TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d708260de45c74786c85124f8341ef210686087e^! / . / library / psa_crypto.c
commitd708260de45c74786c85124f8341ef210686087e[log] [tgz]
authorNir Sonnenschein <nir.sonnenschein@arm.com>Mon Jun 04 16:45:27 2018 +0300
committeritayzafrir <itay.zafrir@arm.com>Wed Sep 05 12:44:17 2018 +0300
treef2dfbc6a9e8839e66af60d1360a3303c862c8bed
parentca466c89b09e2ad7ae23e47a1142c0f9129c309a [diff] [blame]
add key policy enforcement implementation

add checks that keys have been set for the correct usage for asymmetric
functions.

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ba688bc..dce8e09 100755
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -1345,6 +1345,8 @@
     slot = &global_data.key_slots[key];
     if( slot->type == PSA_KEY_TYPE_NONE )
         return( PSA_ERROR_EMPTY_SLOT );
+    if (!(slot->policy.usage & PSA_KEY_USAGE_VERIFY))
+        return(PSA_ERROR_NOT_PERMITTED);
 
  #if defined(MBEDTLS_RSA_C)
     if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
@@ -1431,6 +1433,8 @@
         return( PSA_ERROR_EMPTY_SLOT );
     if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
         return( PSA_ERROR_INVALID_ARGUMENT );
+    if (!(slot->policy.usage & PSA_KEY_USAGE_ENCRYPT))
+        return(PSA_ERROR_NOT_PERMITTED);
 
 
 #if defined(MBEDTLS_RSA_C)
@@ -1505,6 +1509,8 @@
         return( PSA_ERROR_EMPTY_SLOT );
     if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
         return( PSA_ERROR_INVALID_ARGUMENT );
+    if (!(slot->policy.usage & PSA_KEY_USAGE_DECRYPT))
+        return(PSA_ERROR_NOT_PERMITTED);
 
 #if defined(MBEDTLS_RSA_C)
     if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )