Implement and unit-test the new functions psa_generate_key_ext() and
psa_key_derivation_output_key_ext(), only for the default method.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This means we can hold the mutex around the call to reserve_free_key_slot
in get_and_lock_key_slot, avoiding inefficient rework.
(Changes to get_and_lock_key_slot are not in scope in this PR)
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Hold the mutex for the entirety of the call.
We need the mutex for the wipe, also hold it for aborting driver transactions as this
may have side effects.
We can't use the macros here as this function returns void.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Hold mutex for the entirety of the call.
We are writing to storage and writing to the slot state here.
If we didn't keep the mutex for the whole duration then we may end up with
another thread seeing that a persistent key is in storage before
our slot is set to FULL; this would be unlinearizable behaviour.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
... on MAC functions where the label was only added
due to the modifications required by this PR.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
...on hash functions where the label was only added
due to the modifications required by this PR.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
If the alloc fails I belive it is okay to preserve the algorithm.
The alloc cannot fail with BAD_STATE, and this setting is only used
to differentiate between a exhausted and blank.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
* Rename psa_aead_set_nonce() to psa_aead_set_nonce_internal()
* Recreate psa_aead_set_nonce() as a wrapper that copies buffers before
calling the internal function.
This is because psa_aead_set_nonce() is currently called by
psa_aead_generate_nonce(). Refactoring this to call the static internal
function avoids an extra set of buffer copies as well as simplifying
future memory poisoning testing.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Note that this is not strictly necessary as this function only copies to
the output buffer at the end. However, it simplifies testing for the
time being.
Future optimisation work could consider removing this copying.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
These all follow a pattern of locking some key slot,
reading its contents, and then unregistering from reading the slot.
psa_copy_key also writes to another slot,
but calls the functions needed to be threadsafe.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Between the call to psa_get_and_lock_key_slot and psa_unregister_read
we only read the contents of a slot which we are registered to read,
so no extra mutex taking is needed.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
We do not require linearizability in the case of destroying a key in use.
Using a key and destroying it simultaneously will not cause any issues
as the user will only use the copy of the key in the slot.
Two simulatenous deletion calls to one key cannot interfere, the first caller
sets the slot's state to PENDING_DELETION, the second caller will back off.
Remove outdated comment about one key being in multiple slots, psa_open_key
does not put the key into a new slot.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
