From 4755e6bda47e8722ade10b0a86d1e94e89c312f1 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 12 Jan 2024 16:35:59 +0000 Subject: [PATCH] Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION psa_wipe_key_slot can now be called on a slot in any state, if the slot's state is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered reader. Remove the state changing calls that are no longer necessary. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 14 +++----------- library/psa_crypto_core.h | 7 ++----- library/psa_crypto_slot_management.c | 25 ++++++------------------- library/psa_crypto_slot_management.h | 2 +- 4 files changed, 12 insertions(+), 36 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index da5e5be778..1f64500258 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -983,10 +983,6 @@ psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot) * Persistent storage is not affected. */ psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot) { - if (slot->state != PSA_SLOT_PENDING_DELETION) { - return PSA_ERROR_BAD_STATE; - } - psa_status_t status = psa_remove_key_data_from_memory(slot); /* @@ -998,7 +994,9 @@ psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot) * function is called as part of the execution of a test suite, the * execution of the test suite is stopped in error if the assertion fails. */ - if (slot->registered_readers != 1) { + if (((slot->state == PSA_SLOT_FULL) || + (slot->state == PSA_SLOT_PENDING_DELETION)) && + (slot->registered_readers != 1)) { MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->registered_readers == 1); status = PSA_ERROR_CORRUPTION_DETECTED; } @@ -1828,12 +1826,6 @@ static void psa_fail_key_creation(psa_key_slot_t *slot, * itself. */ (void) psa_crypto_stop_transaction(); #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - - /* Prepare the key slot to be wiped, and then wipe it. */ - slot->registered_readers = 1; - psa_key_slot_state_transition(slot, PSA_SLOT_FILLING, - PSA_SLOT_PENDING_DELETION); - psa_wipe_key_slot(slot); } diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 3b5c634975..f11df9f36c 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -70,8 +70,6 @@ typedef struct { * Number of functions registered as reading the material in the key slot. * * Library functions must not write directly to registered_readers - * (unless the slot's state is PSA_SLOT_FILLING and the slot needs to be - * wiped following a failed key creation). * * A function must call psa_register_read(slot) before reading the current * contents of the slot for an operation. @@ -191,9 +189,8 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number( * \retval #PSA_SUCCESS * The slot has been successfully wiped. * \retval #PSA_ERROR_CORRUPTION_DETECTED - * The amount of registered readers was not equal to 1. - * \retval #PSA_ERROR_BAD_STATE - * The slot's state was not PSA_SLOT_PENDING_DELETION. + * The slot's state was PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION, and + * the amount of registered readers was not equal to 1. */ psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot); diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index ef76dcb897..e7ea8efb46 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -189,10 +189,6 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, (unused_persistent_key_slot != NULL)) { selected_slot = unused_persistent_key_slot; psa_register_read(selected_slot); - /* If the state is not changed then psa_wipe_key_slot - * will report an error. */ - psa_key_slot_state_transition(selected_slot, PSA_SLOT_FULL, - PSA_SLOT_PENDING_DELETION); status = psa_wipe_key_slot(selected_slot); if (status != PSA_SUCCESS) { goto error; @@ -394,12 +390,6 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ if (status != PSA_SUCCESS) { - /* Prepare the key slot to be wiped, and then wipe it. - * Don't overwrite status as a BAD_STATE error here - * can be reported in the psa_wipe_key_slot call. */ - (*p_slot)->registered_readers = 1; - psa_key_slot_state_transition((*p_slot), PSA_SLOT_FILLING, - PSA_SLOT_PENDING_DELETION); psa_wipe_key_slot(*p_slot); if (status == PSA_ERROR_DOES_NOT_EXIST) { @@ -544,13 +534,10 @@ psa_status_t psa_close_key(psa_key_handle_t handle) return status; } if (slot->registered_readers == 1) { - status = psa_key_slot_state_transition(slot, PSA_SLOT_FULL, - PSA_SLOT_PENDING_DELETION); - if (status != PSA_SUCCESS) { - return status; - } + return psa_wipe_key_slot(slot); + } else { + return psa_unregister_read(slot); } - return psa_unregister_read(slot); } psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) @@ -565,10 +552,10 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) && (slot->registered_readers == 1)) { - psa_key_slot_state_transition(slot, PSA_SLOT_FULL, - PSA_SLOT_PENDING_DELETION); + return psa_wipe_key_slot(slot); + } else { + return psa_unregister_read(slot); } - return psa_unregister_read(slot); } void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats) diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 5858b18514..9b8e89132c 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -179,7 +179,7 @@ static inline psa_status_t psa_register_read(psa_key_slot_t *slot) * This function decrements the key slot registered reader counter by one. * If the state of the slot is PSA_SLOT_PENDING_DELETION, * and there is only one registered reader (the caller), - * this function will call psa_wipe_slot(). + * this function will call psa_wipe_key_slot(). * * \note To ease the handling of errors in retrieving a key slot * a NULL input pointer is valid, and the function returns