commit 805c735a8b6c9db80c6ef33d7932e6c1eaf37a6e
author gabor-mezei-arm <gabor.mezei@arm.com> Mon Jun 28 20:02:11 2021 +0200
committer gabor-mezei-arm <gabor.mezei@arm.com> Mon Jun 28 21:36:58 2021 +0200
tree f6048799fbd1537ab6799679cf4d24984d591673
parent 5ea30377d31e7b7ee6d6adda24d343d84148d5a3

Move key type validation to crypto_knowledge

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>

scripts/mbedtls_dev/crypto_knowledge.py

diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py
index 213b64d..605ce7e 100644
--- a/scripts/mbedtls_dev/crypto_knowledge.py
+++ b/scripts/mbedtls_dev/crypto_knowledge.py
@@ -19,7 +19,7 @@
 # limitations under the License.
 
 import re
-from typing import Iterable, Optional, Tuple
+from typing import Iterable, Optional, Tuple, Dict
 
 from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA
 
@@ -136,3 +136,18 @@
             return des3[:length]
         return b''.join([self.DATA_BLOCK] * (length // len(self.DATA_BLOCK)) +
                         [self.DATA_BLOCK[:length % len(self.DATA_BLOCK)]])
+
+    KEY_TYPE_FOR_SIGNATURE = {
+        'PSA_KEY_USAGE_SIGN_HASH': '.*KEY_PAIR',
+        'PSA_KEY_USAGE_VERIFY_HASH': '.*KEY.*'
+    } #type: Dict[str, str]
+    """Use a regexp to determine key types for which signature is possible
+       when using the actual usage flag.
+    """
+    def is_valid_for_signature(self, usage: str) -> bool:
+        """Determine if the key type is compatible with the specified
+           signitute type.
+
+        """
+        # This is just temporaly solution for the implicit usage flags.
+        return re.match(self.KEY_TYPE_FOR_SIGNATURE[usage], self.name) is not None