diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3c5bbbdf6e..a27fd42c42 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -881,8 +881,9 @@ static psa_status_t psa_restrict_key_policy( * In case of a persistent key, the function loads the description of the key * into a key slot if not already done. * - * On success, the returned key slot is locked. It is the responsibility of - * the caller to unlock the key slot when it does not access it anymore. + * On success, the returned key slot has been registered for reading. + * It is the responsibility of the caller to call psa_unregister_read(slot) + * when they have finished reading the contents of the slot. */ static psa_status_t psa_get_and_lock_key_slot_with_policy( mbedtls_svc_key_id_t key, @@ -926,7 +927,7 @@ static psa_status_t psa_get_and_lock_key_slot_with_policy( error: *p_slot = NULL; - psa_unlock_key_slot(slot); + psa_unregister_read(slot); return status; } @@ -941,8 +942,9 @@ error: * psa_get_and_lock_key_slot_with_policy() when there is no opaque key support * for a cryptographic operation. * - * On success, the returned key slot is locked. It is the responsibility of the - * caller to unlock the key slot when it does not access it anymore. + * On success, the returned key slot has been registered for reading. + * It is the responsibility of the caller to call psa_unregister_read(slot) + * when they have finished reading the contents of the slot. */ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( mbedtls_svc_key_id_t key, @@ -957,7 +959,7 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( } if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime)) { - psa_unlock_key_slot(*p_slot); + psa_unregister_read(*p_slot); *p_slot = NULL; return PSA_ERROR_NOT_SUPPORTED; } diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 0f480fb098..4846e33ea8 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -108,7 +108,9 @@ static psa_status_t psa_get_and_lock_key_slot_in_memory( for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) { slot = &global_data.key_slots[slot_idx]; - if (mbedtls_svc_key_id_equal(key, slot->attr.id)) { + /* Only consider slots which are in a full state. */ + if ((slot->state == PSA_SLOT_FULL) && + (mbedtls_svc_key_id_equal(key, slot->attr.id))) { break; } } @@ -117,7 +119,7 @@ static psa_status_t psa_get_and_lock_key_slot_in_memory( } if (status == PSA_SUCCESS) { - status = psa_lock_key_slot(slot); + status = psa_register_read(slot); if (status == PSA_SUCCESS) { *p_slot = slot; } @@ -367,7 +369,7 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) psa_key_id_t volatile_key_id; - status = psa_get_empty_key_slot(&volatile_key_id, p_slot); + status = psa_reserve_free_key_slot(&volatile_key_id, p_slot); if (status != PSA_SUCCESS) { return status; } @@ -388,13 +390,24 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ if (status != PSA_SUCCESS) { + /* Prepare the key slot to be wiped, and then wipe it. + * Don't overwrite status as a BAD_STATE error here + * can be reported in the psa_wipe_key_slot call. */ + (*p_slot)->registered_readers = 1; + psa_key_slot_state_transition((*p_slot), PSA_SLOT_FILLING, + PSA_SLOT_PENDING_DELETION); psa_wipe_key_slot(*p_slot); + if (status == PSA_ERROR_DOES_NOT_EXIST) { status = PSA_ERROR_INVALID_HANDLE; } } else { /* Add implicit usage flags. */ psa_extend_key_usage_flags(&(*p_slot)->attr.policy.usage); + + psa_key_slot_state_transition((*p_slot), PSA_SLOT_FILLING, + PSA_SLOT_FULL); + status = psa_register_read(*p_slot); } return status; diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index b2cf570112..5858b18514 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -54,8 +54,9 @@ static inline int psa_key_id_is_volatile(psa_key_id_t key_id) * In case of a persistent key, the function loads the description of the key * into a key slot if not already done. * - * On success, the returned key slot is locked. It is the responsibility of - * the caller to unlock the key slot when it does not access it anymore. + * On success, the returned key slot has been registered for reading. + * It is the responsibility of the caller to call psa_unregister_read(slot) + * when they have finished reading the contents of the slot. * * \param key Key identifier to query. * \param[out] p_slot On success, `*p_slot` contains a pointer to the @@ -67,7 +68,9 @@ static inline int psa_key_id_is_volatile(psa_key_id_t key_id) * description of the key identified by \p key. * The key slot counter has been incremented. * \retval #PSA_ERROR_BAD_STATE - * The library has not been initialized. + * The library has not been initialized. Or, + * this call was operating on a key slot and found the slot in + * an invalid state for the operation. * \retval #PSA_ERROR_INVALID_HANDLE * \p key is not a valid key identifier. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY