Move more slot management functions to the proper module

Move psa_load_persistent_key_into_slot,
psa_internal_make_key_persistent and psa_internal_release_key_slot to
the slot management module.

Expose psa_import_key_into_slot from the core.

After this commit, there are no longer any functions declared in
psa_crypto_slot_management.h and defined in psa_crypto.c. There are
still function calls in both directions between psa_crypto.c and
psa_crypto_slot_management.c.

library/psa_crypto.c

@@ -611,9 +611,9 @@ exit:
 /** Import key data into a slot. `slot->type` must have been set
  * previously. This function assumes that the slot does not contain
  * any key material yet. On failure, the slot content is unchanged. */
-static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
-                                              const uint8_t *data,
-                                              size_t data_length )
+psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
+                                       const uint8_t *data,
+                                       size_t data_length )
 {
     psa_status_t status = PSA_SUCCESS;
 
@@ -692,27 +692,6 @@ static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
     return( PSA_SUCCESS );
 }
 
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *p_slot )
-{
-    psa_status_t status = PSA_SUCCESS;
-    uint8_t *key_data = NULL;
-    size_t key_data_length = 0;
-
-    status = psa_load_persistent_key( p_slot->persistent_storage_id,
-                                      &( p_slot )->type,
-                                      &( p_slot )->policy, &key_data,
-                                      &key_data_length );
-    if( status != PSA_SUCCESS )
-        goto exit;
-    status = psa_import_key_into_slot( p_slot,
-                                       key_data, key_data_length );
-exit:
-    psa_free_persistent_key_data( key_data, key_data_length );
-    return( status );
-}
-#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
-
 /* Retrieve an empty key slot (slot with no key data, but possibly
  * with some metadata such as a policy). */
 static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle,
@@ -817,51 +796,6 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
     return( status );
 }
 
-psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
-                                               psa_key_id_t id )
-{
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-    psa_key_slot_t *slot;
-    psa_status_t status;
-
-    /* Reject id=0 because by general library conventions, 0 is an invalid
-     * value wherever possible. */
-    if( id == 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    /* Reject high values because the file names are reserved for the
-     * library's internal use. */
-    if( id >= PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    status = psa_get_key_slot( handle, &slot );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    slot->lifetime = PSA_KEY_LIFETIME_PERSISTENT;
-    slot->persistent_storage_id = id;
-    status = psa_load_persistent_key_into_slot( slot );
-
-    return( status );
-
-#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-    (void) handle;
-    (void) id;
-    return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
-}
-
-psa_status_t psa_internal_release_key_slot( psa_key_handle_t handle )
-{
-    psa_key_slot_t *slot;
-    psa_status_t status;
-
-    status = psa_get_key_slot( handle, &slot );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    return( psa_wipe_key_slot( slot ) );
-}
-
 psa_status_t psa_import_key( psa_key_handle_t handle,
                              psa_key_type_t type,
                              const uint8_t *data,

library/psa_crypto_core.h

@@ -63,4 +63,11 @@ typedef struct
  * Persistent storage is not affected. */
 psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
 
+/** Import key data into a slot. `slot->type` must have been set
+ * previously. This function assumes that the slot does not contain
+ * any key material yet. On failure, the slot content is unchanged. */
+psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
+                                       const uint8_t *data,
+                                       size_t data_length );
+
 #endif /* PSA_CRYPTO_CORE_H */

library/psa_crypto_slot_management.c

@@ -119,6 +119,28 @@ static psa_status_t psa_internal_allocate_key_slot( psa_key_handle_t *handle )
     return( PSA_ERROR_INSUFFICIENT_MEMORY );
 }
 
