lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Merge pull request #8867 from gilles-peskine-arm/psa_key_attributes-remove_core

Browse Source 
Merge psa_core_key_attributes_t back into psa_key_attributes_t
This commit is contained in:
Gilles Peskine
2024-03-05 09:59:24 +00:00
committed by GitHub
parent 634f4d6d7d 0eb4e7fb40
commit 8462146d01
20 changed files with 218 additions and 417 deletions
Download Patch File Download Diff File Expand all files Collapse all files

244
library/psa_crypto.c
View File

@ -568,7 +568,7 @@ psa_status_t psa_import_key_into_slot(
size_t *key_buffer_length, size_t *bits)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t type = attributes->core.type;
psa_key_type_t type = attributes->type;
/* zero-length keys are never supported. */
if (data_length == 0) {
@ -578,7 +578,7 @@ psa_status_t psa_import_key_into_slot(
if (key_type_is_raw_bytes(type)) {
*bits = PSA_BYTES_TO_BITS(data_length);
status = psa_validate_unstructured_key_bit_size(attributes->core.type,
status = psa_validate_unstructured_key_bit_size(attributes->type,
*bits);
if (status != PSA_SUCCESS) {
return status;
@ -1226,9 +1226,7 @@ psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
return status;
}
attributes->core = slot->attr;
attributes->core.flags &= (MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
MBEDTLS_PSA_KA_MASK_DUAL_USE);
*attributes = slot->attr;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if (psa_get_se_driver_entry(slot->attr.lifetime) != NULL) {
@ -1245,7 +1243,7 @@ psa_status_t psa_get_key_slot_number(
const psa_key_attributes_t *attributes,
psa_key_slot_number_t *slot_number)
{
if (attributes->core.flags & MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER) {
if (attributes->has_slot_number) {
*slot_number = attributes->slot_number;
return PSA_SUCCESS;
} else {
@ -1275,7 +1273,7 @@ psa_status_t psa_export_key_internal(
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length)
{
psa_key_type_t type = attributes->core.type;
psa_key_type_t type = attributes->type;
if (key_type_is_raw_bytes(type) ||
PSA_KEY_TYPE_IS_RSA(type) ||
@ -1324,10 +1322,7 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
return status;
}
psa_key_attributes_t attributes = {
.core = slot->attr
};
status = psa_driver_wrapper_export_key(&attributes,
status = psa_driver_wrapper_export_key(&slot->attr,
slot->key.data, slot->key.bytes,
data, data_size, data_length);
@ -1344,7 +1339,7 @@ psa_status_t psa_export_public_key_internal(
size_t data_size,
size_t *data_length)
{
psa_key_type_t type = attributes->core.type;
psa_key_type_t type = attributes->type;
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) &&
(PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) ||
@ -1411,7 +1406,6 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
psa_key_attributes_t attributes;
/* Reject a zero-length output buffer now, since this can never be a
* valid key representation. This way we know that data must be a valid
@ -1437,11 +1431,8 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr
};
status = psa_driver_wrapper_export_public_key(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
data, data_size, data_length);
exit:
@ -1450,16 +1441,6 @@ exit:
return (status == PSA_SUCCESS) ? unlock_status : status;
}
MBEDTLS_STATIC_ASSERT(
(MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0,
"One or more key attribute flag is listed as both external-only and dual-use")
MBEDTLS_STATIC_ASSERT(
(PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0,
"One or more key attribute flag is listed as both internal-only and dual-use")
MBEDTLS_STATIC_ASSERT(
(PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY) == 0,
"One or more key attribute flag is listed as both internal-only and external-only")
/** Validate that a key policy is internally well-formed.
*
* This function only rejects invalid policies. It does not validate the
@ -1525,7 +1506,7 @@ static psa_status_t psa_validate_key_attributes(
}
}
status = psa_validate_key_policy(&attributes->core.policy);
status = psa_validate_key_policy(&attributes->policy);
if (status != PSA_SUCCESS) {
return status;
}
@ -1538,12 +1519,6 @@ static psa_status_t psa_validate_key_attributes(
return PSA_ERROR_NOT_SUPPORTED;
}
/* Reject invalid flags. These should not be reachable through the API. */
if (attributes->core.flags & ~(MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
MBEDTLS_PSA_KA_MASK_DUAL_USE)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
return PSA_SUCCESS;
}
@ -1617,7 +1592,7 @@ static psa_status_t psa_start_key_creation(
