psa_drv_se_allocate_key_t

A function that allocates a slot for a key. To create a key in a specific slot in a secure element, the core first calls this function to determine a valid slot number, then calls a function to create the key material in that slot. In nominal conditions (that is, if no error occurs), the effect of a call to a key creation function in the PSA Cryptography API with a lifetime that places the key in a secure element is the following: -# The core calls psa_drv_se_key_management_t::p_allocate (or in some implementations psa_drv_se_key_management_t::p_validate_slot_number). The driver selects (or validates) a suitable slot number given the key attributes and the state of the secure element. -# The core calls a key creation function in the driver. The key creation functions in the PSA Cryptography API are: - psa_import_key(), which causes a call to `p_allocate` with \p method = #PSA_KEY_CREATION_IMPORT then a call to psa_drv_se_key_management_t::p_import. - psa_generate_key(), which causes a call to `p_allocate` with \p method = #PSA_KEY_CREATION_GENERATE then a call to psa_drv_se_key_management_t::p_import. - psa_key_derivation_output_key(), which causes a call to `p_allocate` with \p method = #PSA_KEY_CREATION_DERIVE then a call to psa_drv_se_key_derivation_t::p_derive. - psa_copy_key(), which causes a call to `p_allocate` with \p method = #PSA_KEY_CREATION_COPY then a call to psa_drv_se_key_management_t::p_export. In case of errors, other behaviors are possible. - If the PSA Cryptography subsystem dies after the first step, for example because the device has lost power abruptly, the second step may never happen, or may happen after a reset and re-initialization. Alternatively, after a reset and re-initialization, the core may call psa_drv_se_key_management_t::p_destroy on the slot number that was allocated (or validated) instead of calling a key creation function. - If an error occurs, the core may call psa_drv_se_key_management_t::p_destroy on the slot number that was allocated (or validated) instead of calling a key creation function. Errors and system resets also have an impact on the driver's persistent data. If a reset happens before the overall key creation process is completed (before or after the second step above), it is unspecified whether the persistent data after the reset is identical to what it was before or after the call to `p_allocate` (or `p_validate_slot_number`).