commit f14394b25f19a7c3ad9e4809778ee36487f23e50
author mohammad1603 <mohammad.abomokh@arm.com> Mon Jun 04 14:33:19 2018 +0300
committer itayzafrir <itay.zafrir@arm.com> Wed Sep 05 12:41:52 2018 +0300
tree 896bdb2d65394e483805b2a3f97a86cb0293cdc1
parent 96910d807ed73db0c5a06b5d17c07acd4c0120fd

add policy checks

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index df0201b..8207a9b 100755
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1505,7 +1505,8 @@
     if( cipher_info == NULL )
             return( PSA_ERROR_NOT_SUPPORTED );
 
-    //TODO: check key policy
+    if( !( slot->policy.usage & PSA_KEY_USAGE_ENCRYPT ) )
+        return( PSA_ERROR_NOT_PERMITTED );
 
     if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) != PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
         return( PSA_ERROR_INVALID_ARGUMENT );
@@ -1644,7 +1645,9 @@
     cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, &cipher_id );
     if( cipher_info == NULL )
             return( PSA_ERROR_NOT_SUPPORTED );
-    //TODO: check key policy
+    
+    if( !( slot->policy.usage & PSA_KEY_USAGE_DECRYPT ) )
+        return( PSA_ERROR_NOT_PERMITTED );
 
     if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC
             && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == cipher_info->block_size ) )