commit 6687cd07f3d3e9092762e7ad8bda93bf3ab8f8b4
author Gilles Peskine <Gilles.Peskine@arm.com> Wed Apr 21 22:32:05 2021 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed Jun 23 13:44:35 2021 +0200
tree 37daad815808fe8ba5491bee1faf063a06488e61
parent 576464873a25196d2f0720e7183fcd7635dbdaae

Refuse to destroy read-only keys

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index a0acc3f..2177141 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1052,6 +1052,18 @@
        return( PSA_ERROR_GENERIC_ERROR );
     }
 
+    if( PSA_KEY_LIFETIME_IS_READ_ONLY( slot->attr.lifetime ) )
+    {
+        /* Refuse the destruction of a read-only key (which may or may not work
+         * if we attempt it, depending on whether the key is merely read-only
+         * by policy or actually physically read-only).
+         * Just do the best we can, which is to wipe the copy in memory. */
+        status = psa_wipe_key_slot( slot );
+        if( status != PSA_SUCCESS )
+            return( status );
+        return( PSA_ERROR_NOT_PERMITTED );
+    }
+
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
     driver = psa_get_se_driver_entry( slot->attr.lifetime );
     if( driver != NULL )