mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-15 23:42:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add policy checks

Browse Source
This commit is contained in:
mohammad1603 2018-06-04 14:33:19 +03:00 committed by itayzafrir
parent 96910d807e
commit f14394b25f
2 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
library/psa_crypto.c
View File

@ -1505,7 +1505,8 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key,
if( cipher_info == NULL ) if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED ); return( PSA_ERROR_NOT_SUPPORTED );
//TODO: check key policy if( !( slot->policy.usage & PSA_KEY_USAGE_ENCRYPT ) )
return( PSA_ERROR_NOT_PERMITTED );
if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) != PSA_KEY_TYPE_CATEGORY_SYMMETRIC ) if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) != PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
@ -1644,7 +1645,9 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key,
cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, &cipher_id ); cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, &cipher_id );
if( cipher_info == NULL ) if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED ); return( PSA_ERROR_NOT_SUPPORTED );
//TODO: check key policy
if( !( slot->policy.usage & PSA_KEY_USAGE_DECRYPT ) )
return( PSA_ERROR_NOT_PERMITTED );
if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC
&& PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == cipher_info->block_size ) ) && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == cipher_info->block_size ) )

14
tests/suites/test_suite_psa_crypto.function
View File

@ -598,6 +598,7 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex,
size_t additional_data_length = 0; size_t additional_data_length = 0;
size_t i = 0; size_t i = 0;
psa_status_t expected_result = (psa_status_t) expected_result_arg; psa_status_t expected_result = (psa_status_t) expected_result_arg;
psa_key_policy_t policy = {0};
key_data = unhexify_alloc( key_hex, &key_size ); key_data = unhexify_alloc( key_hex, &key_size );
@ -619,6 +620,12 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex,
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT , alg );
TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
TEST_ASSERT( psa_import_key( slot, key_type, TEST_ASSERT( psa_import_key( slot, key_type,
key_data, key_size ) == PSA_SUCCESS ); key_data, key_size ) == PSA_SUCCESS );
@ -679,6 +686,7 @@ void aead_encrypt( int key_type_arg, char * key_hex,
size_t tag_length = 16; size_t tag_length = 16;
unsigned char *additional_data = NULL; unsigned char *additional_data = NULL;
size_t additional_data_length = 0; size_t additional_data_length = 0;
psa_key_policy_t policy = {0};
key_data = unhexify_alloc( key_hex, &key_size ); key_data = unhexify_alloc( key_hex, &key_size );
@ -697,6 +705,12 @@ void aead_encrypt( int key_type_arg, char * key_hex,
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT , alg );
TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
TEST_ASSERT( psa_import_key( slot, key_type, TEST_ASSERT( psa_import_key( slot, key_type,
key_data, key_size ) == PSA_SUCCESS ); key_data, key_size ) == PSA_SUCCESS );