add key policy enforcement implementation
add checks that keys have been set for the correct usage for asymmetric
functions.
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index caa0abd..690b22c 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -595,6 +595,7 @@
size_t signature_size;
psa_status_t actual_status;
psa_status_t expected_status = expected_status_arg;
+ psa_key_policy_t policy = {0};
key_data = unhexify_alloc( key_hex, &key_size );
TEST_ASSERT( key_data != NULL );
@@ -605,6 +606,12 @@
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
+ psa_key_policy_init( &policy );
+
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg_arg );
+
+ TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
+
TEST_ASSERT( psa_import_key( slot, key_type,
key_data, key_size ) == PSA_SUCCESS );
@@ -643,6 +650,7 @@
unsigned char *output2 = NULL;
size_t output2_size = 0;
size_t output2_length = 0;
+ psa_key_policy_t policy = {0};
key_data = unhexify_alloc( key_hex, &key_size );
TEST_ASSERT( key_data != NULL );
@@ -657,6 +665,10 @@
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
+ psa_key_policy_init( &policy );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg_arg );
+ TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
+
TEST_ASSERT( psa_import_key( slot, key_type,
key_data, key_size ) == PSA_SUCCESS );
@@ -710,6 +722,7 @@
size_t output_length = 0;
psa_status_t actual_status;
psa_status_t expected_status = expected_status_arg;
+ psa_key_policy_t policy = {0};
key_data = unhexify_alloc( key_hex, &key_size );
TEST_ASSERT( key_data != NULL );
@@ -721,6 +734,10 @@
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
+ psa_key_policy_init( &policy );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg_arg );
+ TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
+
TEST_ASSERT( psa_import_key( slot, key_type,
key_data, key_size ) == PSA_SUCCESS );
@@ -774,6 +791,10 @@
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
+ psa_key_policy_init( &policy );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg_arg );
+ TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
+
TEST_ASSERT( psa_import_key( slot, key_type,
key_data, key_size ) == PSA_SUCCESS );
@@ -818,6 +839,7 @@
size_t output_length = 0;
psa_status_t actual_status;
psa_status_t expected_status = expected_status_arg;
+ psa_key_policy_t policy = {0};
key_data = unhexify_alloc( key_hex, &key_size );
TEST_ASSERT( key_data != NULL );
@@ -829,6 +851,10 @@
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
+ psa_key_policy_init( &policy );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg_arg );
+ TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
+
TEST_ASSERT( psa_import_key( slot, key_type,
key_data, key_size ) == PSA_SUCCESS );