Fix PSA crypto inconsistencies in agreement+derivation * #3741 Allow key agreement inside derivation with a key that's allowed for the relevant agreement. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

commit: ce48e85db9d8a63922f2274064f4d1d3d127356b [log] [tgz]
author: Steven Cooreman <steven.cooreman@silabs.com> Mon Oct 05 16:02:45 2020 +0200
committer: Steven Cooreman <steven.cooreman@silabs.com> Mon Oct 05 16:02:45 2020 +0200
tree: 677c7101c92f97a46f291844ecda6ad81e712b61
parent: 7f007f70e06e45ffcb70cee75c5e71b3316a3316 [diff] [blame]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 931e2e9..71a505c 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -1084,6 +1084,14 @@
         return( ( policy_alg & ~PSA_ALG_HASH_MASK ) ==
                 ( requested_alg & ~PSA_ALG_HASH_MASK ) );
     }
+    /* If policy_alg is a generic key agreement operation, then using it for
+     * a key derivation with that key agreement is also compliant. */
+    if( PSA_ALG_IS_RAW_KEY_AGREEMENT( policy_alg ) &&
+        PSA_ALG_IS_KEY_AGREEMENT( requested_alg ) )
+    {
+        return( PSA_ALG_KEY_AGREEMENT_GET_BASE( requested_alg ) ==
+                policy_alg );
+    }
     /* If it isn't permitted, it's forbidden. */
     return( 0 );
 }
commit	ce48e85db9d8a63922f2274064f4d1d3d127356b	[log] [tgz]
author	Steven Cooreman <steven.cooreman@silabs.com>	Mon Oct 05 16:02:45 2020 +0200
committer	Steven Cooreman <steven.cooreman@silabs.com>	Mon Oct 05 16:02:45 2020 +0200
tree	677c7101c92f97a46f291844ecda6ad81e712b61
parent	7f007f70e06e45ffcb70cee75c5e71b3316a3316 [diff] [blame]