diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1f69b55e1..3e174f9c2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1345,7 +1345,7 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) return( PSA_SUCCESS ); /* - * Get the description of the key in a key slot. In case of a permanent + * Get the description of the key in a key slot. In case of a persistent * key, this will load the key description from persistent memory if not * done yet. We cannot avoid this loading as without it we don't know if * the key is operated by an SE or not and this information is needed by diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 32d1d6077..489be31e2 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -53,10 +53,10 @@ typedef struct * may access it. For example, such control is needed in the following * scenarios: * . In case of key slot starvation, all key slots contain the description - * of a key, and the library asks for the description of a permanent + * of a key, and the library asks for the description of a persistent * key not present in the key slots, the key slots currently accessed by * the library cannot be reclaimed to free a key slot to load the - * permanent key. + * persistent key. * . In case of a multi-threaded application where one thread asks to close * or purge or destroy a key while it is in used by the library through * another thread. diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 5a1fc741f..a114eecdb 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -175,7 +175,7 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t slot_idx; - psa_key_slot_t *selected_slot, *unaccessed_permanent_key_slot; + psa_key_slot_t *selected_slot, *unaccessed_persistent_key_slot; if( ! global_data.key_slots_initialized ) { @@ -183,7 +183,7 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, goto error; } - selected_slot = unaccessed_permanent_key_slot = NULL; + selected_slot = unaccessed_persistent_key_slot = NULL; for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) { psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; @@ -193,22 +193,23 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, break; } - if( ( unaccessed_permanent_key_slot == NULL ) && + if( ( unaccessed_persistent_key_slot == NULL ) && ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) && ( ! psa_is_key_slot_accessed( slot ) ) ) - unaccessed_permanent_key_slot = slot; + unaccessed_persistent_key_slot = slot; } /* * If there is no unused key slot and there is at least one unaccessed key * slot containing the description of a permament key, recycle the first * such key slot we encountered. If we need later on to operate on the - * permanent key we evict now, we will reload its description from storage. + * persistent key we evict now, we will reload its description from + * storage. */ if( ( selected_slot == NULL ) && - ( unaccessed_permanent_key_slot != NULL ) ) + ( unaccessed_persistent_key_slot != NULL ) ) { - selected_slot = unaccessed_permanent_key_slot; + selected_slot = unaccessed_persistent_key_slot; selected_slot->access_count = 1; psa_wipe_key_slot( selected_slot ); } diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index d2d6c01b9..396cdfb53 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -187,8 +187,8 @@ invalid_handle:INVALID_HANDLE_HUGE:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HA Open many transient keys many_transient_keys:42 -# Eviction from a key slot to be able to import a new permanent key. -Key slot eviction to import a new permanent key +# Eviction from a key slot to be able to import a new persistent key. +Key slot eviction to import a new persistent key key_slot_eviction_to_import_new_key:PSA_KEY_LIFETIME_PERSISTENT # Eviction from a key slot to be able to import a new volatile key. @@ -197,12 +197,12 @@ key_slot_eviction_to_import_new_key:PSA_KEY_LIFETIME_VOLATILE # Check that non reusable key slots are not deleted/overwritten in case of key # slot starvation: -# . An attempt to access a permanent key while all RAM key slots are occupied +# . An attempt to access a persistent key while all RAM key slots are occupied # by volatile keys fails and does not lead to volatile key data to be # spoiled. -# . With all key slot in use with one containing a permanent key, an attempt -# to copy the permanent key fails (the permanent key slot cannot be reclaimed -# as it is accessed by the copy process) without the permament key data and -# volatile key data being spoiled. +# . With all key slot in use with one containing a persistent key, an attempt +# to copy the persistent key fails (the persistent key slot cannot be +# reclaimed as it is accessed by the copy process) without the persistent key +# data and volatile key data being spoiled. Non reusable key slots integrity in case of key slot starvation non_reusable_key_slots_integrity_in_case_of_key_slot_starvation diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 321ce4f33..ac2e6f7fc 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -97,7 +97,7 @@ static int invalidate_key( invalidate_method_t invalidate_method, { switch( invalidate_method ) { - /* Closing the key invalidate only volatile keys, not permanent ones. */ + /* Closing the key invalidate only volatile keys, not persistent ones. */ case INVALIDATE_BY_CLOSING: case INVALIDATE_BY_CLOSING_WITH_SHUTDOWN: PSA_ASSERT( psa_close_key( key ) ); @@ -960,8 +960,8 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( ) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t exported[sizeof( size_t )]; size_t exported_length; - mbedtls_svc_key_id_t permanent_key = MBEDTLS_SVC_KEY_ID_INIT; - mbedtls_svc_key_id_t permanent_key2 = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t persistent_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t persistent_key2 = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t *keys = NULL; @@ -976,15 +976,15 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( ) psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); /* - * Create a permanent key + * Create a persistent key */ - permanent_key = mbedtls_svc_key_id_make( 0x100, 0x205 ); - psa_set_key_id( &attributes, permanent_key ); + persistent_key = mbedtls_svc_key_id_make( 0x100, 0x205 ); + psa_set_key_id( &attributes, persistent_key ); PSA_ASSERT( psa_import_key( &attributes, - (uint8_t *) &permanent_key, - sizeof( permanent_key ), + (uint8_t *) &persistent_key, + sizeof( persistent_key ), &returned_key_id ) ); - TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, permanent_key ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, persistent_key ) ); /* * Create PSA_KEY_SLOT_COUNT volatile keys @@ -1003,7 +1003,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( ) * occupied by volatile keys and the implementation needs to load the * persistent key description in a slot to be able to access it. */ - status = psa_get_key_attributes( permanent_key, &attributes ); + status = psa_get_key_attributes( persistent_key, &attributes ); TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_MEMORY ); /* @@ -1020,18 +1020,18 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( ) /* * Check that we can now access the persistent key again. */ - PSA_ASSERT( psa_get_key_attributes( permanent_key, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( persistent_key, &attributes ) ); TEST_ASSERT( mbedtls_svc_key_id_equal( attributes.core.id, - permanent_key ) ); + persistent_key ) ); /* * Check that we cannot copy the persistent key as all slots are occupied - * by the permanent key and the volatile keys and the slot containing the - * permanent key cannot be reclaimed as it contains the key to copy. + * by the persistent key and the volatile keys and the slot containing the + * persistent key cannot be reclaimed as it contains the key to copy. */ - permanent_key2 = mbedtls_svc_key_id_make( 0x100, 0x204 ); - psa_set_key_id( &attributes, permanent_key2 ); - status = psa_copy_key( permanent_key, &attributes, &returned_key_id ); + persistent_key2 = mbedtls_svc_key_id_make( 0x100, 0x204 ); + psa_set_key_id( &attributes, persistent_key2 ); + status = psa_copy_key( persistent_key, &attributes, &returned_key_id ); TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_MEMORY ); /* @@ -1053,12 +1053,12 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( ) * value. */ - PSA_ASSERT( psa_export_key( permanent_key, exported, sizeof( exported ), + PSA_ASSERT( psa_export_key( persistent_key, exported, sizeof( exported ), &exported_length ) ); ASSERT_COMPARE( exported, exported_length, - (uint8_t *) &permanent_key, sizeof( permanent_key ) ); + (uint8_t *) &persistent_key, sizeof( persistent_key ) ); exit: - psa_destroy_key( permanent_key ); + psa_destroy_key( persistent_key ); PSA_DONE( ); mbedtls_free( keys ); }