Split persistence and key id validation

With key usage based on key identifiers and not
key handles (openless APIs), volatile keys will
also have a key identifier. Thus, isolate key
identifier validation from key persistence
validation to clarify that key identifiers
are not specific to persistent keys.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/psa_crypto.c

@@ -1776,17 +1776,28 @@ static psa_status_t psa_validate_key_attributes(
     psa_se_drv_table_entry_t **p_drv )
 {
     psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
+    psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
 
     status = psa_validate_key_location( psa_get_key_lifetime( attributes ),
                                         p_drv );
     if( status != PSA_SUCCESS )
         return( status );
 
-    status = psa_validate_key_persistence( psa_get_key_lifetime( attributes ),
-                                           psa_get_key_id( attributes ) );
+    status = psa_validate_key_persistence( lifetime );
     if( status != PSA_SUCCESS )
         return( status );
 
+    /* Validate the key identifier only in the case of a persistent key. */
+    if ( ! PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
+    {
+        status = psa_validate_key_id(
+            psa_get_key_id( attributes ),
+            psa_key_lifetime_is_external( lifetime ) );
+
+        if( status != PSA_SUCCESS )
+            return( status );
+    }
+
     status = psa_validate_key_policy( &attributes->core.policy );
     if( status != PSA_SUCCESS )
         return( status );