+/** Wipe a key slot and mark it as available.
+ *
+ * This does not affect persistent storage.
+ *
+ * \param handle        The key slot number to release.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_TAMPERING_DETECTED
+ */
+static psa_status_t psa_internal_release_key_slot( psa_key_handle_t handle )
+{
+    psa_key_slot_t *slot;
+    psa_status_t status;
+
+    status = psa_get_key_slot( handle, &slot );
+    if( status != PSA_SUCCESS )
+        return( status );
+
+    return( psa_wipe_key_slot( slot ) );
+}
+
 psa_status_t psa_allocate_key( psa_key_type_t type,
                                size_t max_bits,
                                psa_key_handle_t *handle )
@@ -130,6 +152,78 @@ psa_status_t psa_allocate_key( psa_key_type_t type,
     return( psa_internal_allocate_key_slot( handle ) );
 }
 
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *p_slot )
+{
+    psa_status_t status = PSA_SUCCESS;
+    uint8_t *key_data = NULL;
+    size_t key_data_length = 0;
+
+    status = psa_load_persistent_key( p_slot->persistent_storage_id,
+                                      &( p_slot )->type,
+                                      &( p_slot )->policy, &key_data,
+                                      &key_data_length );
+    if( status != PSA_SUCCESS )
+        goto exit;
+    status = psa_import_key_into_slot( p_slot,
+                                       key_data, key_data_length );
+exit:
+    psa_free_persistent_key_data( key_data, key_data_length );
+    return( status );
+}
+#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+
+/** Declare a slot as persistent and load it from storage.
+ *
+ * This function may only be called immediately after a successful call
+ * to psa_internal_allocate_key_slot().
+ *
+ * \param handle        A handle to a key slot freshly allocated with
+ *                      psa_internal_allocate_key_slot().
+ *
+ * \retval #PSA_SUCCESS
+ *         The slot content was loaded successfully.
+ * \retval #PSA_ERROR_EMPTY_SLOT
+ *         There is no content for this slot in persistent storage.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \p id is not acceptable.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ */
+static psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
+                                                      psa_key_id_t id )
+{
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+    psa_key_slot_t *slot;
+    psa_status_t status;
+
+    /* Reject id=0 because by general library conventions, 0 is an invalid
+     * value wherever possible. */
+    if( id == 0 )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+    /* Reject high values because the file names are reserved for the
+     * library's internal use. */
+    if( id >= PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+
+    status = psa_get_key_slot( handle, &slot );
+    if( status != PSA_SUCCESS )
+        return( status );
+
+    slot->lifetime = PSA_KEY_LIFETIME_PERSISTENT;
+    slot->persistent_storage_id = id;
+    status = psa_load_persistent_key_into_slot( slot );
+
+    return( status );
+
+#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
+    (void) handle;
+    (void) id;
+    return( PSA_ERROR_NOT_SUPPORTED );
+#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
+}
+
 static psa_status_t persistent_key_setup( psa_key_lifetime_t lifetime,
                                           psa_key_id_t id,
                                           psa_key_handle_t *handle,

library/psa_crypto_slot_management.h

@@ -37,43 +37,4 @@ psa_status_t psa_initialize_key_slots( void );
  * storage. */
 void psa_wipe_all_key_slots( void );
 
-/** \defgroup core_slot_management Internal functions exposed by the core
- * @{
- */
-
-/** Wipe an a key slot and mark it as available.
- *
- * This does not affect persistent storage.
- *
- * \param handle        The key slot number to release.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_TAMPERING_DETECTED
- */
-psa_status_t psa_internal_release_key_slot( psa_key_handle_t handle );
-
-/** Declare a slot as persistent and load it from storage.
- *
- * This function may only be called immediately after a successful call
- * to psa_internal_allocate_key_slot().
- *
- * \param handle        A handle to a key slot freshly allocated with
- *                      psa_internal_allocate_key_slot().
- *
- * \retval #PSA_SUCCESS
- *         The slot content was loaded successfully.
- * \retval #PSA_ERROR_EMPTY_SLOT
- *         There is no content for this slot in persistent storage.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p id is not acceptable.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_STORAGE_FAILURE
- */
-psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
-                                               psa_key_id_t id );
-
-/**@}*/
-
 #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */