eden-emu/mbedtls
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update psa_destroy_key, psa_purge_key and psa_close_key

Browse source 
This does not yet implement destruction while a key is in use for psa_destroy_key;
that will be implemented in a separate pr.
(I am not sure if I am allowed to change the documentation in the include files.)

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This commit is contained in:
Ryan Everett 2024-01-03 16:04:33 +00:00
parent 098c6659ad
commit c70ce576bd
4 changed files with 25 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

8
include/psa/crypto.h
View file

@ -415,7 +415,9 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes);
* \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init(). * The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize * It is implementation-dependent whether a failure to initialize
* results in this error code. * results in this error code. Or,
* this call was operating on a key slot and found the slot in
* an invalid state for the operation.
*/ */
psa_status_t psa_purge_key(mbedtls_svc_key_id_t key); psa_status_t psa_purge_key(mbedtls_svc_key_id_t key);
@ -555,7 +557,9 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
* \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init(). * The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize * It is implementation-dependent whether a failure to initialize
* results in this error code. * results in this error code. Or,
* this call was operating on a key slot and found the slot in
* an invalid state for the operation.
*/ */
psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key); psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key);

4
include/psa/crypto_compat.h
View file

@ -142,7 +142,9 @@ psa_status_t psa_open_key(mbedtls_svc_key_id_t key,
* \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init(). * The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize * It is implementation-dependent whether a failure to initialize
* results in this error code. * results in this error code. Or,
* this call was operating on a key slot and found the slot in
* an invalid state for the operation.
*/ */
psa_status_t psa_close_key(psa_key_handle_t handle); psa_status_t psa_close_key(psa_key_handle_t handle);

8
library/psa_crypto.c
View file

@ -1048,11 +1048,13 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key)
* implemented), the key should be destroyed when all accesses have * implemented), the key should be destroyed when all accesses have
* stopped. * stopped.
*/ */
if (slot->lock_count > 1) { if (slot->registered_readers > 1) {
psa_unlock_key_slot(slot); psa_unregister_read(slot);
return PSA_ERROR_GENERIC_ERROR; return PSA_ERROR_GENERIC_ERROR;
} }
slot->state = PSA_SLOT_PENDING_DELETION;
if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) { if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) {
/* Refuse the destruction of a read-only key (which may or may not work /* Refuse the destruction of a read-only key (which may or may not work
* if we attempt it, depending on whether the key is merely read-only * if we attempt it, depending on whether the key is merely read-only
@ -1126,7 +1128,7 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key)
exit: exit:
status = psa_wipe_key_slot(slot); status = psa_wipe_key_slot(slot);
/* Prioritize CORRUPTION_DETECTED from wiping over a storage error */ /* Prioritize an error from wiping over a storage error */
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
overall_status = status; overall_status = status;
} }

19
library/psa_crypto_slot_management.c
View file

@ -539,11 +539,14 @@ psa_status_t psa_close_key(psa_key_handle_t handle)
return status; return status;
} }
if (slot->lock_count <= 1) { if (slot->registered_readers == 1) {
return psa_wipe_key_slot(slot); status = psa_key_slot_state_transition(slot, PSA_SLOT_FULL,
} else { PSA_SLOT_PENDING_DELETION);
return psa_unlock_key_slot(slot); if (status != PSA_SUCCESS) {
return status;
}
} }
return psa_unregister_read(slot);
} }
psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) psa_status_t psa_purge_key(mbedtls_svc_key_id_t key)
@ -557,11 +560,11 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key)
} }
if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) && if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) &&
(slot->lock_count <= 1)) { (slot->registered_readers == 1)) {
return psa_wipe_key_slot(slot); psa_key_slot_state_transition(slot, PSA_SLOT_FULL,
} else { PSA_SLOT_PENDING_DELETION);
return psa_unlock_key_slot(slot);
} }
return psa_unregister_read(slot);
} }
void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats) void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats)