psa_destroy_key: return SUCCESS on an empty slot

Do wipe the slot even if it doesn't contain a key, to erase any metadata.
2018-04-19 08:38:16 +02:00 · 2018-04-19 08:38:16 +02:00 · 154bd95131
commit 154bd95131
parent 71bb7b77f0
2 changed files with 16 additions and 4 deletions
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@ -539,7 +539,17 @@ psa_status_t psa_import_key(psa_key_slot_t key,
                            size_t data_length);

 /**
- * \brief Destroy a key.
+ * \brief Destroy a key and restore the slot to its default state.
+ *
+ * This function destroys the content of the key slot from both volatile
+ * memory and, if applicable, non-volatile storage. Implementations shall
+ * make a best effort to ensure that any previous content of the slot is
+ * unrecoverable.
+ *
+ * This function also erases any metadata such as policies. It returns the
+ * specified slot to its default state.
+ *
+ * \param key           The key slot to erase.
 *
 * \retval PSA_SUCCESS
 *         The slot's content, if any, has been erased.
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -373,9 +373,11 @@ psa_status_t psa_destroy_key(psa_key_slot_t key)
        return( PSA_ERROR_INVALID_ARGUMENT );
    slot = &global_data.key_slots[key];
    if( slot->type == PSA_KEY_TYPE_NONE )
-        return( PSA_ERROR_EMPTY_SLOT );
-
-    if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
+    {
+        /* No key material to clean, but do zeroize the slot below to wipe
+         * metadata such as policies. */
+    }
+    else if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
    {
        mbedtls_free( slot->data.raw.data );
    }