* volatile key identifier associated to the slot returned to contain its
* definition. */
slot->attr = attributes->core;
slot->attr = *attributes;
if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
slot->attr.id = volatile_key_id;
@ -1626,13 +1601,6 @@ static psa_status_t psa_start_key_creation(
#endif
}
/* Erase external-only flags from the internal copy. To access
* external-only flags, query `attributes`. Thanks to the check
* in psa_validate_key_attributes(), this leaves the dual-use
* flags and any internal flag that psa_reserve_free_key_slot()
* may have set. */
slot->attr.flags &= ~MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* For a key in a secure element, we need to do three things
* when creating or registering a persistent key:
@ -1659,7 +1627,7 @@ static psa_status_t psa_start_key_creation(
return status;
}
if (!PSA_KEY_LIFETIME_IS_VOLATILE(attributes->core.lifetime)) {
if (!PSA_KEY_LIFETIME_IS_VOLATILE(attributes->lifetime)) {
psa_crypto_prepare_transaction(PSA_CRYPTO_TRANSACTION_CREATE_KEY);
psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
psa_crypto_transaction.key.slot = slot_number;
@ -1859,14 +1827,14 @@ static psa_status_t psa_validate_optional_attributes(
const psa_key_slot_t *slot,
const psa_key_attributes_t *attributes)
{
if (attributes->core.type != 0) {
if (attributes->core.type != slot->attr.type) {
if (attributes->type != 0) {
if (attributes->type != slot->attr.type) {
return PSA_ERROR_INVALID_ARGUMENT;
}
}
if (attributes->core.bits != 0) {
if (attributes->core.bits != slot->attr.bits) {
if (attributes->bits != 0) {
if (attributes->bits != slot->attr.bits) {
return PSA_ERROR_INVALID_ARGUMENT;
}
}
@ -1910,7 +1878,7 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
* with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
* buffer to hold the imported key material. */
if (slot->key.data == NULL) {
if (psa_key_lifetime_is_external(attributes->core.lifetime)) {
if (psa_key_lifetime_is_external(attributes->lifetime)) {
status = psa_driver_wrapper_get_key_buffer_size_from_key_data(
attributes, data, data_length, &storage_size);
if (status != PSA_SUCCESS) {
@ -2030,12 +1998,12 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
* equal to the ones of the source key. So it is safe to inherit
* them from the source key now."
* */
actual_attributes.core.bits = source_slot->attr.bits;
actual_attributes.core.type = source_slot->attr.type;
actual_attributes.bits = source_slot->attr.bits;
actual_attributes.type = source_slot->attr.type;
status = psa_restrict_key_policy(source_slot->attr.type,
&actual_attributes.core.policy,
&actual_attributes.policy,
&source_slot->attr.policy);
if (status != PSA_SUCCESS) {
goto exit;
@ -2064,7 +2032,7 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
* - For opaque keys this translates to an invocation of the drivers'
* copy_key entry point through the dispatch layer.
* */
if (psa_key_lifetime_is_external(actual_attributes.core.lifetime)) {
if (psa_key_lifetime_is_external(actual_attributes.lifetime)) {
status = psa_driver_wrapper_get_key_buffer_size(&actual_attributes,
&storage_size);
if (status != PSA_SUCCESS) {
@ -2372,7 +2340,6 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
psa_key_attributes_t attributes;
/* A context must be freshly initialized before it can be set up. */
if (operation->id != 0) {
@ -2389,11 +2356,7 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr
};
status = psa_mac_finalize_alg_and_key_validation(alg, &attributes,
status = psa_mac_finalize_alg_and_key_validation(alg, &slot->attr,
&operation->mac_size);
if (status != PSA_SUCCESS) {
goto exit;
@ -2403,13 +2366,13 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
/* Dispatch the MAC setup call with validated input */
if (is_sign) {
status = psa_driver_wrapper_mac_sign_setup(operation,
&attributes,
&slot->attr,
slot->key.data,
slot->key.bytes,
alg);
} else {
status = psa_driver_wrapper_mac_verify_setup(operation,
&attributes,
&slot->attr,
slot->key.data,
slot->key.bytes,
alg);
@ -2559,7 +2522,6 @@ static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key,
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
uint8_t operation_mac_size = 0;
psa_key_attributes_t attributes;
status = psa_get_and_lock_key_slot_with_policy(
key,
@ -2570,11 +2532,7 @@ static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr
};
status = psa_mac_finalize_alg_and_key_validation(alg, &attributes,
status = psa_mac_finalize_alg_and_key_validation(alg, &slot->attr,
&operation_mac_size);
if (status != PSA_SUCCESS) {
goto exit;
@ -2586,7 +2544,7 @@ static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key,
