With Archanaa's help I've analyzed the problem and filed an issue at https://github.com/Mbed-TLS/mbedtls/issues/7559 .

This problem is most likely to arise if you build with MBEDTLS_PSA_CRYPTO_STORAGE_C enabled but MBEDTLS_PSA_ITS_FILE_C disabled, relying on a native implementation of PSA ITS. As a quick fix, you can add the line #include "common.h" at the top of library/psa_crypto_core.h.

Best regards,

Gilles,

Thank you. I added #include "common.h" to the top of psa_crypto_core.h as suggested, but the build error persists that private members do not exist. I am still able to avoid the build error if I add MBEDTLS_PRIVATE() to the necessary private members referred in psa_crypto_core.h.

I have included /tfm/interface/include path in my build for path to psa/error.h in header psa/internal_trusted_storage.h

Regards, Archanaa

From: Gilles Peskine via mbed-tls mbed-tls@lists.trustedfirmware.org Sent: Sunday, May 7, 2023 2:22 PM To: mbed-tls@lists.trustedfirmware.org Subject: [EXTERNAL] [mbed-tls] Re: PSA key slot management functions access private structure members

Apologies, my analysis was wrong. With MBEDTLS_PSA_ITS_FILE_C disabled, Mbed TLS builds fine if I use a minimal version of the header psa/internal_trusted_storage.h. I can reproduce the build failure if I add https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/interface/i... to the compiler's include path. So the problem is an incompatibility between Mbed TLS headers and TF-M headers. I don't know yet which side(s) needs to be fixed.

Best regards,

-- Gilles Peskine On 05/05/2023 17:47, Gilles Peskine via mbed-tls wrote: With Archanaa's help I've analyzed the problem and filed an issue at https://github.com/Mbed-TLS/mbedtls/issues/7559 .

This problem is most likely to arise if you build with MBEDTLS_PSA_CRYPTO_STORAGE_C enabled but MBEDTLS_PSA_ITS_FILE_C disabled, relying on a native implementation of PSA ITS. As a quick fix, you can add the line #include "common.h" at the top of library/psa_crypto_core.h.

Best regards,

-- Gilles Peskine Mbed TLS developer On 05/05/2023 12:19, Gilles Peskine via mbed-tls wrote: Hi,

Can you share your configuration and compiler (including flags and target)? This isn't happening in any of the configurations we test on our CI, but psa_crypto_core.h doesn't include the correct header directly, and maybe the indirect include that makes it work for us is omitted in some configurations.

Library and test code should define MBEDTLS_ALLOW_PRIVATE_ACCESS, but it's missing in some places. We'll fix that, but it would be good to know what configurations make it actually break.

Best regards,

-- Gilles Peskine Mbed TLS developer On 04/05/2023 21:56, S Krishnan, Archanaa via mbed-tls wrote: Hello,

In mbedLS v3.4.0, I came across a build error that there are no members for type and flag in psa_core_keyattributes_t structure.

The following functions in psa_crypto_core.h access private members type and flag of psa_core_keyattributes_t structure without the MBEDTLS_PRIBATE() private access.

1. psa_is_key_slot_occupied() 2. psa_key_slot_get_flags() 3. psa_key_slot_set_flags() 4. psa_key_slot_set_bits_in_flags() 5. psa_key_slot_clear_bits()

Updating to private access for attribute struct members in psa_crypto_core.h fixed the build errors.

Regards, Archanaa