Do key usage policy extension when loading keys
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index be89f28..381abf9 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -392,15 +392,19 @@
return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) );
}
-static inline void psa_set_key_usage_flags( psa_key_attributes_t *attributes,
- psa_key_usage_t usage_flags )
+static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags )
{
- if( usage_flags & PSA_KEY_USAGE_SIGN_HASH )
- usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
+ if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH )
+ *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
- if( usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
- usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
+ if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
+ *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
+}
+static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
+ psa_key_usage_t usage_flags)
+{
+ psa_extend_key_usage_flags( &usage_flags );
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags;
}
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 925d684..bab2a1a 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -391,6 +391,10 @@
if( status == PSA_ERROR_DOES_NOT_EXIST )
status = PSA_ERROR_INVALID_HANDLE;
}
+ else
+ /* Do the key usage policy extension. */
+ psa_extend_key_usage_flags( &(*p_slot)->attr.policy.usage );
+
return( status );
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
return( PSA_ERROR_INVALID_HANDLE );