From 5567e3a34bc43fdd3702ae782c6ea53afacf6c8f Mon Sep 17 00:00:00 2001
From: Ryan Everett <ryan.everett@arm.com>
Date: Wed, 8 Nov 2023 13:28:20 +0000
Subject: [PATCH 1/6] Make empty key slots explicit

Add new status field to key slots, and use it.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
---
 library/psa_crypto.c                 | 1 +
 library/psa_crypto_core.h            | 7 ++++++-
 library/psa_crypto_slot_management.c | 2 ++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index bbd6b24ed4..0660ee411b 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1786,6 +1786,7 @@ static psa_status_t psa_start_key_creation(
      * definition. */
 
     slot->attr = attributes->core;
+    slot->status = PSA_SLOT_OCCUPIED;
     if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
 #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
         slot->attr.id = volatile_key_id;
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index d406ce459d..700e0fef66 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -39,6 +39,11 @@ int psa_can_do_hash(psa_algorithm_t hash_alg);
 typedef struct {
     psa_core_key_attributes_t attr;
 
+    enum {
+        PSA_SLOT_EMPTY = 0,
+        PSA_SLOT_OCCUPIED,
+    } status;
+
     /*
      * Number of locks on the key slot held by the library.
      *
@@ -88,7 +93,7 @@ typedef struct {
  */
 static inline int psa_is_key_slot_occupied(const psa_key_slot_t *slot)
 {
-    return slot->attr.type != 0;
+    return slot->status == PSA_SLOT_OCCUPIED;
 }
 
 /** Test whether a key slot is locked.
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 3b8a319cbb..36d541044a 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -221,6 +221,7 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot)
     if (status != PSA_SUCCESS) {
         goto exit;
     }
+    slot->status = PSA_SLOT_OCCUPIED;
 
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
     /* Special handling is required for loading keys associated with a
@@ -315,6 +316,7 @@ static psa_status_t psa_load_builtin_key_into_slot(psa_key_slot_t *slot)
     /* Copy actual key length and core attributes into the slot on success */
     slot->key.bytes = key_buffer_length;
     slot->attr = attributes.core;
+    slot->status = PSA_SLOT_OCCUPIED;
 
 exit:
     if (status != PSA_SUCCESS) {

From 34d6a5c3df89b5d8c53272470b7287d85aaff575 Mon Sep 17 00:00:00 2001
From: Ryan Everett <ryan.everett@arm.com>
Date: Mon, 13 Nov 2023 09:52:12 +0000
Subject: [PATCH 2/6] Move enum definition to satisfy `check_names.py`

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
---
 library/psa_crypto_core.h | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 700e0fef66..46c57755ec 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -33,16 +33,18 @@
  */
 int psa_can_do_hash(psa_algorithm_t hash_alg);
 
+typedef enum {
+    PSA_SLOT_EMPTY = 0,
+    PSA_SLOT_OCCUPIED,
+} psa_key_slot_status_t;
+
 /** The data structure representing a key slot, containing key material
  * and metadata for one key.
  */
 typedef struct {
     psa_core_key_attributes_t attr;
 
-    enum {
-        PSA_SLOT_EMPTY = 0,
-        PSA_SLOT_OCCUPIED,
-    } status;
+    psa_key_slot_status_t status;
 
     /*
      * Number of locks on the key slot held by the library.

From 975d411d9226a010bcf47d8f1ca2ddf144a702d6 Mon Sep 17 00:00:00 2001
From: Ryan Everett <ryan.everett@arm.com>
Date: Thu, 16 Nov 2023 13:37:51 +0000
Subject: [PATCH 3/6] Only set slot to OCCUPIED on successful key loading

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
---
 library/psa_crypto.c                 | 3 ++-
 library/psa_crypto_slot_management.c | 6 +++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 0660ee411b..49dd915463 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1786,7 +1786,6 @@ static psa_status_t psa_start_key_creation(
      * definition. */
 
     slot->attr = attributes->core;
-    slot->status = PSA_SLOT_OCCUPIED;
     if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
 #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
         slot->attr.id = volatile_key_id;
@@ -1850,6 +1849,8 @@ static psa_status_t psa_start_key_creation(
     }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
+    slot->status = PSA_SLOT_OCCUPIED;
+
     return PSA_SUCCESS;
 }
 
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 36d541044a..38e3273851 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -221,7 +221,6 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot)
     if (status != PSA_SUCCESS) {
         goto exit;
     }
-    slot->status = PSA_SLOT_OCCUPIED;
 
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
     /* Special handling is required for loading keys associated with a
@@ -243,6 +242,11 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot)
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
     status = psa_copy_key_material_into_slot(slot, key_data, key_data_length);
+    if (status != PSA_SUCCESS){
+        goto exit;
+    }
+
+    slot->status = PSA_SLOT_OCCUPIED;
 
 exit:
     psa_free_persistent_key_data(key_data, key_data_length);

From 9f176a27664732e6476c2f461f323225b4bab6f0 Mon Sep 17 00:00:00 2001
From: Ryan Everett <ryan.everett@arm.com>
Date: Tue, 21 Nov 2023 11:49:57 +0000
Subject: [PATCH 4/6] Fix status assignments when loading persistent keys

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
---
 library/psa_crypto_slot_management.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 38e3273851..5ecc3a76c7 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -237,12 +237,16 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot)
         data = (psa_se_key_data_storage_t *) key_data;
         status = psa_copy_key_material_into_slot(
             slot, data->slot_number, sizeof(data->slot_number));
+
+        if (status == PSA_SUCCESS) {
+            slot->status = PSA_SLOT_OCCUPIED;
+        }
         goto exit;
     }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
     status = psa_copy_key_material_into_slot(slot, key_data, key_data_length);
-    if (status != PSA_SUCCESS){
+    if (status != PSA_SUCCESS) {
         goto exit;
     }
 

From d69f4017fbf949ab3aceca178b034b73e6e43dbc Mon Sep 17 00:00:00 2001
From: Ryan Everett <ryan.everett@arm.com>
Date: Thu, 23 Nov 2023 16:20:45 +0000
Subject: [PATCH 5/6] Refactor `psa_load_persistent_key_into_slot` to remove
 bad `goto`

Merges the two calls to `psa_copy_key_material_into_slot.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
---
 library/psa_crypto_slot_management.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 5ecc3a76c7..027800984c 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -234,14 +234,10 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot)
             status = PSA_ERROR_DATA_INVALID;
             goto exit;
         }
-        data = (psa_se_key_data_storage_t *) key_data;
-        status = psa_copy_key_material_into_slot(
-            slot, data->slot_number, sizeof(data->slot_number));
 
-        if (status == PSA_SUCCESS) {
-            slot->status = PSA_SLOT_OCCUPIED;
-        }
-        goto exit;
+        data = (psa_se_key_data_storage_t *) key_data;
+        key_data = data->slot_number;
+        key_data_length = sizeof(key_data);
     }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 

From 2a0d4e2995f22c47bfaa41bc66cf604099416277 Mon Sep 17 00:00:00 2001
From: Ryan Everett <ryan.everett@arm.com>
Date: Thu, 23 Nov 2023 16:33:12 +0000
Subject: [PATCH 6/6] Revert "Refactor `psa_load_persistent_key_into_slot` to
 remove bad `goto`"

This reverts commit d69f4017fbf949ab3aceca178b034b73e6e43dbc.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
---
 library/psa_crypto_slot_management.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 027800984c..5ecc3a76c7 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -234,10 +234,14 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot)
             status = PSA_ERROR_DATA_INVALID;
             goto exit;
         }
-
         data = (psa_se_key_data_storage_t *) key_data;
-        key_data = data->slot_number;
-        key_data_length = sizeof(key_data);
+        status = psa_copy_key_material_into_slot(
+            slot, data->slot_number, sizeof(data->slot_number));
+
+        if (status == PSA_SUCCESS) {
+            slot->status = PSA_SLOT_OCCUPIED;
+        }
+        goto exit;
     }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */