Extend PSA_USAGE_SIGN/VERIFY_HASH key policies

According to the PSA specification the PSA_USAGE_SIGN_HASH has the
permission to sign a message as PSA_USAGE_SIGN_MESSAGE. Similarly the
PSA_USAGE_VERIFY_HASH has the permission to verify a message as
PSA_USAGE_VERIFY_MESSAGE. These permission will also be present when
the application queries the usage flags of the key.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
This commit is contained in:
gabor-mezei-arm 2021-04-29 15:57:57 +02:00
parent 8682faeb09
commit 86bf008782

View file

@ -395,6 +395,12 @@ static inline psa_key_lifetime_t psa_get_key_lifetime(
static inline void psa_set_key_usage_flags( psa_key_attributes_t *attributes,
psa_key_usage_t usage_flags )
{
if( usage_flags & PSA_KEY_USAGE_SIGN_HASH )
usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
if( usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags;
}