Move attribute fields to a substructure

Move the "core attributes" to a substructure of psa_key_attribute_t.
The motivation is to be able to use the new structure
psa_core_key_attributes_t internally.

include/psa/crypto_extra.h

@@ -89,7 +89,7 @@ static inline void psa_set_key_enrollment_algorithm(
     psa_key_attributes_t *attributes,
     psa_algorithm_t alg2)
 {
-    attributes->policy.alg2 = alg2;
+    attributes->core.policy.alg2 = alg2;
 }
 
 /** Retrieve the enrollment algorithm policy from key attributes.
@@ -101,7 +101,7 @@ static inline void psa_set_key_enrollment_algorithm(
 static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
     const psa_key_attributes_t *attributes)
 {
-    return( attributes->policy.alg2 );
+    return( attributes->core.policy.alg2 );
 }
 
 /**@}*/

include/psa/crypto_struct.h

@@ -309,18 +309,25 @@ static inline struct psa_key_policy_s psa_key_policy_init( void )
     return( v );
 }
 
+typedef struct
+{
+    psa_key_type_t type;
+    psa_key_lifetime_t lifetime;
+    psa_key_id_t id;
+    psa_key_policy_t policy;
+    size_t bits;
+} psa_core_key_attributes_t;
+
+#define PSA_CORE_KEY_ATTRIBUTES_INIT {0, 0, 0, {0, 0, 0}, 0}
+
 struct psa_key_attributes_s
 {
-    psa_key_id_t id;
-    psa_key_lifetime_t lifetime;
-    psa_key_policy_t policy;
-    psa_key_type_t type;
-    size_t bits;
+    psa_core_key_attributes_t core;
     void *domain_parameters;
     size_t domain_parameters_size;
 };
 
-#define PSA_KEY_ATTRIBUTES_INIT {0, 0, {0, 0, 0}, 0, 0, NULL, 0}
+#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0}
 static inline struct psa_key_attributes_s psa_key_attributes_init( void )
 {
     const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
@@ -330,53 +337,53 @@ static inline struct psa_key_attributes_s psa_key_attributes_init( void )
 static inline void psa_set_key_id(psa_key_attributes_t *attributes,
                                   psa_key_id_t id)
 {
-    attributes->id = id;
-    if( attributes->lifetime == PSA_KEY_LIFETIME_VOLATILE )
-        attributes->lifetime = PSA_KEY_LIFETIME_PERSISTENT;
+    attributes->core.id = id;
+    if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE )
+        attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
 }
 
 static inline psa_key_id_t psa_get_key_id(
     const psa_key_attributes_t *attributes)
 {
-    return( attributes->id );
+    return( attributes->core.id );
 }
 
 static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
                                         psa_key_lifetime_t lifetime)
 {
-    attributes->lifetime = lifetime;
+    attributes->core.lifetime = lifetime;
     if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
-        attributes->id = 0;
+        attributes->core.id = 0;
 }
 
 static inline psa_key_lifetime_t psa_get_key_lifetime(
     const psa_key_attributes_t *attributes)
 {
-    return( attributes->lifetime );
+    return( attributes->core.lifetime );
 }
 
 static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
                                            psa_key_usage_t usage_flags)
 {
-    attributes->policy.usage = usage_flags;
+    attributes->core.policy.usage = usage_flags;
 }
 
 static inline psa_key_usage_t psa_get_key_usage_flags(
     const psa_key_attributes_t *attributes)
 {
-    return( attributes->policy.usage );
+    return( attributes->core.policy.usage );
 }
 
 static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
                                          psa_algorithm_t alg)
 {
-    attributes->policy.alg = alg;
+    attributes->core.policy.alg = alg;
 }
 
 static inline psa_algorithm_t psa_get_key_algorithm(
     const psa_key_attributes_t *attributes)
 {
-    return( attributes->policy.alg );
+    return( attributes->core.policy.alg );
 }
 
