
psa_key_bits_t MBEDTLS_PRIVATE(bits);
|
||||
psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime);
|
||||
psa_key_policy_t MBEDTLS_PRIVATE(policy);
|
||||
psa_key_attributes_flag_t MBEDTLS_PRIVATE(flags);
|
||||
/* This type has a different layout in the client view wrt the
|
||||
* service view of the key id, i.e. in service view usually is
|
||||
* expected to have MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined
|
||||
@ -321,7 +297,7 @@ struct psa_key_attributes_s {
|
||||
#define PSA_KEY_ATTRIBUTES_INIT { PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER \
|
||||
PSA_KEY_TYPE_NONE, 0, \
|
||||
PSA_KEY_LIFETIME_VOLATILE, \
|
||||
PSA_KEY_POLICY_INIT, 0, \
|
||||
PSA_KEY_POLICY_INIT, \
|
||||
MBEDTLS_SVC_KEY_ID_INIT }
|
||||
|
||||
static inline struct psa_key_attributes_s psa_key_attributes_init(void)
|
||||
|
||||
@ -1227,8 +1227,6 @@ psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
|
||||
}
|
||||
|
||||
*attributes = slot->attr;
|
||||
attributes->flags &= (MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
|
||||
MBEDTLS_PSA_KA_MASK_DUAL_USE);
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
if (psa_get_se_driver_entry(slot->attr.lifetime) != NULL) {
|
||||
@ -1443,16 +1441,6 @@ exit:
|
||||
return (status == PSA_SUCCESS) ? unlock_status : status;
|
||||
}
|
||||
|
||||
MBEDTLS_STATIC_ASSERT(
|
||||
(MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0,
|
||||
"One or more key attribute flag is listed as both external-only and dual-use")
|
||||
MBEDTLS_STATIC_ASSERT(
|
||||
(PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0,
|
||||
"One or more key attribute flag is listed as both internal-only and dual-use")
|
||||
MBEDTLS_STATIC_ASSERT(
|
||||
(PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY) == 0,
|
||||
"One or more key attribute flag is listed as both internal-only and external-only")
|
||||
|
||||
/** Validate that a key policy is internally well-formed.
|
||||
*
|
||||
* This function only rejects invalid policies. It does not validate the
|
||||
@ -1531,12 +1519,6 @@ static psa_status_t psa_validate_key_attributes(
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
/* Reject invalid flags. These should not be reachable through the API. */
|
||||
if (attributes->flags & ~(MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
|
||||
MBEDTLS_PSA_KA_MASK_DUAL_USE)) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
|
||||
@ -1619,13 +1601,6 @@ static psa_status_t psa_start_key_creation(
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Erase external-only flags from the internal copy. To access
|
||||
* external-only flags, query `attributes`. Thanks to the check
|
||||
* in psa_validate_key_attributes(), this leaves the dual-use
|
||||
* flags and any internal flag that psa_reserve_free_key_slot()
|
||||
* may have set. */
|
||||
slot->attr.flags &= ~MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY;
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
/* For a key in a secure element, we need to do three things
|
||||
* when creating or registering a persistent key:
|
||||
|
||||
@ -159,11 +159,6 @@ typedef struct {
|
||||
} while (0);
|
||||
#endif
|
||||
|
||||
/* A mask of key attribute flags used only internally.
|
||||
* Currently there aren't any. */
|
||||
#define PSA_KA_MASK_INTERNAL_ONLY ( \
|
||||
0)
|
||||
|
||||
/** Test whether a key slot has any registered readers.
|
||||
* If multi-threading is enabled, the caller must hold the
|
||||
* global key slot mutex.
|
||||
@ -177,56 +172,6 @@ static inline int psa_key_slot_has_readers(const psa_key_slot_t *slot)
|
||||
return slot->registered_readers > 0;
|
||||
}
|
||||
|
||||
/** Retrieve flags from psa_key_slot_t::attr::core::flags.
|
||||
*
|
||||
* \param[in] slot The key slot to query.
|
||||
* \param mask The mask of bits to extract.
|
||||
*
|
||||
* \return The key attribute flags in the given slot,
|
||||
* bitwise-anded with \p mask.
|
||||
*/
|
||||
static inline uint16_t psa_key_slot_get_flags(const psa_key_slot_t *slot,
|
||||
uint16_t mask)
|
||||
{
|
||||
return slot->attr.flags & mask;
|
||||
}
|
||||
|
||||
/** Set flags in psa_key_slot_t::attr::core::flags.
|
||||
*
|
||||
* \param[in,out] slot The key slot to modify.
|
||||
* \param mask The mask of bits to modify.
|
||||
* \param value The new value of the selected bits.
|
||||
*/
|
||||
static inline void psa_key_slot_set_flags(psa_key_slot_t *slot,
|
||||
uint16_t mask,
|
||||
uint16_t value)
|
||||
{
|
||||
slot->attr.flags = ((~mask & slot->attr.flags) |
|
||||
(mask & value));
|
||||
}
|
||||
|
||||
/** Turn on flags in psa_key_slot_t::attr::core::flags.
|
||||
*
|
||||
* \param[in,out] slot The key slot to modify.
|
||||
* \param mask The mask of bits to set.
|
||||
*/
|
||||
static inline void psa_key_slot_set_bits_in_flags(psa_key_slot_t *slot,
|
||||
uint16_t mask)
|
||||
{
|
||||
slot->attr.flags |= mask;
|
||||
}
|
||||
|
||||
/** Turn off flags in psa_key_slot_t::attr::core::flags.
|
||||
*
|
||||
* \param[in,out] slot The key slot to modify.
|
||||
* \param mask The mask of bits to clear.
|
||||
*/
|
||||
static inline void psa_key_slot_clear_bits(psa_key_slot_t *slot,
|
||||
uint16_t mask)
|
||||
{
|
||||
slot->attr.flags &= ~mask;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
/** Get the SE slot number of a key from the key slot storing its description.
|
||||
*
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user