From 86bf0087823cf45f723df42b07678293098b0eab Mon Sep 17 00:00:00 2001
From: gabor-mezei-arm <gabor.mezei@arm.com>
Date: Thu, 29 Apr 2021 15:57:57 +0200
Subject: [PATCH] Extend PSA_USAGE_SIGN/VERIFY_HASH key policies

According to the PSA specification the PSA_USAGE_SIGN_HASH has the
permission to sign a message as PSA_USAGE_SIGN_MESSAGE. Similarly the
PSA_USAGE_VERIFY_HASH has the permission to verify a message as
PSA_USAGE_VERIFY_MESSAGE. These permission will also be present when
the application queries the usage flags of the key.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
---
 include/psa/crypto_struct.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 0b49a217e5..be89f289f8 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -395,6 +395,12 @@ static inline psa_key_lifetime_t psa_get_key_lifetime(
 static inline void psa_set_key_usage_flags( psa_key_attributes_t *attributes,
                                            psa_key_usage_t usage_flags )
 {
+    if( usage_flags & PSA_KEY_USAGE_SIGN_HASH )
+        usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
+
+    if( usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
+        usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
+
     attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags;
 }