Do key usage policy extension when loading keys
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index aee4002..94242f8 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -391,15 +391,19 @@
return( attributes->core.lifetime );
}
+static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags )
+{
+ if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH )
+ *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
+
+ if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
+ *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
+}
+
static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
psa_key_usage_t usage_flags)
{
- if( usage_flags & PSA_KEY_USAGE_SIGN_HASH )
- usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
-
- if( usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
- usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
-
+ psa_extend_key_usage_flags( &usage_flags );
attributes->core.policy.usage = usage_flags;
}
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index f90b0e3..3d10353 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -392,6 +392,10 @@
if( status == PSA_ERROR_DOES_NOT_EXIST )
status = PSA_ERROR_INVALID_HANDLE;
}
+ else
+ /* Do the key usage policy extension. */
+ psa_extend_key_usage_flags( &(*p_slot)->attr.policy.usage );
+
return( status );
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
return( PSA_ERROR_INVALID_HANDLE );