Update psa_wipe_key_slot

Change psa_wipe_key_slot to use the new state system. Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2025-04-06 19:21:05 +00:00 · 2023-12-21 17:32:07 +00:00 · 2023-12-21 17:32:07 +00:00 · aa33c512cc
commit aa33c512cc
parent d7dc7ff91c
2 changed files with 17 additions and 8 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -981,18 +981,23 @@ psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot)
 * Persistent storage is not affected. */
 psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot)
 {
+    if (slot->state != PSA_SLOT_PENDING_DELETION) {
+        return PSA_ERROR_BAD_STATE;
+    }
+
    psa_status_t status = psa_remove_key_data_from_memory(slot);

    /*
     * As the return error code may not be handled in case of multiple errors,
-     * do our best to report an unexpected lock counter. Assert with
-     * MBEDTLS_TEST_HOOK_TEST_ASSERT that the lock counter is equal to one:
+     * do our best to report an unexpected amount of registered readers.
+     * Assert with MBEDTLS_TEST_HOOK_TEST_ASSERT that registered_readers is
+     * equal to one:
     * if the MBEDTLS_TEST_HOOKS configuration option is enabled and the
     * function is called as part of the execution of a test suite, the
     * execution of the test suite is stopped in error if the assertion fails.
     */
-    if (slot->lock_count != 1) {
-        MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->lock_count == 1);
+    if (slot->registered_readers != 1) {
+        MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->registered_readers == 1);
        status = PSA_ERROR_CORRUPTION_DETECTED;
    }

@ -1003,7 +1008,8 @@ psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot)
     * key material can linger until all operations are completed. */
    /* At this point, key material and other type-specific content has
     * been wiped. Clear remaining metadata. We can call memset and not
-     * zeroize because the metadata is not particularly sensitive. */
+     * zeroize because the metadata is not particularly sensitive.
+     * This memset also sets the slot's state to PSA_SLOT_EMPTY. */
    memset(slot, 0, sizeof(*slot));
    return status;
 }
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@ -200,13 +200,16 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number(
 /** Completely wipe a slot in memory, including its policy.
 *
 * Persistent storage is not affected.
+ * Sets the slot's state to PSA_SLOT_EMPTY.
 *
 * \param[in,out] slot  The key slot to wipe.
 *
 * \retval #PSA_SUCCESS
- *         Success. This includes the case of a key slot that was
- *         already fully wiped.
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ *         The slot has been successfully wiped.
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ *         The amount of registered readers was not equal to 1.
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The slot's state was not PSA_SLOT_PENDING_DELETION.
 */
 psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot);