TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / ae9964d3ef2bc9f76a05eb43fcc216bdf5252c72^! / . / include / psa / crypto_se_driver.h
commitae9964d3ef2bc9f76a05eb43fcc216bdf5252c72[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Mon Aug 05 14:55:14 2019 +0200
committerGilles Peskine <Gilles.Peskine@arm.com>Thu Aug 08 11:02:30 2019 +0200
treed0493c63a24704c6198aa16114e7120d4fcc081c
parent0a233224316f85bcd30c40106579c3d35addf4c4 [diff] [blame]
Add validate_slot_number method to SE drivers

Pave the way for allowing the application to choose the slot number in
a secure element, rather than always letting the driver choose.

diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index cd57b06..127f17b 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h

@@ -833,6 +833,30 @@
     const psa_key_attributes_t *attributes,
     psa_key_slot_number_t *key_slot);
 
+/** \brief A function that determines whether a slot number is valid
+ * for a key.
+ *
+ * \param[in,out] drv_context       The driver context structure.
+ * \param[in] attributes    Attributes of the key.
+ * \param[in] key_slot      Slot where the key is to be stored.
+ *
+ * \retval #PSA_SUCCESS
+ *         The given slot number is valid for a key with the given
+ *         attributes.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The given slot number is not valid for a key with the
+ *         given attributes. This includes the case where the slot
+ *         number is not valid at all.
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ *         There is already a key with the specified slot number.
+ *         Drivers may choose to return this error from the key
+ *         creation function instead.
+ */
+typedef psa_status_t (*psa_drv_se_validate_slot_number_t)(
+    psa_drv_se_context_t *drv_context,
+    const psa_key_attributes_t *attributes,
+    psa_key_slot_number_t key_slot);
+
 /** \brief A function that imports a key into a secure element in binary format
  *
  * This function can support any output from psa_export_key(). Refer to the
@@ -993,6 +1017,16 @@
      * last call to this function had not taken place.
      */
     psa_drv_se_allocate_key_t   p_allocate;
+    /** Function that checks the validity of a slot for a key.
+     *
+     * The core calls this function instead of
+     * psa_drv_se_key_management_t::p_allocate to create
+     * a key in a specific slot. It then calls the actual creation function
+     * (such as psa_drv_se_key_management_t::p_import or
+     * psa_drv_se_key_management_t::p_generate) or
+     * psa_drv_se_key_management_t::p_destroy.
+     */
+    psa_drv_se_validate_slot_number_t p_validate_slot_number;
     /** Function that performs a key import operation */
     psa_drv_se_import_key_t     p_import;
     /** Function that performs a generation */