lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-12-24 17:41:01 +03:00
Code Activity

add policy checks

Browse Source
This commit is contained in:
mohammad1603
2018-06-04 14:33:19 +03:00
committed by itayzafrir
parent 96910d807e
commit f14394b25f
2 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
library/psa_crypto.c
View File

@@ -1505,7 +1505,8 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key,
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
//TODO: check key policy
if( !( slot->policy.usage & PSA_KEY_USAGE_ENCRYPT ) )
return( PSA_ERROR_NOT_PERMITTED );
if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) != PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
return( PSA_ERROR_INVALID_ARGUMENT );
@@ -1644,7 +1645,9 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key,
cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, &cipher_id );
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
//TODO: check key policy
if( !( slot->policy.usage & PSA_KEY_USAGE_DECRYPT ) )
return( PSA_ERROR_NOT_PERMITTED );
if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC
&& PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == cipher_info->block_size ) )