From 491f7e5ac3f03e247571f3c5088619bf8a807051 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 8 Jan 2024 11:04:21 +0000 Subject: Define key_slot_mutex Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 8d7ff908e1..2d24e6deb9 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -23,10 +23,27 @@ #include #include #include "mbedtls/platform.h" +#if defined(MBEDTLS_THREADING_C) +#include "mbedtls/threading.h" +#endif typedef struct { psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT]; uint8_t key_slots_initialized; + +#if defined(MBEDTLS_THREADING_C) + /* + * A mutex used to make the PSA subsystem thread safe. + * + * key_slot_mutex protects key_slots[i].registered_readers and + * key_slots[i].state for all valid i. + * + * This mutex must be held when any read from or write to a state or + * registered_readers field is performed, i.e. when calling functions: + * psa_key_slot_state_transition, psa_register_read, psa_unregister_read, + * psa_key_slot_has_readers and psa_wipe_key_slot. */ + mbedtls_threading_mutex_t MBEDTLS_PRIVATE(key_slot_mutex); +#endif } psa_global_data_t; static psa_global_data_t global_data; -- cgit v1.2.3 From 846889355c0863e4b16745c535e425b66050f4cc Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 8 Jan 2024 11:10:03 +0000 Subject: Initialize and free the key slot mutex Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 17 ++++++++++++++++- library/psa_crypto_slot_management.h | 8 ++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 2d24e6deb9..180aecb584 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -147,7 +147,14 @@ static psa_status_t psa_get_and_lock_key_slot_in_memory( psa_status_t psa_initialize_key_slots(void) { - /* Nothing to do: program startup and psa_wipe_all_key_slots() both +#if defined(MBEDTLS_THREADING_C) + /* Initialize the global key slot mutex. */ + if (!global_data.key_slots_initialized) { + mbedtls_mutex_init(&global_data.key_slot_mutex); + } +#endif + + /* Program startup and psa_wipe_all_key_slots() both * guarantee that the key slots are initialized to all-zero, which * means that all the key slots are in a valid, empty state. */ global_data.key_slots_initialized = 1; @@ -164,6 +171,14 @@ void psa_wipe_all_key_slots(void) slot->state = PSA_SLOT_PENDING_DELETION; (void) psa_wipe_key_slot(slot); } + +#if defined(MBEDTLS_THREADING_C) + /* Free the global key slot mutex. */ + if (global_data.key_slots_initialized) { + mbedtls_mutex_free(&global_data.key_slot_mutex); + } +#endif + global_data.key_slots_initialized = 0; } diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 0b0d7b320e..01778f899e 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -85,6 +85,10 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot); /** Initialize the key slot structures. + * If multi-threading is enabled then initialize the key slot mutex. + * This function is not thread-safe, + * if called by competing threads the key slot mutex may be initialized + * more than once. * * \retval #PSA_SUCCESS * Currently this function always succeeds. @@ -92,6 +96,10 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, psa_status_t psa_initialize_key_slots(void); /** Delete all data from key slots in memory. + * If multi-threading is enabled then free the key slot mutex. + * This function is not thread-safe, + * if called by competing threads the key slot mutex may be freed + * more than once. * * This does not affect persistent storage. */ void psa_wipe_all_key_slots(void); -- cgit v1.2.3 From 0e3b677cf4600bec736020715f85909f4534c5dd Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 8 Jan 2024 11:11:39 +0000 Subject: Support PSA_ERROR_SERVICE_FAILURE To be returned in the case where mbedtls_mutex_lock and mbedtls_mutex_unlock fail. Signed-off-by: Ryan Everett --- include/psa/crypto_values.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 8d30bf0fb9..90d98fdb79 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -279,6 +279,11 @@ * to read from a resource. */ #define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143) +/** This can be returned if a function can no longer operate correctly. + * For example, if an essential initialization operation failed or + * a mutex operation failed. */ +#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) + /** The key identifier is not valid. See also :ref:\`key-handles\`. */ #define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136) -- cgit v1.2.3 From fb02d57de790dc4cc27b5f9a43c4433c13a5ed60 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 8 Jan 2024 11:13:03 +0000 Subject: Document the thread safety of the primitive key slot functions Signed-off-by: Ryan Everett --- library/psa_crypto_core.h | 4 ++++ library/psa_crypto_slot_management.h | 10 ++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 1edd63e256..7b167248e8 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -117,6 +117,8 @@ typedef struct { 0) /** Test whether a key slot has any registered readers. + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. * * \param[in] slot The key slot to test. * @@ -195,6 +197,8 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number( * * Persistent storage is not affected. * Sets the slot's state to PSA_SLOT_EMPTY. + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. * * \param[in,out] slot The key slot to wipe. * diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 01778f899e..fc46257f21 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -134,6 +134,9 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, * new state. If the state of the slot was not expected_state, the state is * unchanged. * + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. + * * \param[in] slot The key slot. * \param[in] expected_state The current state of the slot. * \param[in] new_state The new state of the slot. @@ -157,7 +160,8 @@ static inline psa_status_t psa_key_slot_state_transition( /** Register as a reader of a key slot. * * This function increments the key slot registered reader counter by one. - * + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. * \param[in] slot The key slot. * * \retval #PSA_SUCCESS @@ -182,7 +186,9 @@ static inline psa_status_t psa_register_read(psa_key_slot_t *slot) * This function decrements the key slot registered reader counter by one. * If the state of the slot is PSA_SLOT_PENDING_DELETION, * and there is only one registered reader (the caller), - * this function will call psa_wipe_key_slot(). + * this function will call psa_wipe_slot(). + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. * * \note To ease the handling of errors in retrieving a key slot * a NULL input pointer is valid, and the function returns -- cgit v1.2.3 From 558da2ffd3f414ba221d907fb026f716a29b5f09 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 19 Jan 2024 12:59:28 +0000 Subject: Move key_slot_mutex to threading.h Make this a global mutex so that we don't have to init and free it. Also rename the mutex to follow the convention Signed-off-by: Ryan Everett --- include/mbedtls/threading.h | 14 ++++++++++++++ library/psa_crypto_slot_management.c | 31 +------------------------------ library/psa_crypto_slot_management.h | 10 +--------- library/threading.c | 9 +++++++++ 4 files changed, 25 insertions(+), 39 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index b504233bdc..b4e050241b 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -100,6 +100,20 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ +#if defined(MBEDTLS_PSA_CRYPTO_C) +/* + * A mutex used to make the PSA subsystem thread safe. + * + * key_slot_mutex protects the registered_readers and + * state variable for all key slots in &global_data.key_slots. + * + * This mutex must be held when any read from or write to a state or + * registered_readers field is performed, i.e. when calling functions: + * psa_key_slot_state_transition(), psa_register_read(), psa_unregister_read(), + * psa_key_slot_has_readers() and psa_wipe_key_slot(). */ +extern mbedtls_threading_mutex_t mbedtls_threading_key_slot_mutex; +#endif + #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 180aecb584..47ace359d7 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -30,20 +30,6 @@ typedef struct { psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT]; uint8_t key_slots_initialized; - -#if defined(MBEDTLS_THREADING_C) - /* - * A mutex used to make the PSA subsystem thread safe. - * - * key_slot_mutex protects key_slots[i].registered_readers and - * key_slots[i].state for all valid i. - * - * This mutex must be held when any read from or write to a state or - * registered_readers field is performed, i.e. when calling functions: - * psa_key_slot_state_transition, psa_register_read, psa_unregister_read, - * psa_key_slot_has_readers and psa_wipe_key_slot. */ - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(key_slot_mutex); -#endif } psa_global_data_t; static psa_global_data_t global_data; @@ -147,14 +133,7 @@ static psa_status_t psa_get_and_lock_key_slot_in_memory( psa_status_t psa_initialize_key_slots(void) { -#if defined(MBEDTLS_THREADING_C) - /* Initialize the global key slot mutex. */ - if (!global_data.key_slots_initialized) { - mbedtls_mutex_init(&global_data.key_slot_mutex); - } -#endif - - /* Program startup and psa_wipe_all_key_slots() both + /* Nothing to do: program startup and psa_wipe_all_key_slots() both * guarantee that the key slots are initialized to all-zero, which * means that all the key slots are in a valid, empty state. */ global_data.key_slots_initialized = 1; @@ -171,14 +150,6 @@ void psa_wipe_all_key_slots(void) slot->state = PSA_SLOT_PENDING_DELETION; (void) psa_wipe_key_slot(slot); } - -#if defined(MBEDTLS_THREADING_C) - /* Free the global key slot mutex. */ - if (global_data.key_slots_initialized) { - mbedtls_mutex_free(&global_data.key_slot_mutex); - } -#endif - global_data.key_slots_initialized = 0; } diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index fc46257f21..4c0721d3be 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -85,10 +85,6 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot); /** Initialize the key slot structures. - * If multi-threading is enabled then initialize the key slot mutex. - * This function is not thread-safe, - * if called by competing threads the key slot mutex may be initialized - * more than once. * * \retval #PSA_SUCCESS * Currently this function always succeeds. @@ -96,10 +92,6 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, psa_status_t psa_initialize_key_slots(void); /** Delete all data from key slots in memory. - * If multi-threading is enabled then free the key slot mutex. - * This function is not thread-safe, - * if called by competing threads the key slot mutex may be freed - * more than once. * * This does not affect persistent storage. */ void psa_wipe_all_key_slots(void); @@ -186,7 +178,7 @@ static inline psa_status_t psa_register_read(psa_key_slot_t *slot) * This function decrements the key slot registered reader counter by one. * If the state of the slot is PSA_SLOT_PENDING_DELETION, * and there is only one registered reader (the caller), - * this function will call psa_wipe_slot(). + * this function will call psa_wipe_key_slot(). * If multi-threading is enabled, the caller must hold the * global key slot mutex. * diff --git a/library/threading.c b/library/threading.c index 873b5077b8..94404acb8c 100644 --- a/library/threading.c +++ b/library/threading.c @@ -148,6 +148,9 @@ void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *), #if defined(THREADING_USE_GMTIME) mbedtls_mutex_init(&mbedtls_threading_gmtime_mutex); #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_mutext_init(&mbedtls_threading_key_slot_mutex); +#endif } /* @@ -161,6 +164,9 @@ void mbedtls_threading_free_alt(void) #if defined(THREADING_USE_GMTIME) mbedtls_mutex_free(&mbedtls_threading_gmtime_mutex); #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_mutex_free(&mbedtls_threading_key_slot_mutex); +#endif } #endif /* MBEDTLS_THREADING_ALT */ @@ -176,5 +182,8 @@ mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; #if defined(THREADING_USE_GMTIME) mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) +mbedtls_threading_mutex_t mbedtls_threading_key_slot_mutex MUTEX_INIT; +#endif #endif /* MBEDTLS_THREADING_C */ -- cgit v1.2.3 From 7aeacc1ec4b832b43c512067323156705e686fe2 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 19 Jan 2024 13:02:58 +0000 Subject: Add empty line in register_read comment Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.h | 1 + 1 file changed, 1 insertion(+) diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 4c0721d3be..002429b933 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -154,6 +154,7 @@ static inline psa_status_t psa_key_slot_state_transition( * This function increments the key slot registered reader counter by one. * If multi-threading is enabled, the caller must hold the * global key slot mutex. + * * \param[in] slot The key slot. * * \retval #PSA_SUCCESS -- cgit v1.2.3 From 63952b7de5f1ef0e18b9c7ada084a9a7a64d452b Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 19 Jan 2024 13:45:19 +0000 Subject: Fix typo Signed-off-by: Ryan Everett --- library/threading.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/threading.c b/library/threading.c index 94404acb8c..c28290fb76 100644 --- a/library/threading.c +++ b/library/threading.c @@ -149,7 +149,7 @@ void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *), mbedtls_mutex_init(&mbedtls_threading_gmtime_mutex); #endif #if defined(MBEDTLS_PSA_CRYPTO_C) - mbedtls_mutext_init(&mbedtls_threading_key_slot_mutex); + mbedtls_mutex_init(&mbedtls_threading_key_slot_mutex); #endif } -- cgit v1.2.3