}
status = psa_driver_wrapper_mac_compute(
&attributes,
&slot->attr,
slot->key.data, slot->key.bytes,
alg,
input, input_length,
@ -2696,7 +2654,6 @@ static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
psa_key_attributes_t attributes;
*signature_length = 0;
@ -2728,19 +2685,15 @@ static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr
};
if (input_is_message) {
status = psa_driver_wrapper_sign_message(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg, input, input_length,
signature, signature_size, signature_length);
} else {
status = psa_driver_wrapper_sign_hash(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg, input, input_length,
signature, signature_size, signature_length);
}
@ -2782,18 +2735,14 @@ static psa_status_t psa_verify_internal(mbedtls_svc_key_id_t key,
return status;
}
psa_key_attributes_t attributes = {
.core = slot->attr
};
if (input_is_message) {
status = psa_driver_wrapper_verify_message(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg, input, input_length,
signature, signature_length);
} else {
status = psa_driver_wrapper_verify_hash(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg, input, input_length,
signature, signature_length);
}
@ -2904,7 +2853,7 @@ psa_status_t psa_sign_hash_builtin(
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length)
{
if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
PSA_ALG_IS_RSA_PSS(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
@ -2919,7 +2868,7 @@ psa_status_t psa_sign_hash_builtin(
} else {
return PSA_ERROR_INVALID_ARGUMENT;
}
} else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
} else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) {
if (PSA_ALG_IS_ECDSA(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
@ -2965,7 +2914,7 @@ psa_status_t psa_verify_hash_builtin(
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length)
{
if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) {
if (PSA_KEY_TYPE_IS_RSA(attributes->type)) {
if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
PSA_ALG_IS_RSA_PSS(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
@ -2980,7 +2929,7 @@ psa_status_t psa_verify_hash_builtin(
} else {
return PSA_ERROR_INVALID_ARGUMENT;
}
} else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
} else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) {
if (PSA_ALG_IS_ECDSA(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
@ -3031,7 +2980,6 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
psa_key_attributes_t attributes;
(void) input;
(void) input_length;
@ -3056,12 +3004,8 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr
};
status = psa_driver_wrapper_asymmetric_encrypt(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg, input, input_length, salt, salt_length,
output, output_size, output_length);
exit:
@ -3083,7 +3027,6 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
psa_key_attributes_t attributes;
(void) input;
(void) input_length;
@ -3107,12 +3050,8 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr
};
status = psa_driver_wrapper_asymmetric_decrypt(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg, input, input_length, salt, salt_length,
output, output_size, output_length);
@ -3181,7 +3120,6 @@ psa_status_t psa_sign_hash_start(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
psa_key_attributes_t attributes;
/* Check that start has not been previously called, or operation has not
* previously errored. */
@ -3208,14 +3146,10 @@ psa_status_t psa_sign_hash_start(
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr
};
/* Ensure ops count gets reset, in case of operation re-use. */
operation->num_ops = 0;
status = psa_driver_wrapper_sign_hash_start(operation, &attributes,
status = psa_driver_wrapper_sign_hash_start(operation, &slot->attr,
slot->key.data,
slot->key.bytes, alg,
hash, hash_length);
@ -3353,14 +3287,10 @@ psa_status_t psa_verify_hash_start(
return status;
}
psa_key_attributes_t attributes = {
.core = slot->attr
};
/* Ensure ops count gets reset, in case of operation re-use. */
operation->num_ops = 0;
status = psa_driver_wrapper_verify_hash_start(operation, &attributes,
status = psa_driver_wrapper_verify_hash_start(operation, &slot->attr,
slot->key.data,
slot->key.bytes,
alg, hash, hash_length,
@ -3495,7 +3425,7 @@ psa_status_t mbedtls_psa_sign_hash_start(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t required_hash_length;
if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
if (!PSA_KEY_TYPE_IS_ECC(attributes->type)) {
return PSA_ERROR_NOT_SUPPORTED;
}
@ -3512,8 +3442,8 @@ psa_status_t mbedtls_psa_sign_hash_start(
/* Ensure num_ops is zero'ed in case of context re-use. */
operation->num_ops = 0;
status = mbedtls_psa_ecp_load_representation(attributes->core.type,
attributes->core.bits,
status = mbedtls_psa_ecp_load_representation(attributes->type,
attributes->bits,
key_buffer,
key_buffer_size,
&operation->ctx);
@ -3711,7 +3641,7 @@ psa_status_t mbedtls_psa_verify_hash_start(
size_t coordinate_bytes = 0;
size_t required_hash_length = 0;
if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
if (!PSA_KEY_TYPE_IS_ECC(attributes->type)) {
return PSA_ERROR_NOT_SUPPORTED;
}
@ -3730,8 +3660,8 @@ psa_status_t mbedtls_psa_verify_hash_start(
/* Ensure num_ops is zero'ed in case of context re-use. */
operation->num_ops = 0;
status = mbedtls_psa_ecp_load_representation(attributes->core.type,
attributes->core.bits,
status = mbedtls_psa_ecp_load_representation(attributes->type,
attributes->bits,
key_buffer,
key_buffer_size,
&operation->ctx);
@ -3889,7 +3819,6 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
psa_key_usage_t usage = (cipher_operation == MBEDTLS_ENCRYPT ?
PSA_KEY_USAGE_ENCRYPT :
PSA_KEY_USAGE_DECRYPT);
psa_key_attributes_t attributes;
/* A context must be freshly initialized before it can be set up. */
if (operation->id != 0) {
@ -3919,20 +3848,16 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
}
operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
attributes = (psa_key_attributes_t) {
.core = slot->attr
};
/* Try doing the operation through a driver before using software fallback. */
if (cipher_operation == MBEDTLS_ENCRYPT) {
status = psa_driver_wrapper_cipher_encrypt_setup(operation,
&attributes,
&slot->attr,
slot->key.data,
slot->key.bytes,
alg);
} else {
status = psa_driver_wrapper_cipher_decrypt_setup(operation,
&attributes,
&slot->attr,
slot->key.data,
slot->key.bytes,
alg);
@ -4145,7 +4070,6 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
psa_key_slot_t *slot = NULL;
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
size_t default_iv_length = 0;
psa_key_attributes_t attributes;
if (!PSA_ALG_IS_CIPHER(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
@ -4159,10 +4083,6 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr
};
default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
if (default_iv_length > PSA_CIPHER_IV_MAX_SIZE) {
status = PSA_ERROR_GENERIC_ERROR;
@ -4182,7 +4102,7 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
}
status = psa_driver_wrapper_cipher_encrypt(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg, local_iv, default_iv_length, input, input_length,
psa_crypto_buffer_offset(output, default_iv_length),
output_size - default_iv_length, output_length);
@ -4216,7 +4136,6 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
psa_key_attributes_t attributes;
if (!PSA_ALG_IS_CIPHER(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
@ -4230,10 +4149,6 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr
};
if (alg == PSA_ALG_CCM_STAR_NO_TAG &&
input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH(slot->attr.type)) {
status = PSA_ERROR_INVALID_ARGUMENT;
@ -4244,7 +4159,7 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
}
status = psa_driver_wrapper_cipher_decrypt(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg, input, input_length,
output, output_size, output_length);
@ -4353,17 +4268,13 @@ psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
return status;
}
psa_key_attributes_t attributes = {
.core = slot->attr
};
status = psa_aead_check_nonce_length(alg, nonce_length);
if (status != PSA_SUCCESS) {
goto exit;
}
status = psa_driver_wrapper_aead_encrypt(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg,
nonce, nonce_length,
additional_data, additional_data_length,
@ -4408,17 +4319,13 @@ psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
return status;
}
psa_key_attributes_t attributes = {
.core = slot->attr
};
status = psa_aead_check_nonce_length(alg, nonce_length);
if (status != PSA_SUCCESS) {
goto exit;
}
status = psa_driver_wrapper_aead_decrypt(
&attributes, slot->key.data, slot->key.bytes,
&slot->attr, slot->key.data, slot->key.bytes,
alg,
nonce, nonce_length,
additional_data, additional_data_length,
@ -4484,7 +4391,6 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation,
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
psa_key_usage_t key_usage = 0;
psa_key_attributes_t attributes;
status = psa_aead_check_algorithm(alg);
if (status != PSA_SUCCESS) {
@ -4514,23 +4420,19 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation,
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr
};
if ((status = psa_validate_tag_length(alg)) != PSA_SUCCESS) {
goto exit;
}
if (is_encrypt) {
status = psa_driver_wrapper_aead_encrypt_setup(operation,
&attributes,
&slot->attr,
slot->key.data,
slot->key.bytes,
alg);
} else {
status = psa_driver_wrapper_aead_decrypt_setup(operation,
&attributes,
&slot->attr,
slot->key.data,
slot->key.bytes,
alg);
@ -4539,7 +4441,7 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation,
goto exit;
}
operation->key_type = psa_get_key_type(&attributes);
operation->key_type = psa_get_key_type(&slot->attr);
exit:
unlock_status = psa_unregister_read_under_mutex(slot);
@ -5842,7 +5744,6 @@ static psa_status_t psa_generate_derived_key_internal(
size_t bytes = PSA_BITS_TO_BYTES(bits);
size_t storage_size = bytes;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes;
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) {
return PSA_ERROR_INVALID_ARGUMENT;
@ -5891,12 +5792,9 @@ static psa_status_t psa_generate_derived_key_internal(
}
slot->attr.bits = (psa_key_bits_t) bits;
attributes = (psa_key_attributes_t) {
.core = slot->attr
};
if (psa_key_lifetime_is_external(attributes.core.lifetime)) {
status = psa_driver_wrapper_get_key_buffer_size(&attributes,
if (psa_key_lifetime_is_external(slot->attr.lifetime)) {
status = psa_driver_wrapper_get_key_buffer_size(&slot->attr,
&storage_size);
if (status != PSA_SUCCESS) {
goto exit;
@ -5907,7 +5805,7 @@ static psa_status_t psa_generate_derived_key_internal(
goto exit;
}
status = psa_driver_wrapper_import_key(&attributes,
status = psa_driver_wrapper_import_key(&slot->attr,
data, bytes,
slot->key.data,
slot->key.bytes,
@ -5978,7 +5876,7 @@ psa_status_t psa_key_derivation_output_key_ext(
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
if (status == PSA_SUCCESS) {
status = psa_generate_derived_key_internal(slot,
attributes->core.bits,
attributes->bits,
operation);
}
if (status == PSA_SUCCESS) {
@ -7023,11 +6921,7 @@ static psa_status_t psa_key_agreement_raw_internal(psa_algorithm_t alg,
return PSA_ERROR_NOT_SUPPORTED;
}
psa_key_attributes_t attributes = {
.core = private_key->attr
};
return psa_driver_wrapper_key_agreement(&attributes,
return psa_driver_wrapper_key_agreement(&private_key->attr,
private_key->key.data,
private_key->key.bytes, alg,
peer_key, peer_key_length,
@ -7400,7 +7294,7 @@ psa_status_t psa_generate_key_internal(
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t type = attributes->core.type;
psa_key_type_t type = attributes->type;
/* Only used for RSA */
(void) params;
@ -7473,12 +7367,12 @@ psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
}
/* Reject any attempt to create a public key. */
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->core.type)) {
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->type)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
if (params->flags != 0) {
return PSA_ERROR_INVALID_ARGUMENT;
}
@ -7499,17 +7393,17 @@ psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
* with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
* buffer to hold the generated key material. */
if (slot->key.data == NULL) {
if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime) ==
if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->lifetime) ==
PSA_KEY_LOCATION_LOCAL_STORAGE) {
status = psa_validate_key_type_and_size_for_key_generation(
attributes->core.type, attributes->core.bits);
attributes->type, attributes->bits);
if (status != PSA_SUCCESS) {
goto exit;
}
key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
attributes->core.type,
attributes->core.bits);
attributes->type,
attributes->bits);
} else {
status = psa_driver_wrapper_get_key_buffer_size(
attributes, &key_buffer_size);
@ -7823,7 +7717,6 @@ psa_status_t psa_pake_set_password_key(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
psa_key_attributes_t attributes;
psa_key_type_t type;
if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
@ -7838,11 +7731,7 @@ psa_status_t psa_pake_set_password_key(
goto exit;
}
attributes = (psa_key_attributes_t) {
.core = slot->attr
};
type = psa_get_key_type(&attributes);
type = psa_get_key_type(&slot->attr);
if (type != PSA_KEY_TYPE_PASSWORD &&
type != PSA_KEY_TYPE_PASSWORD_HASH) {
@ -7858,7 +7747,8 @@ psa_status_t psa_pake_set_password_key(
memcpy(operation->data.inputs.password, slot->key.data, slot->key.bytes);
operation->data.inputs.password_len = slot->key.bytes;
operation->data.inputs.attributes = attributes;
operation->data.inputs.attributes = slot->attr;
exit:
if (status != PSA_SUCCESS) {
psa_pake_abort(operation);

