From aa33c512cc489d18cbb48b6b64aa959046a83dd1 Mon Sep 17 00:00:00 2001
From: Ryan Everett <ryan.everett@arm.com>
Date: Thu, 21 Dec 2023 17:32:07 +0000
Subject: [PATCH] Update psa_wipe_key_slot

Change psa_wipe_key_slot to use the new state system.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
---
 library/psa_crypto.c      | 16 +++++++++++-----
 library/psa_crypto_core.h |  9 ++++++---
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 10d17b6df..7a76c0bbf 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -981,18 +981,23 @@ psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot)
  * Persistent storage is not affected. */
 psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot)
 {
+    if (slot->state != PSA_SLOT_PENDING_DELETION) {
+        return PSA_ERROR_BAD_STATE;
+    }
+
     psa_status_t status = psa_remove_key_data_from_memory(slot);
 
     /*
      * As the return error code may not be handled in case of multiple errors,
-     * do our best to report an unexpected lock counter. Assert with
-     * MBEDTLS_TEST_HOOK_TEST_ASSERT that the lock counter is equal to one:
+     * do our best to report an unexpected amount of registered readers.
+     * Assert with MBEDTLS_TEST_HOOK_TEST_ASSERT that registered_readers is
+     * equal to one:
      * if the MBEDTLS_TEST_HOOKS configuration option is enabled and the
      * function is called as part of the execution of a test suite, the
      * execution of the test suite is stopped in error if the assertion fails.
      */
-    if (slot->lock_count != 1) {
-        MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->lock_count == 1);
+    if (slot->registered_readers != 1) {
+        MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->registered_readers == 1);
         status = PSA_ERROR_CORRUPTION_DETECTED;
     }
 
@@ -1003,7 +1008,8 @@ psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot)
      * key material can linger until all operations are completed. */
     /* At this point, key material and other type-specific content has
      * been wiped. Clear remaining metadata. We can call memset and not
-     * zeroize because the metadata is not particularly sensitive. */
+     * zeroize because the metadata is not particularly sensitive.
+     * This memset also sets the slot's state to PSA_SLOT_EMPTY. */
     memset(slot, 0, sizeof(*slot));
     return status;
 }
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 9ea482da2..5c1edafe7 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -200,13 +200,16 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number(
 /** Completely wipe a slot in memory, including its policy.
  *
  * Persistent storage is not affected.
+ * Sets the slot's state to PSA_SLOT_EMPTY.
  *
  * \param[in,out] slot  The key slot to wipe.
  *
  * \retval #PSA_SUCCESS
- *         Success. This includes the case of a key slot that was
- *         already fully wiped.
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ *         The slot has been successfully wiped.
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ *         The amount of registered readers was not equal to 1.
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The slot's state was not PSA_SLOT_PENDING_DELETION.
  */
 psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot);