Merge pull request #8693 from Ryan-Everett-arm/implement-key-slot-mutex

Implement the key slot mutex

6 files changed, 42 insertions, 0 deletions

diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index b504233bdc..b4e050241b 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -100,6 +100,20 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
 extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
 #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
 
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+/*
+ * A mutex used to make the PSA subsystem thread safe.
+ *
+ * key_slot_mutex protects the registered_readers and
+ * state variable for all key slots in &global_data.key_slots.
+ *
+ * This mutex must be held when any read from or write to a state or
+ * registered_readers field is performed, i.e. when calling functions:
+ * psa_key_slot_state_transition(), psa_register_read(), psa_unregister_read(),
+ * psa_key_slot_has_readers() and psa_wipe_key_slot(). */
+extern mbedtls_threading_mutex_t mbedtls_threading_key_slot_mutex;
+#endif
+
 #endif /* MBEDTLS_THREADING_C */
 
 #ifdef __cplusplus
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 8d30bf0fb9..90d98fdb79 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -279,6 +279,11 @@
  * to read from a resource. */
 #define PSA_ERROR_INSUFFICIENT_DATA     ((psa_status_t)-143)
 
+/** This can be returned if a function can no longer operate correctly.
+ * For example, if an essential initialization operation failed or
+ * a mutex operation failed. */
+#define PSA_ERROR_SERVICE_FAILURE       ((psa_status_t)-144)
+
 /** The key identifier is not valid. See also :ref:\`key-handles\`.
  */
 #define PSA_ERROR_INVALID_HANDLE        ((psa_status_t)-136)
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 1edd63e256..7b167248e8 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -117,6 +117,8 @@ typedef struct {
         0)
 
 /** Test whether a key slot has any registered readers.
+ * If multi-threading is enabled, the caller must hold the
+ * global key slot mutex.
  *
  * \param[in] slot      The key slot to test.
  *
@@ -195,6 +197,8 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number(
  *
  * Persistent storage is not affected.
  * Sets the slot's state to PSA_SLOT_EMPTY.
+ * If multi-threading is enabled, the caller must hold the
+ * global key slot mutex.
  *
  * \param[in,out] slot  The key slot to wipe.
  *
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 8d7ff908e1..47ace359d7 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -23,6 +23,9 @@
 #include <stdlib.h>
 #include <string.h>
 #include "mbedtls/platform.h"
+#if defined(MBEDTLS_THREADING_C)
+#include "mbedtls/threading.h"
+#endif
 
 typedef struct {
     psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT];
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index 0b0d7b320e..002429b933 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -126,6 +126,9 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id,
  * new state. If the state of the slot was not expected_state, the state is
  * unchanged.
  *
+ * If multi-threading is enabled, the caller must hold the
+ * global key slot mutex.
+ *
  * \param[in] slot            The key slot.
  * \param[in] expected_state  The current state of the slot.
  * \param[in] new_state       The new state of the slot.
@@ -149,6 +152,8 @@ static inline psa_status_t psa_key_slot_state_transition(
 /** Register as a reader of a key slot.
  *
  * This function increments the key slot registered reader counter by one.
+ * If multi-threading is enabled, the caller must hold the
+ * global key slot mutex.
  *
  * \param[in] slot  The key slot.
  *
@@ -175,6 +180,8 @@ static inline psa_status_t psa_register_read(psa_key_slot_t *slot)
  * If the state of the slot is PSA_SLOT_PENDING_DELETION,
  * and there is only one registered reader (the caller),
  * this function will call psa_wipe_key_slot().
+ * If multi-threading is enabled, the caller must hold the
+ * global key slot mutex.
  *
  * \note To ease the handling of errors in retrieving a key slot
  *       a NULL input pointer is valid, and the function returns
diff --git a/library/threading.c b/library/threading.c
index 873b5077b8..c28290fb76 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -148,6 +148,9 @@ void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *),
 #if defined(THREADING_USE_GMTIME)
     mbedtls_mutex_init(&mbedtls_threading_gmtime_mutex);
 #endif
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+    mbedtls_mutex_init(&mbedtls_threading_key_slot_mutex);
+#endif
 }
 
 /*
@@ -161,6 +164,9 @@ void mbedtls_threading_free_alt(void)
 #if defined(THREADING_USE_GMTIME)
     mbedtls_mutex_free(&mbedtls_threading_gmtime_mutex);
 #endif
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+    mbedtls_mutex_free(&mbedtls_threading_key_slot_mutex);
+#endif
 }
 #endif /* MBEDTLS_THREADING_ALT */
 
@@ -176,5 +182,8 @@ mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT;
 #if defined(THREADING_USE_GMTIME)
 mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT;
 #endif
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+mbedtls_threading_mutex_t mbedtls_threading_key_slot_mutex MUTEX_INIT;
+#endif
 
 #endif /* MBEDTLS_THREADING_C */