From 06e7920be5fd6a2680fea9f9a8a30c1a4e5c6a9a Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 28 Mar 2018 13:17:44 +0300 Subject: [PATCH] integrate policy key usage in export and asymmetric sign functions --- library/psa_crypto.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d53d6ee40..a12b45400 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -469,6 +469,9 @@ psa_status_t psa_export_key(psa_key_slot_t key, if( slot->type == PSA_KEY_TYPE_NONE ) return( PSA_ERROR_EMPTY_SLOT ); + if( !( slot->policy.usage & PSA_KEY_USAGE_EXPORT ) ) + return( PSA_ERROR_NOT_PERMITTED ); + if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) ) { if( slot->data.raw.bytes > data_size ) @@ -1185,6 +1188,8 @@ psa_status_t psa_asymmetric_sign(psa_key_slot_t key, return( PSA_ERROR_EMPTY_SLOT ); if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) ) return( PSA_ERROR_INVALID_ARGUMENT ); + if( !( slot->policy.usage & PSA_KEY_USAGE_SIGN ) ) + return( PSA_ERROR_NOT_PERMITTED ); #if defined(MBEDTLS_RSA_C) if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )