Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION

psa_wipe_key_slot can now be called on a slot in any state, if the slot's state
is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered
reader.

Remove the state changing calls that are no longer necessary.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>

library/psa_crypto.c

@@ -983,10 +983,6 @@ psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot)
  * Persistent storage is not affected. */
 psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot)
 {
-    if (slot->state != PSA_SLOT_PENDING_DELETION) {
-        return PSA_ERROR_BAD_STATE;
-    }
-
     psa_status_t status = psa_remove_key_data_from_memory(slot);
 
     /*
@@ -998,7 +994,9 @@ psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot)
      * function is called as part of the execution of a test suite, the
      * execution of the test suite is stopped in error if the assertion fails.
      */
-    if (slot->registered_readers != 1) {
+    if (((slot->state == PSA_SLOT_FULL) ||
+         (slot->state == PSA_SLOT_PENDING_DELETION)) &&
+        (slot->registered_readers != 1)) {
         MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->registered_readers == 1);
         status = PSA_ERROR_CORRUPTION_DETECTED;
     }
@@ -1828,12 +1826,6 @@ static void psa_fail_key_creation(psa_key_slot_t *slot,
      * itself. */
     (void) psa_crypto_stop_transaction();
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-    /* Prepare the key slot to be wiped, and then wipe it. */
-    slot->registered_readers = 1;
-    psa_key_slot_state_transition(slot, PSA_SLOT_FILLING,
-                                  PSA_SLOT_PENDING_DELETION);
-
     psa_wipe_key_slot(slot);
 }
 

library/psa_crypto_core.h

@@ -70,8 +70,6 @@ typedef struct {
      * Number of functions registered as reading the material in the key slot.
      *
      * Library functions must not write directly to registered_readers
-     * (unless the slot's state is PSA_SLOT_FILLING and the slot needs to be
-     * wiped following a failed key creation).
      *
      * A function must call psa_register_read(slot) before reading the current
      * contents of the slot for an operation.
@@ -191,9 +189,8 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number(
  * \retval #PSA_SUCCESS
  *         The slot has been successfully wiped.
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
- *         The amount of registered readers was not equal to 1.
- * \retval #PSA_ERROR_BAD_STATE
- *         The slot's state was not PSA_SLOT_PENDING_DELETION.
+ *         The slot's state was PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION, and
+ *         the amount of registered readers was not equal to 1.
  */
 psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot);
 

library/psa_crypto_slot_management.c

@@ -189,10 +189,6 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id,
         (unused_persistent_key_slot != NULL)) {
         selected_slot = unused_persistent_key_slot;
         psa_register_read(selected_slot);
-        /* If the state is not changed then psa_wipe_key_slot
-         * will report an error. */
-        psa_key_slot_state_transition(selected_slot, PSA_SLOT_FULL,
-                                      PSA_SLOT_PENDING_DELETION);
         status = psa_wipe_key_slot(selected_slot);
         if (status != PSA_SUCCESS) {
             goto error;
@@ -394,12 +390,6 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key,
 #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
 
     if (status != PSA_SUCCESS) {
-        /* Prepare the key slot to be wiped, and then wipe it.
-         * Don't overwrite status as a BAD_STATE error here
-         * can be reported in the psa_wipe_key_slot call. */
-        (*p_slot)->registered_readers = 1;
-        psa_key_slot_state_transition((*p_slot), PSA_SLOT_FILLING,
-                                      PSA_SLOT_PENDING_DELETION);
         psa_wipe_key_slot(*p_slot);
 
         if (status == PSA_ERROR_DOES_NOT_EXIST) {
@@ -544,14 +534,11 @@ psa_status_t psa_close_key(psa_key_handle_t handle)
         return status;
     }
     if (slot->registered_readers == 1) {
-        status = psa_key_slot_state_transition(slot, PSA_SLOT_FULL,
-                                               PSA_SLOT_PENDING_DELETION);
-        if (status != PSA_SUCCESS) {
-            return status;
-        }
-    }
+        return psa_wipe_key_slot(slot);
+    } else {
         return psa_unregister_read(slot);
     }
+}
 
 psa_status_t psa_purge_key(mbedtls_svc_key_id_t key)
 {
@@ -565,11 +552,11 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key)
 
     if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) &&
         (slot->registered_readers == 1)) {
-        psa_key_slot_state_transition(slot, PSA_SLOT_FULL,
-                                      PSA_SLOT_PENDING_DELETION);
-    }
+        return psa_wipe_key_slot(slot);
+    } else {
         return psa_unregister_read(slot);
     }
+}
 
 void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats)
 {

library/psa_crypto_slot_management.h

@@ -179,7 +179,7 @@ static inline psa_status_t psa_register_read(psa_key_slot_t *slot)
  * This function decrements the key slot registered reader counter by one.
  * If the state of the slot is PSA_SLOT_PENDING_DELETION,
  * and there is only one registered reader (the caller),
- * this function will call psa_wipe_slot().
+ * this function will call psa_wipe_key_slot().
  *
  * \note To ease the handling of errors in retrieving a key slot
  *       a NULL input pointer is valid, and the function returns