Update psa_wipe_key_slot
Change psa_wipe_key_slot to use the new state system.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 10d17b6..7a76c0b 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -981,18 +981,23 @@
* Persistent storage is not affected. */
psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot)
{
+ if (slot->state != PSA_SLOT_PENDING_DELETION) {
+ return PSA_ERROR_BAD_STATE;
+ }
+
psa_status_t status = psa_remove_key_data_from_memory(slot);
/*
* As the return error code may not be handled in case of multiple errors,
- * do our best to report an unexpected lock counter. Assert with
- * MBEDTLS_TEST_HOOK_TEST_ASSERT that the lock counter is equal to one:
+ * do our best to report an unexpected amount of registered readers.
+ * Assert with MBEDTLS_TEST_HOOK_TEST_ASSERT that registered_readers is
+ * equal to one:
* if the MBEDTLS_TEST_HOOKS configuration option is enabled and the
* function is called as part of the execution of a test suite, the
* execution of the test suite is stopped in error if the assertion fails.
*/
- if (slot->lock_count != 1) {
- MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->lock_count == 1);
+ if (slot->registered_readers != 1) {
+ MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->registered_readers == 1);
status = PSA_ERROR_CORRUPTION_DETECTED;
}
@@ -1003,7 +1008,8 @@
* key material can linger until all operations are completed. */
/* At this point, key material and other type-specific content has
* been wiped. Clear remaining metadata. We can call memset and not
- * zeroize because the metadata is not particularly sensitive. */
+ * zeroize because the metadata is not particularly sensitive.
+ * This memset also sets the slot's state to PSA_SLOT_EMPTY. */
memset(slot, 0, sizeof(*slot));
return status;
}
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 9ea482d..5c1edaf 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -200,13 +200,16 @@
/** Completely wipe a slot in memory, including its policy.
*
* Persistent storage is not affected.
+ * Sets the slot's state to PSA_SLOT_EMPTY.
*
* \param[in,out] slot The key slot to wipe.
*
* \retval #PSA_SUCCESS
- * Success. This includes the case of a key slot that was
- * already fully wiped.
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * The slot has been successfully wiped.
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * The amount of registered readers was not equal to 1.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The slot's state was not PSA_SLOT_PENDING_DELETION.
*/
psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot);