Don't access psa_key_attributes_t.core
Access the fields of `psa_key_attributes_t` directly rather than through the
`core` field. This makes the `core` field obsolete.
This commit is fully automated:
```
git ls-files '*.h' '*.c' '*.function' '*.jinja' | xargs perl -l -i -pe '$core = qr/\b(core\b|MBEDTLS_PRIVATE\(core\))/; s/->$core\./->/g; s/&(\w+)\.$core\./&$1./g; s/(\w+)\.$core/$1/g'
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 7046a31..71535fa 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -568,7 +568,7 @@
size_t *key_buffer_length, size_t *bits)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_type_t type = attributes->core.type;
+ psa_key_type_t type = attributes->type;
/* zero-length keys are never supported. */
if (data_length == 0) {
@@ -578,7 +578,7 @@
if (key_type_is_raw_bytes(type)) {
*bits = PSA_BYTES_TO_BITS(data_length);
- status = psa_validate_unstructured_key_bit_size(attributes->core.type,
+ status = psa_validate_unstructured_key_bit_size(attributes->type,
*bits);
if (status != PSA_SUCCESS) {
return status;
@@ -1245,8 +1245,8 @@
const psa_key_attributes_t *attributes,
psa_key_slot_number_t *slot_number)
{
- if (attributes->core.flags & MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER) {
- *slot_number = attributes->core.slot_number;
+ if (attributes->flags & MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER) {
+ *slot_number = attributes->slot_number;
return PSA_SUCCESS;
} else {
return PSA_ERROR_INVALID_ARGUMENT;
@@ -1275,7 +1275,7 @@
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length)
{
- psa_key_type_t type = attributes->core.type;
+ psa_key_type_t type = attributes->type;
if (key_type_is_raw_bytes(type) ||
PSA_KEY_TYPE_IS_RSA(type) ||
@@ -1341,7 +1341,7 @@
size_t data_size,
size_t *data_length)
{
- psa_key_type_t type = attributes->core.type;
+ psa_key_type_t type = attributes->type;
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) &&
(PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) ||
@@ -1518,7 +1518,7 @@
}
}
- status = psa_validate_key_policy(&attributes->core.policy);
+ status = psa_validate_key_policy(&attributes->policy);
if (status != PSA_SUCCESS) {
return status;
}
@@ -1532,7 +1532,7 @@
}
/* Reject invalid flags. These should not be reachable through the API. */
- if (attributes->core.flags & ~(MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
+ if (attributes->flags & ~(MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
MBEDTLS_PSA_KA_MASK_DUAL_USE)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
@@ -1652,7 +1652,7 @@
return status;
}
- if (!PSA_KEY_LIFETIME_IS_VOLATILE(attributes->core.lifetime)) {
+ if (!PSA_KEY_LIFETIME_IS_VOLATILE(attributes->lifetime)) {
psa_crypto_prepare_transaction(PSA_CRYPTO_TRANSACTION_CREATE_KEY);
psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
psa_crypto_transaction.key.slot = slot_number;
@@ -1852,14 +1852,14 @@
const psa_key_slot_t *slot,
const psa_key_attributes_t *attributes)
{
- if (attributes->core.type != 0) {
- if (attributes->core.type != slot->attr.type) {
+ if (attributes->type != 0) {
+ if (attributes->type != slot->attr.type) {
return PSA_ERROR_INVALID_ARGUMENT;
}
}
- if (attributes->core.bits != 0) {
- if (attributes->core.bits != slot->attr.bits) {
+ if (attributes->bits != 0) {
+ if (attributes->bits != slot->attr.bits) {
return PSA_ERROR_INVALID_ARGUMENT;
}
}
@@ -1903,7 +1903,7 @@
* with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
* buffer to hold the imported key material. */
if (slot->key.data == NULL) {
- if (psa_key_lifetime_is_external(attributes->core.lifetime)) {
+ if (psa_key_lifetime_is_external(attributes->lifetime)) {
status = psa_driver_wrapper_get_key_buffer_size_from_key_data(
attributes, data, data_length, &storage_size);
if (status != PSA_SUCCESS) {
@@ -2023,12 +2023,12 @@
* equal to the ones of the source key. So it is safe to inherit
* them from the source key now."
