commit 41e50d26eac2fefff81c374731c53838480d598b
author Gilles Peskine <Gilles.Peskine@arm.com> Wed Jul 31 15:01:55 2019 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed Jul 31 16:54:38 2019 +0200
tree 5a843bfe60069d96544589718fbbea751dac3e66
parent 76aa09c9a96f38e46e387d84935983d1245a99cd

Remove "allocated" flag from key slots

The flag to mark key slots as allocated was introduced to mark slots
that are claimed and in use, but do not have key material yet, at a
time when creating a key used several API functions: allocate a slot,
then progressively set its metadata, and finally create the key
material. Now that all of these steps are combined into a single
API function call, the notion of allocated-but-not-filled slot is no
longer relevant. So remove the corresponding flag.

A slot is occupied iff there is a key in it. (For a key in a secure
element, the key material is not present, but the slot contains the
key metadata.) This key must have a type which is nonzero, so use this
as an indicator that a slot is in use.

library/psa_crypto_slot_management.c

diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 43ba412..0734009 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -74,8 +74,8 @@
         return( PSA_ERROR_INVALID_HANDLE );
     slot = &global_data.key_slots[handle - 1];
 
-    /* If the slot hasn't been allocated, the handle is invalid. */
-    if( ! psa_key_slot_get_flags( slot, PSA_KEY_SLOT_FLAG_ALLOCATED ) )
+    /* If the slot isn't occupied, the handle is invalid. */
+    if( ! psa_is_key_slot_occupied( slot ) )
         return( PSA_ERROR_INVALID_HANDLE );
 
     *p_slot = slot;
@@ -111,12 +111,8 @@
     for( *handle = PSA_KEY_SLOT_COUNT; *handle != 0; --( *handle ) )
     {
         *p_slot = &global_data.key_slots[*handle - 1];
-        if( ! psa_key_slot_get_flags( *p_slot, PSA_KEY_SLOT_FLAG_ALLOCATED ) )
-        {
-            psa_key_slot_set_bits_in_flags( *p_slot,
-                                            PSA_KEY_SLOT_FLAG_ALLOCATED );
+        if( ! psa_is_key_slot_occupied( *p_slot ) )
             return( PSA_SUCCESS );
-        }
     }
     *p_slot = NULL;
     return( PSA_ERROR_INSUFFICIENT_MEMORY );
@@ -272,13 +268,10 @@
     memset( stats, 0, sizeof( *stats ) );
     for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ )
     {
-        psa_key_slot_t *slot = &global_data.key_slots[key - 1];
-        if( slot->attr.type == PSA_KEY_TYPE_NONE )
+        const psa_key_slot_t *slot = &global_data.key_slots[key - 1];
+        if( ! psa_is_key_slot_occupied( slot ) )
         {
-            if( psa_key_slot_get_flags( slot, PSA_KEY_SLOT_FLAG_ALLOCATED ) )
-                ++stats->half_filled_slots;
-            else
-                ++stats->empty_slots;
+            ++stats->empty_slots;
             continue;
         }
         if( slot->attr.lifetime == PSA_KEY_LIFETIME_VOLATILE )