Switch key slots to psa_key_attributes_t

Switch `psa_key_slot_t` to the full `psa_key_attributes_t`, now that this structure only has psa_core_key_attributes_t`. To minimize the diff without breaking the build much, temporarily make `psa_key_attributes_t` contain either the `core` field or all the fields. This allows both things like `slot->attr.core.type` and `slot->attr.type` to exist. The build breaks with compilers that don't support anonymous unions and structs, which are only standard C since C11. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-07-29 11:41:15 +03:00 · 2024-02-28 01:08:27 +01:00
parent 0f40a41cea
commit 7fad3ef3b5
6 changed files with 64 additions and 39 deletions
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@ -312,6 +312,34 @@ typedef struct {
    mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
 } psa_core_key_attributes_t;

+struct psa_key_attributes_s {
+    union {
+        psa_core_key_attributes_t MBEDTLS_PRIVATE(core);
+        struct {
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+    psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+    psa_key_type_t MBEDTLS_PRIVATE(type);
+    psa_key_bits_t MBEDTLS_PRIVATE(bits);
+    psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime);
+    psa_key_policy_t MBEDTLS_PRIVATE(policy);
+    psa_key_attributes_flag_t MBEDTLS_PRIVATE(flags);
+    /* This type has a different layout in the client view wrt the
+     * service view of the key id, i.e. in service view usually is
+     * expected to have MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined
+     * thus adding an owner field to the standard psa_key_id_t. For
+     * implementations with client/service separation, this means the
+     * object will be marshalled through a transport channel and
+     * interpreted differently at each side of the transport. Placing
+     * it at the end of structures allows to interpret the structure
+     * at the client without reorganizing the memory layout of the
+     * struct
+     */
+    mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
+        };
+    };
+};
+
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
 #define PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER 0,
 #else
@ -323,11 +351,7 @@ typedef struct {
                                       PSA_KEY_POLICY_INIT, 0,          \
                                       MBEDTLS_SVC_KEY_ID_INIT }

-struct psa_key_attributes_s {
-    psa_core_key_attributes_t MBEDTLS_PRIVATE(core);
-};
-
-#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT }
+#define PSA_KEY_ATTRIBUTES_INIT { { PSA_CORE_KEY_ATTRIBUTES_INIT } }

 static inline struct psa_key_attributes_s psa_key_attributes_init(void)
 {