* */
- actual_attributes.core.bits = source_slot->attr.bits;
- actual_attributes.core.type = source_slot->attr.type;
+ actual_attributes.bits = source_slot->attr.bits;
+ actual_attributes.type = source_slot->attr.type;
status = psa_restrict_key_policy(source_slot->attr.type,
- &actual_attributes.core.policy,
+ &actual_attributes.policy,
&source_slot->attr.policy);
if (status != PSA_SUCCESS) {
goto exit;
@@ -2057,7 +2057,7 @@
* - For opaque keys this translates to an invocation of the drivers'
* copy_key entry point through the dispatch layer.
* */
- if (psa_key_lifetime_is_external(actual_attributes.core.lifetime)) {
+ if (psa_key_lifetime_is_external(actual_attributes.lifetime)) {
status = psa_driver_wrapper_get_key_buffer_size(&actual_attributes,
&storage_size);
if (status != PSA_SUCCESS) {
@@ -2878,7 +2878,7 @@
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length)
{
- if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
+ if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
PSA_ALG_IS_RSA_PSS(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
@@ -2893,7 +2893,7 @@
} else {
return PSA_ERROR_INVALID_ARGUMENT;
}
- } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
+ } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) {
if (PSA_ALG_IS_ECDSA(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
@@ -2939,7 +2939,7 @@
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length)
{
- if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) {
+ if (PSA_KEY_TYPE_IS_RSA(attributes->type)) {
if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
PSA_ALG_IS_RSA_PSS(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
@@ -2954,7 +2954,7 @@
} else {
return PSA_ERROR_INVALID_ARGUMENT;
}
- } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
+ } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) {
if (PSA_ALG_IS_ECDSA(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
@@ -3450,7 +3450,7 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t required_hash_length;
- if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
+ if (!PSA_KEY_TYPE_IS_ECC(attributes->type)) {
return PSA_ERROR_NOT_SUPPORTED;
}
@@ -3467,8 +3467,8 @@
/* Ensure num_ops is zero'ed in case of context re-use. */
operation->num_ops = 0;
- status = mbedtls_psa_ecp_load_representation(attributes->core.type,
- attributes->core.bits,
+ status = mbedtls_psa_ecp_load_representation(attributes->type,
+ attributes->bits,
key_buffer,
key_buffer_size,
&operation->ctx);
@@ -3666,7 +3666,7 @@
size_t coordinate_bytes = 0;
size_t required_hash_length = 0;
- if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
+ if (!PSA_KEY_TYPE_IS_ECC(attributes->type)) {
return PSA_ERROR_NOT_SUPPORTED;
}
@@ -3685,8 +3685,8 @@
/* Ensure num_ops is zero'ed in case of context re-use. */
operation->num_ops = 0;
- status = mbedtls_psa_ecp_load_representation(attributes->core.type,
- attributes->core.bits,
+ status = mbedtls_psa_ecp_load_representation(attributes->type,
+ attributes->bits,
key_buffer,
key_buffer_size,
&operation->ctx);
@@ -5818,7 +5818,7 @@
slot->attr.bits = (psa_key_bits_t) bits;
- if (psa_key_lifetime_is_external(slot->attr.core.lifetime)) {
+ if (psa_key_lifetime_is_external(slot->attr.lifetime)) {
status = psa_driver_wrapper_get_key_buffer_size(&slot->attr,
&storage_size);
if (status != PSA_SUCCESS) {
@@ -5901,7 +5901,7 @@
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
if (status == PSA_SUCCESS) {
status = psa_generate_derived_key_internal(slot,
- attributes->core.bits,
+ attributes->bits,
operation);
}
if (status == PSA_SUCCESS) {
@@ -7319,7 +7319,7 @@
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_type_t type = attributes->core.type;
+ psa_key_type_t type = attributes->type;
/* Only used for RSA */
(void) params;
@@ -7392,12 +7392,12 @@
}
/* Reject any attempt to create a public key. */
- if (PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->core.type)) {
+ if (PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->type)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
- if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
+ if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
if (params->flags != 0) {
return PSA_ERROR_INVALID_ARGUMENT;
}
@@ -7418,17 +7418,17 @@
* with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
* buffer to hold the generated key material. */
if (slot->key.data == NULL) {
- if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime) ==
