Keys may allow a second algorithm
Add a second permitted algorithm to key policies.
This commit includes smoke tests that do not cover psa_copy_key.
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 4cec118..a79b738 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -1933,6 +1933,43 @@
/* END_CASE */
/* BEGIN_CASE */
+void key_policy_alg2( int key_type_arg, data_t *key_data,
+ int usage_arg, int alg_arg, int alg2_arg )
+{
+ psa_key_handle_t handle = 0;
+ psa_key_type_t key_type = key_type_arg;
+ psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_key_policy_t got_policy = PSA_KEY_POLICY_INIT;
+ psa_key_usage_t usage = usage_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_algorithm_t alg2 = alg2_arg;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ PSA_ASSERT( psa_allocate_key( &handle ) );
+ psa_key_policy_set_usage( &policy, usage, alg );
+ psa_key_policy_set_enrollment_algorithm( &policy, alg2 );
+ PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
+ PSA_ASSERT( psa_import_key( handle, key_type,
+ key_data->x, key_data->len ) );
+
+ PSA_ASSERT( psa_get_key_policy( handle, &got_policy ) );
+ TEST_EQUAL( psa_key_policy_get_usage( &got_policy ), usage );
+ TEST_EQUAL( psa_key_policy_get_algorithm( &got_policy ), alg );
+ TEST_EQUAL( psa_key_policy_get_enrollment_algorithm( &got_policy ), alg2 );
+
+ if( ! exercise_key( handle, usage, alg ) )
+ goto exit;
+ if( ! exercise_key( handle, usage, alg2 ) )
+ goto exit;
+
+exit:
+ psa_destroy_key( handle );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void copy_key_policy( int source_usage_arg, int source_alg_arg,
int type_arg, data_t *material,
int target_usage_arg, int target_alg_arg,