8
library/psa_crypto_aead.c
View File

@ -33,10 +33,10 @@ static psa_status_t psa_aead_setup(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_cipher_id_t cipher_id;
mbedtls_cipher_mode_t mode;
size_t key_bits = attributes->core.bits;
size_t key_bits = attributes->bits;
(void) key_buffer_size;
status = mbedtls_cipher_values_from_psa(alg, attributes->core.type,
status = mbedtls_cipher_values_from_psa(alg, attributes->type,
&key_bits, &mode, &cipher_id);
if (status != PSA_SUCCESS) {
return status;
@ -49,7 +49,7 @@ static psa_status_t psa_aead_setup(
/* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
* The call to mbedtls_ccm_encrypt_and_tag or
* mbedtls_ccm_auth_decrypt will validate the tag length. */
if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->core.type) != 16) {
if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->type) != 16) {
return PSA_ERROR_INVALID_ARGUMENT;
}
@ -69,7 +69,7 @@ static psa_status_t psa_aead_setup(
/* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
* The call to mbedtls_gcm_crypt_and_tag or
* mbedtls_gcm_auth_decrypt will validate the tag length. */
if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->core.type) != 16) {
if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->type) != 16) {
return PSA_ERROR_INVALID_ARGUMENT;
}

4
library/psa_crypto_cipher.c
View File

@ -289,14 +289,14 @@ static psa_status_t psa_cipher_setup(
int ret = 0;
size_t key_bits;
const mbedtls_cipher_info_t *cipher_info = NULL;
psa_key_type_t key_type = attributes->core.type;
psa_key_type_t key_type = attributes->type;
(void) key_buffer_size;
mbedtls_cipher_init(&operation->ctx.cipher);
operation->alg = alg;
key_bits = attributes->core.bits;
key_bits = attributes->bits;
cipher_info = mbedtls_cipher_info_from_psa(alg, key_type,
key_bits, NULL);
if (cipher_info == NULL) {

57
library/psa_crypto_core.h
View File

@ -59,7 +59,7 @@ typedef enum {
* and metadata for one key.
*/
typedef struct {
psa_core_key_attributes_t attr;
psa_key_attributes_t attr;
/*
* The current state of the key slot, as described in
@ -159,11 +159,6 @@ typedef struct {
} while (0);
#endif
/* A mask of key attribute flags used only internally.
* Currently there aren't any. */
#define PSA_KA_MASK_INTERNAL_ONLY ( \
0)
/** Test whether a key slot has any registered readers.
* If multi-threading is enabled, the caller must hold the
* global key slot mutex.
@ -177,56 +172,6 @@ static inline int psa_key_slot_has_readers(const psa_key_slot_t *slot)
return slot->registered_readers > 0;
}
/** Retrieve flags from psa_key_slot_t::attr::core::flags.
*
* \param[in] slot The key slot to query.
* \param mask The mask of bits to extract.
*
* \return The key attribute flags in the given slot,
* bitwise-anded with \p mask.
*/
static inline uint16_t psa_key_slot_get_flags(const psa_key_slot_t *slot,
uint16_t mask)
{
return slot->attr.flags & mask;
}
/** Set flags in psa_key_slot_t::attr::core::flags.
*
* \param[in,out] slot The key slot to modify.
* \param mask The mask of bits to modify.
* \param value The new value of the selected bits.
*/
static inline void psa_key_slot_set_flags(psa_key_slot_t *slot,
uint16_t mask,
uint16_t value)
{
slot->attr.flags = ((~mask & slot->attr.flags) |
(mask & value));
}
/** Turn on flags in psa_key_slot_t::attr::core::flags.
*
* \param[in,out] slot The key slot to modify.
* \param mask The mask of bits to set.
*/
static inline void psa_key_slot_set_bits_in_flags(psa_key_slot_t *slot,
uint16_t mask)
{
slot->attr.flags |= mask;
}
/** Turn off flags in psa_key_slot_t::attr::core::flags.
*
* \param[in,out] slot The key slot to modify.
* \param mask The mask of bits to clear.
*/
static inline void psa_key_slot_clear_bits(psa_key_slot_t *slot,
uint16_t mask)
{
slot->attr.flags &= ~mask;
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/** Get the SE slot number of a key from the key slot storing its description.
*

30
library/psa_crypto_ecp.c
View File

@ -216,8 +216,8 @@ psa_status_t mbedtls_psa_ecp_import_key(
mbedtls_ecp_keypair *ecp = NULL;
/* Parse input */
status = mbedtls_psa_ecp_load_representation(attributes->core.type,
attributes->core.bits,
status = mbedtls_psa_ecp_load_representation(attributes->type,
attributes->bits,
data,
data_length,
&ecp);
@ -225,7 +225,7 @@ psa_status_t mbedtls_psa_ecp_import_key(
goto exit;
}
if (PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) ==
if (PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type) ==
PSA_ECC_FAMILY_MONTGOMERY) {
*bits = ecp->grp.nbits + 1;
} else {
@ -235,7 +235,7 @@ psa_status_t mbedtls_psa_ecp_import_key(
/* Re-export the data to PSA export format. There is currently no support
* for other input formats then the export format, so this is a 1-1
* copy operation. */
status = mbedtls_psa_ecp_export_key(attributes->core.type,
status = mbedtls_psa_ecp_export_key(attributes->type,
ecp,
key_buffer,
key_buffer_size,
@ -296,7 +296,7 @@ psa_status_t mbedtls_psa_ecp_export_public_key(
mbedtls_ecp_keypair *ecp = NULL;
status = mbedtls_psa_ecp_load_representation(
attributes->core.type, attributes->core.bits,
attributes->type, attributes->bits,
key_buffer, key_buffer_size, &ecp);
if (status != PSA_SUCCESS) {
return status;
@ -304,7 +304,7 @@ psa_status_t mbedtls_psa_ecp_export_public_key(
status = mbedtls_psa_ecp_export_key(
PSA_KEY_TYPE_ECC_PUBLIC_KEY(
PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type)),
PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type)),
ecp, data, data_size, data_length);
mbedtls_ecp_keypair_free(ecp);
@ -325,9 +325,9 @@ psa_status_t mbedtls_psa_ecp_generate_key(
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
attributes->core.type);
attributes->type);
mbedtls_ecp_group_id grp_id =
mbedtls_ecc_group_from_psa(curve, attributes->core.bits);
mbedtls_ecc_group_from_psa(curve, attributes->bits);
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_grp_id(grp_id);
@ -374,8 +374,8 @@ psa_status_t mbedtls_psa_ecdsa_sign_hash(
size_t curve_bytes;
mbedtls_mpi r, s;
status = mbedtls_psa_ecp_load_representation(attributes->core.type,
attributes->core.bits,
status = mbedtls_psa_ecp_load_representation(attributes->type,
attributes->bits,
key_buffer,
key_buffer_size,
&ecp);
@ -461,8 +461,8 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash(
(void) alg;
status = mbedtls_psa_ecp_load_representation(attributes->core.type,
attributes->core.bits,
status = mbedtls_psa_ecp_load_representation(attributes->type,
attributes->bits,
key_buffer,
key_buffer_size,
&ecp);
@ -526,14 +526,14 @@ psa_status_t mbedtls_psa_key_agreement_ecdh(
size_t *shared_secret_length)
{
psa_status_t status;
if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(attributes->core.type) ||
if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(attributes->type) ||
!PSA_ALG_IS_ECDH(alg)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
mbedtls_ecp_keypair *ecp = NULL;
status = mbedtls_psa_ecp_load_representation(
attributes->core.type,
attributes->core.bits,
attributes->type,
attributes->bits,
key_buffer,
key_buffer_size,
&ecp);

6
library/psa_crypto_ffdh.c
View File

@ -151,7 +151,7 @@ psa_status_t mbedtls_psa_ffdh_export_public_key(
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi GX, G, X, P;
psa_key_type_t type = attributes->core.type;
psa_key_type_t type = attributes->type;
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) {
if (key_buffer_size > data_size) {
@ -167,7 +167,7 @@ psa_status_t mbedtls_psa_ffdh_export_public_key(
mbedtls_mpi_init(&GX); mbedtls_mpi_init(&G);
mbedtls_mpi_init(&X); mbedtls_mpi_init(&P);
size_t key_len = PSA_BITS_TO_BYTES(attributes->core.bits);
size_t key_len = PSA_BITS_TO_BYTES(attributes->bits);
status = mbedtls_psa_ffdh_set_prime_generator(key_len, &P, &G);
@ -283,7 +283,7 @@ psa_status_t mbedtls_psa_ffdh_key_agreement(
mbedtls_mpi_init(&K);
status = mbedtls_psa_ffdh_set_prime_generator(
PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G);
PSA_BITS_TO_BYTES(attributes->bits), &P, &G);
if (status != PSA_SUCCESS) {
goto cleanup;

22
library/psa_crypto_rsa.c
View File

@ -116,7 +116,7 @@ psa_status_t mbedtls_psa_rsa_import_key(
mbedtls_rsa_context *rsa = NULL;
/* Parse input */
status = mbedtls_psa_rsa_load_representation(attributes->core.type,
status = mbedtls_psa_rsa_load_representation(attributes->type,
data,
data_length,
&rsa);
@ -130,7 +130,7 @@ psa_status_t mbedtls_psa_rsa_import_key(
* representation in the key slot. Export representation in case of RSA is
* the smallest representation that's allowed as input, so a straight-up
* allocation of the same size as the input buffer will be large enough. */
status = mbedtls_psa_rsa_export_key(attributes->core.type,
status = mbedtls_psa_rsa_export_key(attributes->type,
rsa,
key_buffer,
key_buffer_size,
@ -196,7 +196,7 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
mbedtls_rsa_context *rsa = NULL;
status = mbedtls_psa_rsa_load_representation(
attributes->core.type, key_buffer, key_buffer_size, &rsa);
attributes->type, key_buffer, key_buffer_size, &rsa);
if (status != PSA_SUCCESS) {
return status;
}
@ -261,13 +261,13 @@ psa_status_t mbedtls_psa_rsa_generate_key(
ret = mbedtls_rsa_gen_key(&rsa,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
(unsigned int) attributes->core.bits,
(unsigned int) attributes->bits,
exponent);
if (ret != 0) {
return mbedtls_to_psa_error(ret);
}
status = mbedtls_psa_rsa_export_key(attributes->core.type,
status = mbedtls_psa_rsa_export_key(attributes->type,
&rsa, key_buffer, key_buffer_size,
key_buffer_length);
mbedtls_rsa_free(&rsa);
@ -325,7 +325,7 @@ psa_status_t mbedtls_psa_rsa_sign_hash(
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_type_t md_alg;
status = mbedtls_psa_rsa_load_representation(attributes->core.type,
status = mbedtls_psa_rsa_load_representation(attributes->type,
key_buffer,
key_buffer_size,
&rsa);
@ -424,7 +424,7 @@ psa_status_t mbedtls_psa_rsa_verify_hash(
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_type_t md_alg;
status = mbedtls_psa_rsa_load_representation(attributes->core.type,
status = mbedtls_psa_rsa_load_representation(attributes->type,
key_buffer,
key_buffer_size,
&rsa);
@ -536,11 +536,11 @@ psa_status_t mbedtls_psa_asymmetric_encrypt(const psa_key_attributes_t *attribut
(void) output_size;
(void) output_length;
if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) {
if (PSA_KEY_TYPE_IS_RSA(attributes->type)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
mbedtls_rsa_context *rsa = NULL;
status = mbedtls_psa_rsa_load_representation(attributes->core.type,
status = mbedtls_psa_rsa_load_representation(attributes->type,
key_buffer,
key_buffer_size,
&rsa);
@ -632,11 +632,11 @@ psa_status_t mbedtls_psa_asymmetric_decrypt(const psa_key_attributes_t *attribut
*output_length = 0;
if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
mbedtls_rsa_context *rsa = NULL;
status = mbedtls_psa_rsa_load_representation(attributes->core.type,
status = mbedtls_psa_rsa_load_representation(attributes->type,
key_buffer,
key_buffer_size,
&rsa);

2
library/psa_crypto_slot_management.c
View File

@ -329,7 +329,7 @@ static psa_status_t psa_load_builtin_key_into_slot(psa_key_slot_t *slot)
/* Copy actual key length and core attributes into the slot on success */
slot->key.bytes = key_buffer_length;
slot->attr = attributes.core;
slot->attr = attributes;
exit:
if (status != PSA_SUCCESS) {
psa_remove_key_data_from_memory(slot);

8
library/psa_crypto_storage.c
View File

@ -235,7 +235,7 @@ typedef struct {
void psa_format_key_data_for_storage(const uint8_t *data,
const size_t data_length,
const psa_core_key_attributes_t *attr,
const psa_key_attributes_t *attr,
uint8_t *storage_data)
{
psa_persistent_key_storage_format *storage_format =
@ -267,7 +267,7 @@ psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data,
size_t storage_data_length,
uint8_t **key_data,
size_t *key_data_length,
psa_core_key_attributes_t *attr)
psa_key_attributes_t *attr)
{
psa_status_t status;
const psa_persistent_key_storage_format *storage_format =
@ -314,7 +314,7 @@ psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data,
return PSA_SUCCESS;
}
psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr,
psa_status_t psa_save_persistent_key(const psa_key_attributes_t *attr,
const uint8_t *data,
const size_t data_length)
{
@ -352,7 +352,7 @@ void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length)
mbedtls_zeroize_and_free(key_data, key_data_length);
}
psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr,
psa_status_t psa_load_persistent_key(psa_key_attributes_t *attr,
uint8_t **data,
size_t *data_length)
{

8
library/psa_crypto_storage.h
View File

@ -93,7 +93,7 @@ int psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key);
* \retval #PSA_ERROR_DATA_INVALID \emptydescription
* \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
*/
psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr,
psa_status_t psa_save_persistent_key(const psa_key_attributes_t *attr,
const uint8_t *data,
const size_t data_length);
@ -123,7 +123,7 @@ psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr,
* \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
* \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription
*/
psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr,
psa_status_t psa_load_persistent_key(psa_key_attributes_t *attr,
uint8_t **data,
size_t *data_length);
@ -163,7 +163,7 @@ void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length);
*/
void psa_format_key_data_for_storage(const uint8_t *data,
const size_t data_length,
const psa_core_key_attributes_t *attr,
const psa_key_attributes_t *attr,
uint8_t *storage_data);
/**
@ -186,7 +186,7 @@ psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data,
size_t storage_data_length,
uint8_t **key_data,
size_t *key_data_length,
psa_core_key_attributes_t *attr);
psa_key_attributes_t *attr);
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/** This symbol is defined if transaction support is required. */