Forbid volatile key identifiers for non volatile keys

Volatile key identifiers in the vendor range are
reserved to volatile keys thus don't allow them
for persistent keys when creating a key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index a437aee..17cec97 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1792,7 +1792,7 @@
     {
         status = psa_validate_key_id(
             psa_get_key_id( attributes ),
-            psa_key_lifetime_is_external( lifetime ) );
+            psa_key_lifetime_is_external( lifetime ), 0 );
 
         if( status != PSA_SUCCESS )
             return( status );
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 6471591..1e521d1 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -51,7 +51,8 @@
 
 static psa_global_data_t global_data;
 
-psa_status_t psa_validate_key_id( mbedtls_svc_key_id_t key, int vendor_ok )
+psa_status_t psa_validate_key_id(
+    mbedtls_svc_key_id_t key, int vendor_ok, int volatile_ok )
 {
     psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );
 
@@ -61,7 +62,12 @@
 
     if( vendor_ok &&
         ( PSA_KEY_ID_VENDOR_MIN <= key_id ) &&
-        ( key_id <= PSA_KEY_ID_VENDOR_MAX ) )
+        ( key_id < PSA_KEY_ID_VOLATILE_MIN ) )
+        return( PSA_SUCCESS );
+
+    if( volatile_ok &&
+        ( PSA_KEY_ID_VOLATILE_MIN <= key_id ) &&
+        ( key_id <= PSA_KEY_ID_VOLATILE_MAX ) )
         return( PSA_SUCCESS );
 
     return( PSA_ERROR_INVALID_HANDLE );
@@ -191,7 +197,7 @@
     if( ! global_data.key_slots_initialized )
         return( PSA_ERROR_BAD_STATE );
 
-    status = psa_validate_key_id( key, 1 );
+    status = psa_validate_key_id( key, 1, 1 );
     if( status != PSA_SUCCESS )
         return( status );
 
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index 98a1ce7..b1d66e4 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -155,13 +155,17 @@
 
 /** Validate a key identifier.
  *
- * \param[in] key        The key identifier.
- * \param[in] vendor_ok  Non-zero to indicate that key identifiers in the
- *                       vendor range are allowed, \c 0 otherwise.
+ * \param[in] key           The key identifier.
+ * \param[in] vendor_ok     Non-zero to indicate that key identifiers in the
+ *                          vendor range are allowed, volatile key identifiers
+ *                          excepted \c 0 otherwise.
+ * \param[in] volatile_ok   Non-zero to indicate that volatile key identifiers
+ *                          are allowed \c 0 otherwise.
  *
  * \retval #PSA_SUCCESS The identifier is valid.
  * \retval #PSA_ERROR_INVALID_ARGUMENT The key identifier is not valid.
  */
-psa_status_t psa_validate_key_id( mbedtls_svc_key_id_t key, int vendor_ok );
+psa_status_t psa_validate_key_id(
+    mbedtls_svc_key_id_t key, int vendor_ok, int volatile_ok );
 
 #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */