integrate policy key usage in export and asymmetric sign functions
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index d53d6ee..a12b454 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -469,6 +469,9 @@
if( slot->type == PSA_KEY_TYPE_NONE )
return( PSA_ERROR_EMPTY_SLOT );
+ if( !( slot->policy.usage & PSA_KEY_USAGE_EXPORT ) )
+ return( PSA_ERROR_NOT_PERMITTED );
+
if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
{
if( slot->data.raw.bytes > data_size )
@@ -1185,6 +1188,8 @@
return( PSA_ERROR_EMPTY_SLOT );
if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
return( PSA_ERROR_INVALID_ARGUMENT );
+ if( !( slot->policy.usage & PSA_KEY_USAGE_SIGN ) )
+ return( PSA_ERROR_NOT_PERMITTED );
#if defined(MBEDTLS_RSA_C)
if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )