Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION
psa_wipe_key_slot can now be called on a slot in any state, if the slot's state
is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered
reader.
Remove the state changing calls that are no longer necessary.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index da5e5be..1f64500 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -983,10 +983,6 @@
* Persistent storage is not affected. */
psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot)
{
- if (slot->state != PSA_SLOT_PENDING_DELETION) {
- return PSA_ERROR_BAD_STATE;
- }
-
psa_status_t status = psa_remove_key_data_from_memory(slot);
/*
@@ -998,7 +994,9 @@
* function is called as part of the execution of a test suite, the
* execution of the test suite is stopped in error if the assertion fails.
*/
- if (slot->registered_readers != 1) {
+ if (((slot->state == PSA_SLOT_FULL) ||
+ (slot->state == PSA_SLOT_PENDING_DELETION)) &&
+ (slot->registered_readers != 1)) {
MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->registered_readers == 1);
status = PSA_ERROR_CORRUPTION_DETECTED;
}
@@ -1828,12 +1826,6 @@
* itself. */
(void) psa_crypto_stop_transaction();
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
- /* Prepare the key slot to be wiped, and then wipe it. */
- slot->registered_readers = 1;
- psa_key_slot_state_transition(slot, PSA_SLOT_FILLING,
- PSA_SLOT_PENDING_DELETION);
-
psa_wipe_key_slot(slot);
}
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 3b5c634..f11df9f 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -70,8 +70,6 @@
* Number of functions registered as reading the material in the key slot.
*
* Library functions must not write directly to registered_readers
- * (unless the slot's state is PSA_SLOT_FILLING and the slot needs to be
- * wiped following a failed key creation).
*
* A function must call psa_register_read(slot) before reading the current
* contents of the slot for an operation.
@@ -191,9 +189,8 @@
* \retval #PSA_SUCCESS
* The slot has been successfully wiped.
* \retval #PSA_ERROR_CORRUPTION_DETECTED
- * The amount of registered readers was not equal to 1.
- * \retval #PSA_ERROR_BAD_STATE
- * The slot's state was not PSA_SLOT_PENDING_DELETION.
+ * The slot's state was PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION, and
+ * the amount of registered readers was not equal to 1.
*/
psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot);
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index ef76dcb..e7ea8ef 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -189,10 +189,6 @@
(unused_persistent_key_slot != NULL)) {
selected_slot = unused_persistent_key_slot;
psa_register_read(selected_slot);
- /* If the state is not changed then psa_wipe_key_slot
- * will report an error. */
- psa_key_slot_state_transition(selected_slot, PSA_SLOT_FULL,
- PSA_SLOT_PENDING_DELETION);
status = psa_wipe_key_slot(selected_slot);
if (status != PSA_SUCCESS) {
goto error;
@@ -394,12 +390,6 @@
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
if (status != PSA_SUCCESS) {
- /* Prepare the key slot to be wiped, and then wipe it.
- * Don't overwrite status as a BAD_STATE error here
- * can be reported in the psa_wipe_key_slot call. */
- (*p_slot)->registered_readers = 1;
- psa_key_slot_state_transition((*p_slot), PSA_SLOT_FILLING,
- PSA_SLOT_PENDING_DELETION);
psa_wipe_key_slot(*p_slot);
if (status == PSA_ERROR_DOES_NOT_EXIST) {
@@ -544,13 +534,10 @@
return status;
}
if (slot->registered_readers == 1) {
- status = psa_key_slot_state_transition(slot, PSA_SLOT_FULL,
- PSA_SLOT_PENDING_DELETION);
- if (status != PSA_SUCCESS) {
- return status;
- }
+ return psa_wipe_key_slot(slot);
+ } else {
+ return psa_unregister_read(slot);
}
- return psa_unregister_read(slot);
}
psa_status_t psa_purge_key(mbedtls_svc_key_id_t key)
@@ -565,10 +552,10 @@
if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) &&
(slot->registered_readers == 1)) {
- psa_key_slot_state_transition(slot, PSA_SLOT_FULL,
- PSA_SLOT_PENDING_DELETION);
+ return psa_wipe_key_slot(slot);
+ } else {
+ return psa_unregister_read(slot);
}
- return psa_unregister_read(slot);
}
void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats)
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index 5858b18..9b8e891 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -179,7 +179,7 @@
* This function decrements the key slot registered reader counter by one.
* If the state of the slot is PSA_SLOT_PENDING_DELETION,
* and there is only one registered reader (the caller),
- * this function will call psa_wipe_slot().
+ * this function will call psa_wipe_key_slot().
*
* \note To ease the handling of errors in retrieving a key slot
* a NULL input pointer is valid, and the function returns