From fb9857ff9eaa980411ac58831f42fd93b1471ecd Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 14 Feb 2024 12:16:41 +0000 Subject: [PATCH 1/7] Make multi-part MAC operations thread-safe Within setup we create a copy of the key and put it in the operation field. After setup, we only ever use the new copy - and do not interact with any key slots. Therefore we need only register as a reader of the key during setup, then unregister after we stop accessing the key. Simultaneous API calls on the same operation object are not thread-safe. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6cd6557d9e..f9b2fff70a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2565,7 +2565,7 @@ exit: psa_mac_abort(operation); } - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } From dcc03d552da30d1168562431f9d6abee31b80c87 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 14 Feb 2024 15:44:13 +0000 Subject: [PATCH 2/7] Make restartable signature operations thread-safe We copy the key from a slot to the operation object in _start. _complete and _abort do not access any key slots, instead using the local copy. Concurrently using the same operation object is not thread-safe. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f9b2fff70a..0a221d155d 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3371,7 +3371,7 @@ exit: psa_sign_hash_abort_internal(operation); } - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); if (unlock_status != PSA_SUCCESS) { operation->error_occurred = 1; From 291267f4866c87e8e79e31453775cbebcb0f20c3 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 14 Feb 2024 15:59:15 +0000 Subject: [PATCH 3/7] Make restartable signature verifications thread-safe We copy the key from a slot to the operation object in _start. _complete and _abort do not access any key slots, instead using the local copy. Concurrently using the same operation object is not thread-safe. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0a221d155d..66af7cf727 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3516,7 +3516,7 @@ psa_status_t psa_verify_hash_start( psa_verify_hash_abort_internal(operation); } - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); if (unlock_status != PSA_SUCCESS) { operation->error_occurred = 1; From c0053cc4999a8265736ad5df24afd03ac13f042c Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 14 Feb 2024 16:27:13 +0000 Subject: [PATCH 4/7] Make multi-part cipher operations thread-safe Within setup we create a copy of the key and put it in the operation field. After setup, we only ever use the new copy, and do not interact with any key slots. Therefore we need only register as a reader of the key during setup, then unregister after we stop accessing the key. Simultaneous API calls on the same operation object are not thread-safe. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 66af7cf727..c51bb8dad9 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4088,7 +4088,7 @@ exit: psa_cipher_abort(operation); } - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } From 5ac6fa7aaec44913d6cceaa99e8fcbf472ebf33d Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 14 Feb 2024 17:11:36 +0000 Subject: [PATCH 5/7] Make multi-part key derivation operations thread-safe One can input a key using a key identifier through the two changed functions. Inputted keys are copied into the operation object. Any material inputted in byte form is separate to the key slot system. Outputting a key is threadsafe as per the key loading work. The verification API is yet to be implemented. Simultaneous API calls on the same operation object are not thread-safe. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c51bb8dad9..b7c891eb77 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7061,7 +7061,7 @@ psa_status_t psa_key_derivation_input_key( slot->key.data, slot->key.bytes); - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -7218,7 +7218,7 @@ psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *op } } - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } From bbedfcec2ea5877c3a333b8c2c09642bca1797d0 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 14 Feb 2024 18:22:09 +0000 Subject: [PATCH 6/7] Make multi-part PAKE operations thread-safe The only interaction with key IDs here is in the changed function. Simultaneous API calls on the same operation object are not thread-safe. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b7c891eb77..b16fac16fe 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7953,7 +7953,7 @@ exit: if (status != PSA_SUCCESS) { psa_pake_abort(operation); } - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } From 9af70e51c13372161ab3b33d3dc290a3aaa2d6d0 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 14 Feb 2024 18:38:56 +0000 Subject: [PATCH 7/7] Make multi-part AEAD operations thread-safe The setup calls are the only calls to use a key ID. The key is then copied into the operation object, all future API calls use the copy instead of the key in the slot. Simultaneous API calls on the same operation object are not thread-safe. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b16fac16fe..87444e129f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4687,7 +4687,7 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation, operation->key_type = psa_get_key_type(&attributes); exit: - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); if (status == PSA_SUCCESS) { status = unlock_status;