+ if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->lifetime) ==
PSA_KEY_LOCATION_LOCAL_STORAGE) {
status = psa_validate_key_type_and_size_for_key_generation(
- attributes->core.type, attributes->core.bits);
+ attributes->type, attributes->bits);
if (status != PSA_SUCCESS) {
goto exit;
}
key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
- attributes->core.type,
- attributes->core.bits);
+ attributes->type,
+ attributes->bits);
} else {
status = psa_driver_wrapper_get_key_buffer_size(
attributes, &key_buffer_size);
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 49aa961..a201985 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -33,10 +33,10 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_cipher_id_t cipher_id;
mbedtls_cipher_mode_t mode;
- size_t key_bits = attributes->core.bits;
+ size_t key_bits = attributes->bits;
(void) key_buffer_size;
- status = mbedtls_cipher_values_from_psa(alg, attributes->core.type,
+ status = mbedtls_cipher_values_from_psa(alg, attributes->type,
&key_bits, &mode, &cipher_id);
if (status != PSA_SUCCESS) {
return status;
@@ -49,7 +49,7 @@
/* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
* The call to mbedtls_ccm_encrypt_and_tag or
* mbedtls_ccm_auth_decrypt will validate the tag length. */
- if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->core.type) != 16) {
+ if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->type) != 16) {
return PSA_ERROR_INVALID_ARGUMENT;
}
@@ -69,7 +69,7 @@
/* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
* The call to mbedtls_gcm_crypt_and_tag or
* mbedtls_gcm_auth_decrypt will validate the tag length. */
- if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->core.type) != 16) {
+ if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->type) != 16) {
return PSA_ERROR_INVALID_ARGUMENT;
}
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 3132854..a45fb0f 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -289,14 +289,14 @@
int ret = 0;
size_t key_bits;
const mbedtls_cipher_info_t *cipher_info = NULL;
- psa_key_type_t key_type = attributes->core.type;
+ psa_key_type_t key_type = attributes->type;
(void) key_buffer_size;
mbedtls_cipher_init(&operation->ctx.cipher);
operation->alg = alg;
- key_bits = attributes->core.bits;
+ key_bits = attributes->bits;
cipher_info = mbedtls_cipher_info_from_psa(alg, key_type,
key_bits, NULL);
if (cipher_info == NULL) {
diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index 7edea81..9d583aa 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -216,8 +216,8 @@
mbedtls_ecp_keypair *ecp = NULL;
/* Parse input */
- status = mbedtls_psa_ecp_load_representation(attributes->core.type,
- attributes->core.bits,
+ status = mbedtls_psa_ecp_load_representation(attributes->type,
+ attributes->bits,
data,
data_length,
&ecp);
@@ -225,7 +225,7 @@
goto exit;
}
- if (PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) ==
+ if (PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type) ==
PSA_ECC_FAMILY_MONTGOMERY) {
*bits = ecp->grp.nbits + 1;
} else {
@@ -235,7 +235,7 @@
/* Re-export the data to PSA export format. There is currently no support
* for other input formats then the export format, so this is a 1-1
* copy operation. */
- status = mbedtls_psa_ecp_export_key(attributes->core.type,
+ status = mbedtls_psa_ecp_export_key(attributes->type,
ecp,
key_buffer,
key_buffer_size,
@@ -308,7 +308,7 @@
mbedtls_ecp_keypair *ecp = NULL;
status = mbedtls_psa_ecp_load_representation(
- attributes->core.type, attributes->core.bits,
+ attributes->type, attributes->bits,
key_buffer, key_buffer_size, &ecp);
if (status != PSA_SUCCESS) {
return status;
@@ -316,7 +316,7 @@
status = mbedtls_psa_ecp_export_key(
PSA_KEY_TYPE_ECC_PUBLIC_KEY(
- PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type)),
+ PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type)),
ecp, data, data_size, data_length);
mbedtls_ecp_keypair_free(ecp);
@@ -337,9 +337,9 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
- attributes->core.type);
+ attributes->type);
mbedtls_ecp_group_id grp_id =
- mbedtls_ecc_group_from_psa(curve, attributes->core.bits);
+ mbedtls_ecc_group_from_psa(curve, attributes->bits);
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_grp_id(grp_id);
@@ -389,8 +389,8 @@
size_t curve_bytes;
mbedtls_mpi r, s;
- status = mbedtls_psa_ecp_load_representation(attributes->core.type,
- attributes->core.bits,
+ status = mbedtls_psa_ecp_load_representation(attributes->type,
+ attributes->bits,
key_buffer,