 /* This function is declared in crypto_extra.h, which comes after this
@@ -392,7 +399,7 @@ static inline void psa_set_key_type(psa_key_attributes_t *attributes,
     if( attributes->domain_parameters == NULL )
     {
         /* Common case: quick path */
-        attributes->type = type;
+        attributes->core.type = type;
     }
     else
     {
@@ -407,19 +414,19 @@ static inline void psa_set_key_type(psa_key_attributes_t *attributes,
 static inline psa_key_type_t psa_get_key_type(
     const psa_key_attributes_t *attributes)
 {
-    return( attributes->type );
+    return( attributes->core.type );
 }
 
 static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
                                     size_t bits)
 {
-    attributes->bits = bits;
+    attributes->core.bits = bits;
 }
 
 static inline size_t psa_get_key_bits(
     const psa_key_attributes_t *attributes)
 {
-    return( attributes->bits );
+    return( attributes->core.bits );
 }
 
 #endif /* PSA_CRYPTO_STRUCT_H */

library/psa_crypto.c

@@ -1086,7 +1086,7 @@ psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
 
     attributes->domain_parameters = copy;
     attributes->domain_parameters_size = data_length;
-    attributes->type = type;
+    attributes->core.type = type;
     return( PSA_SUCCESS );
 }
 
@@ -1153,11 +1153,11 @@ exit:
 static void psa_get_key_slot_attributes( psa_key_slot_t *slot,
                                          psa_key_attributes_t *attributes )
 {
-    attributes->id = slot->persistent_storage_id;
-    attributes->lifetime = slot->lifetime;
-    attributes->policy = slot->policy;
-    attributes->type = slot->type;
-    attributes->bits = psa_get_key_slot_bits( slot );
+    attributes->core.id = slot->persistent_storage_id;
+    attributes->core.lifetime = slot->lifetime;
+    attributes->core.policy = slot->policy;
+    attributes->core.type = slot->type;
+    attributes->core.bits = psa_get_key_slot_bits( slot );
 }
 
 /** Retrieve all the publicly-accessible attributes of a key.
@@ -1454,21 +1454,21 @@ static psa_status_t psa_start_key_creation(
         return( status );
     slot = *p_slot;
 
-    status = psa_set_key_policy_internal( slot, &attributes->policy );
+    status = psa_set_key_policy_internal( slot, &attributes->core.policy );
     if( status != PSA_SUCCESS )
         return( status );
-    slot->lifetime = attributes->lifetime;
+    slot->lifetime = attributes->core.lifetime;
 
-    if( attributes->lifetime != PSA_KEY_LIFETIME_VOLATILE )
+    if( attributes->core.lifetime != PSA_KEY_LIFETIME_VOLATILE )
     {
-        status = psa_validate_persistent_key_parameters( attributes->lifetime,
-                                                         attributes->id,
+        status = psa_validate_persistent_key_parameters( attributes->core.lifetime,
+                                                         attributes->core.id,
                                                          p_drv, 1 );
         if( status != PSA_SUCCESS )
             return( status );
-        slot->persistent_storage_id = attributes->id;
+        slot->persistent_storage_id = attributes->core.id;
     }
-    slot->type = attributes->type;
+    slot->type = attributes->core.type;
 
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
     /* For a key in a secure element, we need to do three things:
@@ -1628,9 +1628,9 @@ static psa_status_t psa_check_key_slot_attributes(
     const psa_key_slot_t *slot,
     const psa_key_attributes_t *attributes )
 {
-    if( attributes->type != 0 )
+    if( attributes->core.type != 0 )
     {
-        if( attributes->type != slot->type )
+        if( attributes->core.type != slot->type )
             return( PSA_ERROR_INVALID_ARGUMENT );
     }
 
@@ -1667,9 +1667,9 @@ static psa_status_t psa_check_key_slot_attributes(
         }
     }
 
-    if( attributes->bits != 0 )
+    if( attributes->core.bits != 0 )
     {
-        if( attributes->bits != psa_get_key_slot_bits( slot ) )
+        if( attributes->core.bits != psa_get_key_slot_bits( slot ) )
             return( PSA_ERROR_INVALID_ARGUMENT );
     }
 
@@ -1772,7 +1772,7 @@ psa_status_t psa_copy_key( psa_key_handle_t source_handle,
     if( status != PSA_SUCCESS )
         goto exit;
 
-    status = psa_restrict_key_policy( &actual_attributes.policy,
+    status = psa_restrict_key_policy( &actual_attributes.core.policy,
                                       &source_slot->policy );
     if( status != PSA_SUCCESS )
         goto exit;
@@ -4706,7 +4706,7 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
     if( status == PSA_SUCCESS )
     {
         status = psa_generate_derived_key_internal( slot,
-                                                    attributes->bits,
+                                                    attributes->core.bits,
                                                     operation );
     }
     if( status == PSA_SUCCESS )
@@ -5744,7 +5744,7 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
     if( status == PSA_SUCCESS )
     {
         status = psa_generate_key_internal(
-            slot, attributes->bits,
+            slot, attributes->core.bits,
             attributes->domain_parameters, attributes->domain_parameters_size );
     }
     if( status == PSA_SUCCESS )

library/psa_crypto_core.h

@@ -40,9 +40,9 @@
 typedef struct
 {
     psa_key_type_t type;
-    psa_key_policy_t policy;
     psa_key_lifetime_t lifetime;
     psa_key_file_id_t persistent_storage_id;
+    psa_key_policy_t policy;
     unsigned allocated : 1;
     union
     {

library/psa_crypto_se.c

@@ -198,7 +198,7 @@ psa_status_t psa_find_se_slot_for_key(
     psa_drv_se_allocate_key_t p_allocate = NULL;
 
     /* If the lifetime is wrong, it's a bug in the library. */
-    if( driver->lifetime != attributes->lifetime )
+    if( driver->lifetime != psa_get_key_lifetime( attributes ) )
         return( PSA_ERROR_CORRUPTION_DETECTED );
 
     /* If the driver doesn't support key creation in any way, give up now. */

library/psa_crypto_slot_management.c

@@ -133,7 +133,7 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *p_slot )
         goto exit;
     p_slot->lifetime = psa_get_key_lifetime( &attributes );
     p_slot->type = psa_get_key_type( &attributes );
-    p_slot->policy = attributes.policy;
+    p_slot->policy = attributes.core.policy;
 
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
     if( psa_key_lifetime_is_external( p_slot->lifetime ) )

library/psa_crypto_storage.c

@@ -328,11 +328,11 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
         memcpy( *key_data, storage_format->key_data, *key_data_length );
     }
 
-    GET_UINT32_LE( attributes->lifetime, storage_format->lifetime, 0 );
-    GET_UINT32_LE( attributes->type, storage_format->type, 0 );
-    GET_UINT32_LE( attributes->policy.usage, storage_format->policy, 0 );
-    GET_UINT32_LE( attributes->policy.alg, storage_format->policy, sizeof( uint32_t ) );
-    GET_UINT32_LE( attributes->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
+    GET_UINT32_LE( attributes->core.lifetime, storage_format->lifetime, 0 );
+    GET_UINT32_LE( attributes->core.type, storage_format->type, 0 );
+    GET_UINT32_LE( attributes->core.policy.usage, storage_format->policy, 0 );
+    GET_UINT32_LE( attributes->core.policy.alg, storage_format->policy, sizeof( uint32_t ) );
+    GET_UINT32_LE( attributes->core.policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
 
     return( PSA_SUCCESS );
 }

tests/suites/test_suite_psa_crypto.function

@@ -1225,7 +1225,7 @@ void import( data_t *data, int type_arg,
     PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
     TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
     if( attr_bits != 0 )
-        TEST_EQUAL( attr_bits, got_attributes.bits );
+        TEST_EQUAL( attr_bits, psa_get_key_bits( &got_attributes ) );
 
     PSA_ASSERT( psa_destroy_key( handle ) );
     test_operations_on_invalid_handle( handle );