diff options
author | Janos Follath <janos.follath@arm.com> | 2024-01-19 23:49:18 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-19 23:49:18 +0300 |
commit | fb12d9204dec811d0277a09bd93f9d745f44ce9f (patch) | |
tree | d0ece86230072d425fa5475e0bc03787f8ede72c | |
parent | 4d4891e18ac336d8c85e67828fdb2c582461f449 (diff) | |
parent | 63952b7de5f1ef0e18b9c7ada084a9a7a64d452b (diff) |
Merge pull request #8693 from Ryan-Everett-arm/implement-key-slot-mutex
Implement the key slot mutex
-rw-r--r-- | include/mbedtls/threading.h | 14 | ||||
-rw-r--r-- | include/psa/crypto_values.h | 5 | ||||
-rw-r--r-- | library/psa_crypto_core.h | 4 | ||||
-rw-r--r-- | library/psa_crypto_slot_management.c | 3 | ||||
-rw-r--r-- | library/psa_crypto_slot_management.h | 7 | ||||
-rw-r--r-- | library/threading.c | 9 |
6 files changed, 42 insertions, 0 deletions
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index b504233bdc..b4e050241b 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -100,6 +100,20 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ +#if defined(MBEDTLS_PSA_CRYPTO_C) +/* + * A mutex used to make the PSA subsystem thread safe. + * + * key_slot_mutex protects the registered_readers and + * state variable for all key slots in &global_data.key_slots. + * + * This mutex must be held when any read from or write to a state or + * registered_readers field is performed, i.e. when calling functions: + * psa_key_slot_state_transition(), psa_register_read(), psa_unregister_read(), + * psa_key_slot_has_readers() and psa_wipe_key_slot(). */ +extern mbedtls_threading_mutex_t mbedtls_threading_key_slot_mutex; +#endif + #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 8d30bf0fb9..90d98fdb79 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -279,6 +279,11 @@ * to read from a resource. */ #define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143) +/** This can be returned if a function can no longer operate correctly. + * For example, if an essential initialization operation failed or + * a mutex operation failed. */ +#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) + /** The key identifier is not valid. See also :ref:\`key-handles\`. */ #define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 1edd63e256..7b167248e8 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -117,6 +117,8 @@ typedef struct { 0) /** Test whether a key slot has any registered readers. + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. * * \param[in] slot The key slot to test. * @@ -195,6 +197,8 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number( * * Persistent storage is not affected. * Sets the slot's state to PSA_SLOT_EMPTY. + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. * * \param[in,out] slot The key slot to wipe. * diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 8d7ff908e1..47ace359d7 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -23,6 +23,9 @@ #include <stdlib.h> #include <string.h> #include "mbedtls/platform.h" +#if defined(MBEDTLS_THREADING_C) +#include "mbedtls/threading.h" +#endif typedef struct { psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT]; diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 0b0d7b320e..002429b933 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -126,6 +126,9 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, * new state. If the state of the slot was not expected_state, the state is * unchanged. * + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. + * * \param[in] slot The key slot. * \param[in] expected_state The current state of the slot. * \param[in] new_state The new state of the slot. @@ -149,6 +152,8 @@ static inline psa_status_t psa_key_slot_state_transition( /** Register as a reader of a key slot. * * This function increments the key slot registered reader counter by one. + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. * * \param[in] slot The key slot. * @@ -175,6 +180,8 @@ static inline psa_status_t psa_register_read(psa_key_slot_t *slot) * If the state of the slot is PSA_SLOT_PENDING_DELETION, * and there is only one registered reader (the caller), * this function will call psa_wipe_key_slot(). + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. * * \note To ease the handling of errors in retrieving a key slot * a NULL input pointer is valid, and the function returns diff --git a/library/threading.c b/library/threading.c index 873b5077b8..c28290fb76 100644 --- a/library/threading.c +++ b/library/threading.c @@ -148,6 +148,9 @@ void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *), #if defined(THREADING_USE_GMTIME) mbedtls_mutex_init(&mbedtls_threading_gmtime_mutex); #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_mutex_init(&mbedtls_threading_key_slot_mutex); +#endif } /* @@ -161,6 +164,9 @@ void mbedtls_threading_free_alt(void) #if defined(THREADING_USE_GMTIME) mbedtls_mutex_free(&mbedtls_threading_gmtime_mutex); #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_mutex_free(&mbedtls_threading_key_slot_mutex); +#endif } #endif /* MBEDTLS_THREADING_ALT */ @@ -176,5 +182,8 @@ mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; #if defined(THREADING_USE_GMTIME) mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) +mbedtls_threading_mutex_t mbedtls_threading_key_slot_mutex MUTEX_INIT; +#endif #endif /* MBEDTLS_THREADING_C */ |