Forbid volatile key identifiers for non volatile keys
Volatile key identifiers in the vendor range are
reserved to volatile keys thus don't allow them
for persistent keys when creating a key.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 6471591..1e521d1 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -51,7 +51,8 @@
static psa_global_data_t global_data;
-psa_status_t psa_validate_key_id( mbedtls_svc_key_id_t key, int vendor_ok )
+psa_status_t psa_validate_key_id(
+ mbedtls_svc_key_id_t key, int vendor_ok, int volatile_ok )
{
psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );
@@ -61,7 +62,12 @@
if( vendor_ok &&
( PSA_KEY_ID_VENDOR_MIN <= key_id ) &&
- ( key_id <= PSA_KEY_ID_VENDOR_MAX ) )
+ ( key_id < PSA_KEY_ID_VOLATILE_MIN ) )
+ return( PSA_SUCCESS );
+
+ if( volatile_ok &&
+ ( PSA_KEY_ID_VOLATILE_MIN <= key_id ) &&
+ ( key_id <= PSA_KEY_ID_VOLATILE_MAX ) )
return( PSA_SUCCESS );
return( PSA_ERROR_INVALID_HANDLE );
@@ -191,7 +197,7 @@
if( ! global_data.key_slots_initialized )
return( PSA_ERROR_BAD_STATE );
- status = psa_validate_key_id( key, 1 );
+ status = psa_validate_key_id( key, 1, 1 );
if( status != PSA_SUCCESS )
return( status );