From ae9964d3ef2bc9f76a05eb43fcc216bdf5252c72 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 5 Aug 2019 14:55:14 +0200
Subject: [PATCH] Add validate_slot_number method to SE drivers

Pave the way for allowing the application to choose the slot number in
a secure element, rather than always letting the driver choose.
---
 include/psa/crypto_se_driver.h | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index cd57b065d..127f17b5c 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -833,6 +833,30 @@ typedef psa_status_t (*psa_drv_se_allocate_key_t)(
     const psa_key_attributes_t *attributes,
     psa_key_slot_number_t *key_slot);
 
+/** \brief A function that determines whether a slot number is valid
+ * for a key.
+ *
+ * \param[in,out] drv_context       The driver context structure.
+ * \param[in] attributes    Attributes of the key.
+ * \param[in] key_slot      Slot where the key is to be stored.
+ *
+ * \retval #PSA_SUCCESS
+ *         The given slot number is valid for a key with the given
+ *         attributes.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The given slot number is not valid for a key with the
+ *         given attributes. This includes the case where the slot
+ *         number is not valid at all.
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ *         There is already a key with the specified slot number.
+ *         Drivers may choose to return this error from the key
+ *         creation function instead.
+ */
+typedef psa_status_t (*psa_drv_se_validate_slot_number_t)(
+    psa_drv_se_context_t *drv_context,
+    const psa_key_attributes_t *attributes,
+    psa_key_slot_number_t key_slot);
+
 /** \brief A function that imports a key into a secure element in binary format
  *
  * This function can support any output from psa_export_key(). Refer to the
@@ -993,6 +1017,16 @@ typedef struct {
      * last call to this function had not taken place.
      */
     psa_drv_se_allocate_key_t   p_allocate;
+    /** Function that checks the validity of a slot for a key.
+     *
+     * The core calls this function instead of
+     * psa_drv_se_key_management_t::p_allocate to create
+     * a key in a specific slot. It then calls the actual creation function
+     * (such as psa_drv_se_key_management_t::p_import or
+     * psa_drv_se_key_management_t::p_generate) or
+     * psa_drv_se_key_management_t::p_destroy.
+     */
+    psa_drv_se_validate_slot_number_t p_validate_slot_number;
     /** Function that performs a key import operation */
     psa_drv_se_import_key_t     p_import;
     /** Function that performs a generation */