Forbid volatile key identifiers for non volatile keys
Volatile key identifiers in the vendor range are
reserved to volatile keys thus don't allow them
for persistent keys when creating a key.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index 98a1ce7..b1d66e4 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -155,13 +155,17 @@
/** Validate a key identifier.
*
- * \param[in] key The key identifier.
- * \param[in] vendor_ok Non-zero to indicate that key identifiers in the
- * vendor range are allowed, \c 0 otherwise.
+ * \param[in] key The key identifier.
+ * \param[in] vendor_ok Non-zero to indicate that key identifiers in the
+ * vendor range are allowed, volatile key identifiers
+ * excepted \c 0 otherwise.
+ * \param[in] volatile_ok Non-zero to indicate that volatile key identifiers
+ * are allowed \c 0 otherwise.
*
* \retval #PSA_SUCCESS The identifier is valid.
* \retval #PSA_ERROR_INVALID_ARGUMENT The key identifier is not valid.
*/
-psa_status_t psa_validate_key_id( mbedtls_svc_key_id_t key, int vendor_ok );
+psa_status_t psa_validate_key_id(
+ mbedtls_svc_key_id_t key, int vendor_ok, int volatile_ok );
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */