Move the key slot array to the slot management module
Move the key slot array and its initialization and wiping to the slot
management module.
Also move the lowest-level key slot access function psa_get_key_slot
and the auxiliary function for slot allocation
psa_internal_allocate_key_slot to the slot management module.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 554da4b..0ac1c27 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -130,10 +130,8 @@
void (* entropy_free )( mbedtls_entropy_context *ctx );
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
- psa_key_slot_t key_slots[PSA_KEY_SLOT_COUNT];
unsigned initialized : 1;
unsigned rng_state : 2;
- unsigned key_slots_initialized : 1;
} psa_global_data_t;
static psa_global_data_t global_data;
@@ -715,31 +713,6 @@
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
-/* Access a key slot at the given handle. The handle of a key slot is
- * the index of the slot in the global slot array, plus one so that handles
- * start at 1 and not 0. */
-static psa_status_t psa_get_key_slot( psa_key_handle_t handle,
- psa_key_slot_t **p_slot )
-{
- psa_key_slot_t *slot = NULL;
-
- GUARD_MODULE_INITIALIZED;
-
- /* 0 is not a valid handle under any circumstance. This
- * implementation provides slots number 1 to N where N is the
- * number of available slots. */
- if( handle == 0 || handle > ARRAY_LENGTH( global_data.key_slots ) )
- return( PSA_ERROR_INVALID_HANDLE );
- slot = &global_data.key_slots[handle - 1];
-
- /* If the slot hasn't been allocated, the handle is invalid. */
- if( ! slot->allocated )
- return( PSA_ERROR_INVALID_HANDLE );
-
- *p_slot = slot;
- return( PSA_SUCCESS );
-}
-
/* Retrieve an empty key slot (slot with no key data, but possibly
* with some metadata such as a policy). */
static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle,
@@ -834,7 +807,7 @@
/** Completely wipe a slot in memory, including its policy.
* Persistent storage is not affected. */
-static psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
+psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
{
psa_status_t status = psa_remove_key_data_from_memory( slot );
/* At this point, key material and other type-specific content has
@@ -844,20 +817,6 @@
return( status );
}
-psa_status_t psa_internal_allocate_key_slot( psa_key_handle_t *handle )
-{
- for( *handle = PSA_KEY_SLOT_COUNT; *handle != 0; --( *handle ) )
- {
- psa_key_slot_t *slot = &global_data.key_slots[*handle - 1];
- if( ! slot->allocated )
- {
- slot->allocated = 1;
- return( PSA_SUCCESS );
- }
- }
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
-}
-
psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
psa_key_id_t id )
{
@@ -4473,15 +4432,7 @@
void mbedtls_psa_crypto_free( void )
{
- if( global_data.key_slots_initialized )
- {
- psa_key_handle_t key;
- for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ )
- {
- psa_key_slot_t *slot = &global_data.key_slots[key - 1];
- (void) psa_wipe_key_slot( slot );
- }
- }
+ psa_wipe_all_key_slots( );
if( global_data.rng_state != RNG_NOT_INITIALIZED )
{
mbedtls_ctr_drbg_free( &global_data.ctr_drbg );
@@ -4495,7 +4446,7 @@
psa_status_t psa_crypto_init( void )
{
- int ret;
+ psa_status_t status;
const unsigned char drbg_seed[] = "PSA";
/* Double initialization is explicitly allowed. */
@@ -4513,25 +4464,26 @@
global_data.entropy_init( &global_data.entropy );
mbedtls_ctr_drbg_init( &global_data.ctr_drbg );
global_data.rng_state = RNG_INITIALIZED;
- ret = mbedtls_ctr_drbg_seed( &global_data.ctr_drbg,
- mbedtls_entropy_func,
- &global_data.entropy,
- drbg_seed, sizeof( drbg_seed ) - 1 );
- if( ret != 0 )
+ status = mbedtls_to_psa_error(
+ mbedtls_ctr_drbg_seed( &global_data.ctr_drbg,
+ mbedtls_entropy_func,
+ &global_data.entropy,
+ drbg_seed, sizeof( drbg_seed ) - 1 ) );
+ if( status != PSA_SUCCESS )
goto exit;
global_data.rng_state = RNG_SEEDED;
- /* Initialize the key slots. Zero-initialization has made all key
- * slots empty, so there is nothing to do. */
- global_data.key_slots_initialized = 1;
+ status = psa_initialize_key_slots( );
+ if( status != PSA_SUCCESS )
+ goto exit;
/* All done. */
global_data.initialized = 1;
exit:
- if( ret != 0 )
+ if( status != PSA_SUCCESS )
mbedtls_psa_crypto_free( );
- return( mbedtls_to_psa_error( ret ) );
+ return( status );
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index de877d3..ba66235 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -59,4 +59,8 @@
} data;
} psa_key_slot_t;
+/** Completely wipe a slot in memory, including its policy.
+ * Persistent storage is not affected. */
+psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
+
#endif /* PSA_CRYPTO_CORE_H */
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index ae5e146..6d5c7d4 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -29,6 +29,7 @@
#include "psa/crypto.h"
+#include "psa_crypto_core.h"
#include "psa_crypto_slot_management.h"
#include "psa_crypto_storage.h"
@@ -43,6 +44,81 @@
#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
+typedef struct
+{
+ psa_key_slot_t key_slots[PSA_KEY_SLOT_COUNT];
+ unsigned key_slots_initialized : 1;
+} psa_global_data_t;
+
+psa_global_data_t global_data;
+
+/* Access a key slot at the given handle. The handle of a key slot is
+ * the index of the slot in the global slot array, plus one so that handles
+ * start at 1 and not 0. */
+psa_status_t psa_get_key_slot( psa_key_handle_t handle,
+ psa_key_slot_t **p_slot )
+{
+ psa_key_slot_t *slot = NULL;
+
+ if( ! global_data.key_slots_initialized )
+ return( PSA_ERROR_BAD_STATE );
+
+ /* 0 is not a valid handle under any circumstance. This
+ * implementation provides slots number 1 to N where N is the
+ * number of available slots. */
+ if( handle == 0 || handle > ARRAY_LENGTH( global_data.key_slots ) )
+ return( PSA_ERROR_INVALID_HANDLE );
+ slot = &global_data.key_slots[handle - 1];
+
+ /* If the slot hasn't been allocated, the handle is invalid. */
+ if( ! slot->allocated )
+ return( PSA_ERROR_INVALID_HANDLE );
+
+ *p_slot = slot;
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_initialize_key_slots( void )
+{
+ /* Nothing to do: program startup and psa_wipe_all_key_slots() both
+ * guarantee that the key slots are initialized to all-zero, which
+ * means that all the key slots are in a valid, empty state. */
+ global_data.key_slots_initialized = 1;
+ return( PSA_SUCCESS );
+}
+
+void psa_wipe_all_key_slots( void )
+{
+ psa_key_handle_t key;
+ for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ )
+ {
+ psa_key_slot_t *slot = &global_data.key_slots[key - 1];
+ (void) psa_wipe_key_slot( slot );
+ }
+ global_data.key_slots_initialized = 0;
+}
+
+/** Find a free key slot and mark it as in use.
+ *
+ * \param[out] handle On success, a slot number that is not in use.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ */
+static psa_status_t psa_internal_allocate_key_slot( psa_key_handle_t *handle )
+{
+ for( *handle = PSA_KEY_SLOT_COUNT; *handle != 0; --( *handle ) )
+ {
+ psa_key_slot_t *slot = &global_data.key_slots[*handle - 1];
+ if( ! slot->allocated )
+ {
+ slot->allocated = 1;
+ return( PSA_SUCCESS );
+ }
+ }
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+}
+
psa_status_t psa_allocate_key( psa_key_type_t type,
size_t max_bits,
psa_key_handle_t *handle )
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index cf244f2..ee37a20 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -26,19 +26,21 @@
* The value is a compile-time constant for now, for simplicity. */
#define PSA_KEY_SLOT_COUNT 32
+/** Access a key slot at the given handle. */
+psa_status_t psa_get_key_slot( psa_key_handle_t handle,
+ psa_key_slot_t **p_slot );
+
+/** Initialize the key slot structures. */
+psa_status_t psa_initialize_key_slots( void );
+
+/** Delete all data from key slots in memory. This does not affect persistent
+ * storage. */
+void psa_wipe_all_key_slots( void );
+
/** \defgroup core_slot_management Internal functions exposed by the core
* @{
*/
-/** Find a free key slot and mark it as in use.
- *
- * \param[out] handle On success, a slot number that is not in use.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
-psa_status_t psa_internal_allocate_key_slot( psa_key_handle_t *handle );
-
/** Wipe an a key slot and mark it as available.
*
* This does not affect persistent storage.