Home
last modified time | relevance | path

Searched refs:policy (Results 1 – 22 of 22) sorted by relevance

/mbedtls-latest/library/
Dpsa_crypto_storage.c231 uint8_t policy[sizeof(psa_key_policy_t)]; member
250 MBEDTLS_PUT_UINT32_LE(attr->policy.usage, storage_format->policy, 0); in psa_format_key_data_for_storage()
251 MBEDTLS_PUT_UINT32_LE(attr->policy.alg, storage_format->policy, sizeof(uint32_t)); in psa_format_key_data_for_storage()
252 MBEDTLS_PUT_UINT32_LE(attr->policy.alg2, storage_format->policy, 2 * sizeof(uint32_t)); in psa_format_key_data_for_storage()
310 attr->policy.usage = MBEDTLS_GET_UINT32_LE(storage_format->policy, 0); in psa_parse_key_data_from_storage()
311 attr->policy.alg = MBEDTLS_GET_UINT32_LE(storage_format->policy, sizeof(uint32_t)); in psa_parse_key_data_from_storage()
312 attr->policy.alg2 = MBEDTLS_GET_UINT32_LE(storage_format->policy, 2 * sizeof(uint32_t)); in psa_parse_key_data_from_storage()
Dpsa_crypto.c1020 static psa_status_t psa_key_policy_permits(const psa_key_policy_t *policy, in psa_key_policy_permits() argument
1034 if (psa_key_algorithm_permits(key_type, policy->alg, alg) || in psa_key_policy_permits()
1035 psa_key_algorithm_permits(key_type, policy->alg2, alg)) { in psa_key_policy_permits()
1062 psa_key_policy_t *policy, in psa_restrict_key_policy() argument
1066 psa_key_policy_algorithm_intersection(key_type, policy->alg, in psa_restrict_key_policy()
1069 psa_key_policy_algorithm_intersection(key_type, policy->alg2, in psa_restrict_key_policy()
1071 if (intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0) { in psa_restrict_key_policy()
1074 if (intersection_alg2 == 0 && policy->alg2 != 0 && constraint->alg2 != 0) { in psa_restrict_key_policy()
1077 policy->usage &= constraint->usage; in psa_restrict_key_policy()
1078 policy->alg = intersection_alg; in psa_restrict_key_policy()
[all …]
Dpsa_crypto_slot_management.c870 psa_extend_key_usage_flags(&(*p_slot)->attr.policy.usage); in psa_get_and_lock_key_slot()
/mbedtls-latest/include/psa/
Dcrypto_struct.h303 psa_key_policy_t MBEDTLS_PRIVATE(policy);
398 attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags; in psa_set_key_usage_flags()
404 return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage); in psa_get_key_usage_flags()
410 attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg; in psa_set_key_algorithm()
416 return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg); in psa_get_key_algorithm()
Dcrypto_extra.h72 attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2; in psa_set_key_enrollment_algorithm()
84 return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2); in psa_get_key_enrollment_algorithm()
/mbedtls-latest/docs/architecture/psa-migration/
Dpsa-legacy-bridges.md127 Since there is no algorithm that can be used with multiple types, and PSA keys have a policy that (…
143 …s a `psa_key_type_t` value and an algorithm which is normally encoded as policy information in a `…
244 …psa_key_type_t` plus policy information? The two APIs are different in crucial ways, with differen…
251 …creates the PSA key needs extra information to indicate which algorithm to put in the key's policy.
259 …lexible, or just different usage policy, unlike the default-then-copy approach which only allows r…
261 …ly two algorithms, and also allows the caller to benefit from default for the policy in more cases.
275 …the lifetime-related alone, since its job is to set the type-related and policy-related attributes.
283 * `mbedtls_pk_get_psa_attributes` sets the algorithm usage policy based on information in the key o…
284 …* For an RSA key with the `MBEDTLS_RSA_PKCS_V15` padding mode, the algorithm policy is `PSA_ALG_RS…
285 …* For an RSA key with the `MBEDTLS_RSA_PKCS_V21` padding mode, the algorithm policy is `PSA_ALG_RS…
[all …]
/mbedtls-latest/tests/suites/
Dtest_suite_psa_crypto.data355 PSA import/export AES key: policy forbids export
359 PSA import/export HMAC key: policy forbids export
363 PSA import/export RSA keypair: policy forbids export (crypt)
367 PSA import/export RSA keypair: policy forbids export (sign)
483 PSA import/export AES key: policy forbids export, opaque
487 PSA import/export HMAC key: policy forbids export, opaque
491 PSA import/export RSA keypair: policy forbids export (crypt), opaque
495 PSA import/export RSA keypair: policy forbids export (sign), opaque
765 PSA key policy: AES ECB
769 PSA key policy: AES CBC
[all …]
Dtest_suite_oid.data1 OID get Any Policy certificate policy
4 OID get certificate policy invalid oid
7 OID get certificate policy wrong oid - id-ce-authorityKeyIdentifier
Dtest_suite_psa_crypto_se_driver_hal_mocks.function372 TEST_ASSERT(mock_import_data.attributes.policy.usage ==
487 TEST_ASSERT(mock_generate_data.attributes.policy.usage ==
Dtest_suite_x509parse.function332 /* Handle unknown certificate policy */
361 * Get the policy sequence
377 * Recognize exclusively the policy with OID 1
396 * Skip the optional policy qualifiers.
Dtest_suite_x509parse.data165 X509 CRT information, RSA Certificate unsupported policy
169 X509 CRT information, ECDSA Certificate unsupported policy
2004 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid tag)
2008 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length missing)
2012 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length inv encoding)
2016 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length out of bounds)
2020 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, empty policy)
2024 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid OID tag)
2028 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy no OID length)
2032 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length inv encoding)
[all …]
Dtest_suite_psa_crypto_persistent_key.function32 uint8_t policy[sizeof(psa_key_policy_t)];
Dtest_suite_pk.data1065 PSA attributes for pk: opaque RSA pair, 0 & SIGN_MESSAGE (bad policy)
1100 PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_HASH (bad policy)
1105 # key's algorithm policy. Just this time, test with a few different algorithms.
1122 PSA attributes for pk: opaque RSA pair, 0 & DECRYPT (bad policy)
1154 PSA attributes for pk: opaque ECC pair, 0 & SIGN_MESSAGE (bad policy)
Dtest_suite_psa_crypto.function1417 skc->attributes->policy.usage,
1418 skc->attributes->policy.alg, 1));
2517 * compatible with the policy and `payload_length_arg` is supposed to be
2519 * `exercise_alg` is supposed to be forbidden by the policy. */
2817 /* Test that the target slot has the expected content and policy. */
10438 /* Export the key if permitted by the key policy. */
10466 /* Export the key again if permitted by the key policy. */
Dtest_suite_pk.function619 /* Create a copy of a PSA key with same usage and algorithm policy and destroy
/mbedtls-latest/docs/architecture/
Dmbed-crypto-storage-specification.md58 * policy usage flags (4 bytes): `psa_key_usage_t` value
59 * policy usage algorithm (4 bytes): `psa_algorithm_t` value
196 * A new policy field, marked as [NEW:1.1.0] below.
208 * policy usage flags (4 bytes): `psa_key_usage_t` value
209 * policy usage algorithm (4 bytes): `psa_algorithm_t` value
210 * policy enrollment algorithm (4 bytes): `psa_algorithm_t` value [NEW:1.1.0]
268 * policy usage flags (4 bytes): `psa_key_usage_t` value.
269 * policy usage algorithm (4 bytes): `psa_algorithm_t` value.
270 * policy enrollment algorithm (4 bytes): `psa_algorithm_t` value.
328 * policy usage flags (4 bytes): `psa_key_usage_t` value.
[all …]
Dpsa-shared-memory.md60 …ion is not a valid signature (e.g. it could be a decryption), violating the RSA key's usage policy.
84 … the client a decryption oracle. This is a security violation if the key policy only allowed the c…
/mbedtls-latest/
DCMakeLists.txt29 # https://cmake.org/cmake/help/latest/policy/CMP0011.html
30 # Setting this policy is required in CMake >= 3.18.0, otherwise a warning is generated. The OLD
31 # policy setting is deprecated, and will be removed in future versions.
33 # https://cmake.org/cmake/help/latest/policy/CMP0012.html
34 # Setting the CMP0012 policy to NEW is required for FindPython3 to work with CMake 3.18.2
35 # (there is a bug in this particular version), otherwise, setting the CMP0012 policy is required
36 # for CMake versions >= 3.18.3 otherwise a deprecated warning is generated. The OLD policy setting
DChangeLog1536 This fixes a potential policy bypass or decryption oracle vulnerability
1540 from the output buffer. This fixes a potential policy bypass or decryption
2109 * Implicitly add PSA_KEY_USAGE_SIGN_MESSAGE key usage policy flag when
2158 * In the PSA API, the policy for a MAC or AEAD algorithm can specify a
2958 * Add the Any Policy certificate policy oid, as defined in
2963 * Add the oid certificate policy x509 extension.
2973 RFC 5280 section 4.2.1.4. Currently, only the "Any Policy" policy is
/mbedtls-latest/docs/architecture/psa-thread-safety/
Dpsa-thread-safety.md17 - The core makes no additional guarantees for drivers. See [Driver policy](#driver-policy) for deta…
47 …API call completes in a finite number of steps regardless of the locking policy of the underlying …
99 ### Driver policy
337 A future policy we may wish to enforce for drivers is:
/mbedtls-latest/docs/
Dpsa-transition.md351 … the flag mask `PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT`. The same policy flags cover authen…
681 A key's policy indicates what algorithm(s) it can be used with (usage algorithm policy) and what op…
699 …be used to sign messages with multiple different hashes. In an algorithm policy, you can use [`PSA…
714 …se a private key for operations on the corresponding public key (as long as the policy permits it).
730 …se a private key for operations on the corresponding public key (as long as the policy permits it).
819 …oup__attributes_1gaffa134b74aa52aa3ed9397fcab4005aa) to change the key's policy (by default, it al…
895policy from its attributes with [`psa_get_key_usage_flags`](https://mbed-tls.readthedocs.io/projec…
899 …port_1ga668e35be8d2852ad3feeef74ac6f75bf). If the key is a key pair, its policy must allow `PSA_KE…
901 …port_1gaf22ae73312217aaede2ea02cdebb6062). This is always permitted regardless of the key's policy.
913 …or ECC key. The PK object can only be used as permitted by the PSA key's policy. The PK object con…
[all …]
/mbedtls-latest/docs/proposed/
Dpsa-driver-interface.md152 … macro that specifies a cryptographic algorithm or an algorithm wildcard policy defined by the PSA…
334 …que drivers; not permitted for transparent drivers): update the capacity policy on the operation. …
805 …ure that using it does not risk compromising B. This applies even if A's policy does not explicitl…