Update psa_wipe_all_key_slots and document non-thread safety

This function, and mbedtls_psa_crypto_free, are not thread safe as they wipe slots
regardless of state. They are not part of the PSA Crypto API, untrusted applications
cannot call these functions in a crypto service.
In a service intergration, mbedtls_psa_crypto_free on the client cuts the communication
with the crypto service.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This commit is contained in:
Ryan Everett 2024-01-24 17:37:46 +00:00
parent b0821959ae
commit 16abd59a62
3 changed files with 10 additions and 0 deletions

View File

@ -198,6 +198,8 @@ psa_status_t mbedtls_psa_register_se_key(
*
* This function clears all data associated with the PSA layer,
* including the whole key store.
* This function is not thread safe, it wipes every key slot regardless of
* state and reader count. It should only be called when no slot is in use.
*
* This is an Mbed TLS extension.
*/

View File

@ -144,6 +144,9 @@ void psa_wipe_all_key_slots(void)
{
size_t slot_idx;
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_lock(&mbedtls_threading_key_slot_mutex);
#endif
for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
psa_key_slot_t *slot = &global_data.key_slots[slot_idx];
slot->registered_readers = 1;
@ -151,6 +154,9 @@ void psa_wipe_all_key_slots(void)
(void) psa_wipe_key_slot(slot);
}
global_data.key_slots_initialized = 0;
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_unlock(&mbedtls_threading_key_slot_mutex);
#endif
}
psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id,

View File

@ -92,6 +92,8 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key,
psa_status_t psa_initialize_key_slots(void);
/** Delete all data from key slots in memory.
* This function is not thread safe, it wipes every key slot regardless of
* state and reader count. It should only be called when no slot is in use.
*
* This does not affect persistent storage. */
void psa_wipe_all_key_slots(void);