key_buffer_size,
&ecp);
@@ -476,8 +476,8 @@
(void) alg;
- status = mbedtls_psa_ecp_load_representation(attributes->core.type,
- attributes->core.bits,
+ status = mbedtls_psa_ecp_load_representation(attributes->type,
+ attributes->bits,
key_buffer,
key_buffer_size,
&ecp);
@@ -541,14 +541,14 @@
size_t *shared_secret_length)
{
psa_status_t status;
- if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(attributes->core.type) ||
+ if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(attributes->type) ||
!PSA_ALG_IS_ECDH(alg)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
mbedtls_ecp_keypair *ecp = NULL;
status = mbedtls_psa_ecp_load_representation(
- attributes->core.type,
- attributes->core.bits,
+ attributes->type,
+ attributes->bits,
key_buffer,
key_buffer_size,
&ecp);
diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c
index 0099d5f..ae38f6d 100644
--- a/library/psa_crypto_ffdh.c
+++ b/library/psa_crypto_ffdh.c
@@ -151,7 +151,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi GX, G, X, P;
- psa_key_type_t type = attributes->core.type;
+ psa_key_type_t type = attributes->type;
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) {
if (key_buffer_size > data_size) {
@@ -167,7 +167,7 @@
mbedtls_mpi_init(&GX); mbedtls_mpi_init(&G);
mbedtls_mpi_init(&X); mbedtls_mpi_init(&P);
- size_t key_len = PSA_BITS_TO_BYTES(attributes->core.bits);
+ size_t key_len = PSA_BITS_TO_BYTES(attributes->bits);
status = mbedtls_psa_ffdh_set_prime_generator(key_len, &P, &G);
@@ -283,7 +283,7 @@
mbedtls_mpi_init(&K);
status = mbedtls_psa_ffdh_set_prime_generator(
- PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G);
+ PSA_BITS_TO_BYTES(attributes->bits), &P, &G);
if (status != PSA_SUCCESS) {
goto cleanup;
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 84a8667..2f613b3 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -116,7 +116,7 @@
mbedtls_rsa_context *rsa = NULL;
/* Parse input */
- status = mbedtls_psa_rsa_load_representation(attributes->core.type,
+ status = mbedtls_psa_rsa_load_representation(attributes->type,
data,
data_length,
&rsa);
@@ -130,7 +130,7 @@
* representation in the key slot. Export representation in case of RSA is
* the smallest representation that's allowed as input, so a straight-up
* allocation of the same size as the input buffer will be large enough. */
- status = mbedtls_psa_rsa_export_key(attributes->core.type,
+ status = mbedtls_psa_rsa_export_key(attributes->type,
rsa,
key_buffer,
key_buffer_size,
@@ -196,7 +196,7 @@
mbedtls_rsa_context *rsa = NULL;
status = mbedtls_psa_rsa_load_representation(
- attributes->core.type, key_buffer, key_buffer_size, &rsa);
+ attributes->type, key_buffer, key_buffer_size, &rsa);
if (status != PSA_SUCCESS) {
return status;
}
@@ -261,13 +261,13 @@
ret = mbedtls_rsa_gen_key(&rsa,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
- (unsigned int) attributes->core.bits,
+ (unsigned int) attributes->bits,
exponent);
if (ret != 0) {
return mbedtls_to_psa_error(ret);
}
- status = mbedtls_psa_rsa_export_key(attributes->core.type,
+ status = mbedtls_psa_rsa_export_key(attributes->type,
&rsa, key_buffer, key_buffer_size,
key_buffer_length);
mbedtls_rsa_free(&rsa);
@@ -325,7 +325,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_type_t md_alg;
- status = mbedtls_psa_rsa_load_representation(attributes->core.type,
+ status = mbedtls_psa_rsa_load_representation(attributes->type,
key_buffer,
key_buffer_size,
&rsa);
@@ -424,7 +424,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_type_t md_alg;
- status = mbedtls_psa_rsa_load_representation(attributes->core.type,
+ status = mbedtls_psa_rsa_load_representation(attributes->type,
key_buffer,
key_buffer_size,
&rsa);
@@ -536,11 +536,11 @@
(void) output_size;
(void) output_length;
- if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) {
+ if (PSA_KEY_TYPE_IS_RSA(attributes->type)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
mbedtls_rsa_context *rsa = NULL;
- status = mbedtls_psa_rsa_load_representation(attributes->core.type,
+ status = mbedtls_psa_rsa_load_representation(attributes->type,
key_buffer,
key_buffer_size,
&rsa);
@@ -632,11 +632,11 @@
*output_length = 0;
- if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
+ if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
mbedtls_rsa_context *rsa = NULL;
- status = mbedtls_psa_rsa_load_representation(attributes->core.type,
+ status = mbedtls_psa_rsa_load_representation(attributes->type,
key_buffer,
key_buffer_size,
&rsa);