Home
last modified time | relevance | path

Searched refs:policy (Results 1 – 25 of 26) sorted by relevance

12

/mbedtls/library/
A Dpsa_crypto_storage.c231 uint8_t policy[sizeof(psa_key_policy_t)]; member
250 MBEDTLS_PUT_UINT32_LE(attr->policy.usage, storage_format->policy, 0); in psa_format_key_data_for_storage()
251 MBEDTLS_PUT_UINT32_LE(attr->policy.alg, storage_format->policy, sizeof(uint32_t)); in psa_format_key_data_for_storage()
252 MBEDTLS_PUT_UINT32_LE(attr->policy.alg2, storage_format->policy, 2 * sizeof(uint32_t)); in psa_format_key_data_for_storage()
310 attr->policy.usage = MBEDTLS_GET_UINT32_LE(storage_format->policy, 0); in psa_parse_key_data_from_storage()
311 attr->policy.alg = MBEDTLS_GET_UINT32_LE(storage_format->policy, sizeof(uint32_t)); in psa_parse_key_data_from_storage()
312 attr->policy.alg2 = MBEDTLS_GET_UINT32_LE(storage_format->policy, 2 * sizeof(uint32_t)); in psa_parse_key_data_from_storage()
A Dpsa_crypto.c1023 if (psa_key_algorithm_permits(key_type, policy->alg, alg) || in psa_key_policy_permits()
1024 psa_key_algorithm_permits(key_type, policy->alg2, alg)) { in psa_key_policy_permits()
1051 psa_key_policy_t *policy, in psa_restrict_key_policy() argument
1066 policy->usage &= constraint->usage; in psa_restrict_key_policy()
1067 policy->alg = intersection_alg; in psa_restrict_key_policy()
1068 policy->alg2 = intersection_alg2; in psa_restrict_key_policy()
1114 if ((slot->attr.policy.usage & usage) != usage) { in psa_get_and_lock_key_slot_with_policy()
1121 status = psa_key_policy_permits(&slot->attr.policy, in psa_get_and_lock_key_slot_with_policy()
1646 if ((policy->usage & ~(PSA_KEY_USAGE_EXPORT | in psa_validate_key_policy()
1703 status = psa_validate_key_policy(&attributes->policy); in psa_validate_key_attributes()
[all …]
A Dpsa_crypto_slot_management.c432 psa_extend_key_usage_flags(&(*p_slot)->attr.policy.usage); in psa_get_and_lock_key_slot()
/mbedtls/include/psa/
A Dcrypto_struct.h277 psa_key_policy_t MBEDTLS_PRIVATE(policy);
372 attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags; in psa_set_key_usage_flags()
378 return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage); in psa_get_key_usage_flags()
384 attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg; in psa_set_key_algorithm()
390 return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg); in psa_get_key_algorithm()
A Dcrypto_extra.h62 attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2; in psa_set_key_enrollment_algorithm()
74 return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2); in psa_get_key_enrollment_algorithm()
/mbedtls/docs/architecture/psa-migration/
A Dpsa-legacy-bridges.md127 Since there is no algorithm that can be used with multiple types, and PSA keys have a policy that (…
143 …s a `psa_key_type_t` value and an algorithm which is normally encoded as policy information in a `…
244 …psa_key_type_t` plus policy information? The two APIs are different in crucial ways, with differen…
259 …lexible, or just different usage policy, unlike the default-then-copy approach which only allows r…
261 …ly two algorithms, and also allows the caller to benefit from default for the policy in more cases.
283 * `mbedtls_pk_get_psa_attributes` sets the algorithm usage policy based on information in the key o…
284 …* For an RSA key with the `MBEDTLS_RSA_PKCS_V15` padding mode, the algorithm policy is `PSA_ALG_RS…
286 …hm policy is `PSA_ALG_DETERMINISTIC_ECDSA` if `MBEDTLS_ECDSA_DETERMINISTIC` is enabled and `PSA_AL…
293 * `mbedtls_pk_import_into_psa` does not check that the policy in the attributes is sensible. That's…
311policy (`psa_get_key_algorithm`) if that is a matching operation type (sign/verify, encrypt/decryp…
[all …]
/mbedtls/tests/suites/
A Dtest_suite_psa_crypto.data840 PSA key policy: MAC, alg=0 in policy
844 PSA key policy: MAC, ANY_HASH in policy is not meaningful
932 PSA key policy: cipher, alg=0 in policy
944 PSA key policy: AEAD, alg=0 in policy
960 PSA key policy: AEAD, tag length > min-length policy, CCM
964 PSA key policy: AEAD, tag length = min-length policy, CCM
1004 PSA key policy: AEAD, tag length > exact-length policy
1008 PSA key policy: AEAD, tag length = exact-length policy
1012 PSA key policy: AEAD, tag length < exact-length policy
1028 PSA key policy: asymmetric encryption, alg=0 in policy
[all …]
A Dtest_suite_oid.data1 OID get Any Policy certificate policy
4 OID get certificate policy invalid oid
7 OID get certificate policy wrong oid - id-ce-authorityKeyIdentifier
A Dtest_suite_psa_crypto_se_driver_hal_mocks.function372 TEST_ASSERT(mock_import_data.attributes.policy.usage ==
487 TEST_ASSERT(mock_generate_data.attributes.policy.usage ==
A Dtest_suite_x509parse.function328 /* Handle unknown certificate policy */
357 * Get the policy sequence
373 * Recognize exclusively the policy with OID 1
392 * Skip the optional policy qualifiers.
A Dtest_suite_x509parse.data165 X509 CRT information, RSA Certificate unsupported policy
169 X509 CRT information, ECDSA Certificate unsupported policy
2004 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid tag)
2008 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length missing)
2020 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, empty policy)
2024 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid OID tag)
2028 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy no OID length)
2430 X509 CRT ASN1 (Unsupported critical policy recognized by callback)
2434 X509 CRT ASN1 (Unsupported critical policy not recognized by callback)
2438 X509 CRT ASN1 (Unsupported non critical policy recognized by callback)
[all …]
A Dtest_suite_psa_crypto_persistent_key.function32 uint8_t policy[sizeof(psa_key_policy_t)];
A Dtest_suite_pk.data1065 PSA attributes for pk: opaque RSA pair, 0 & SIGN_MESSAGE (bad policy)
1100 PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_HASH (bad policy)
1105 # key's algorithm policy. Just this time, test with a few different algorithms.
1122 PSA attributes for pk: opaque RSA pair, 0 & DECRYPT (bad policy)
1154 PSA attributes for pk: opaque ECC pair, 0 & SIGN_MESSAGE (bad policy)
A Dtest_suite_pk.function570 /* Create a copy of a PSA key with same usage and algorithm policy and destroy
2654 /* Get the MD alg to be used for the tests below from the provided key policy. */
2661 * for the cases in which the key policy algorithm is ANY_HASH type. */
2721 * sign with PSA and verify with PK. Key's policy must include a valid hash
A Dtest_suite_psa_crypto.function1438 skc->attributes->policy.usage,
1439 skc->attributes->policy.alg, 1));
2537 * compatible with the policy and `payload_length_arg` is supposed to be
2539 * `exercise_alg` is supposed to be forbidden by the policy. */
2837 /* Test that the target slot has the expected content and policy. */
10322 /* Export the key if permitted by the key policy. */
10350 /* Export the key again if permitted by the key policy. */
/mbedtls/docs/architecture/
A Dmbed-crypto-storage-specification.md58 * policy usage flags (4 bytes): `psa_key_usage_t` value
59 * policy usage algorithm (4 bytes): `psa_algorithm_t` value
196 * A new policy field, marked as [NEW:1.1.0] below.
208 * policy usage flags (4 bytes): `psa_key_usage_t` value
209 * policy usage algorithm (4 bytes): `psa_algorithm_t` value
268 * policy usage flags (4 bytes): `psa_key_usage_t` value.
269 * policy usage algorithm (4 bytes): `psa_algorithm_t` value.
328 * policy usage flags (4 bytes): `psa_key_usage_t` value.
329 * policy usage algorithm (4 bytes): `psa_algorithm_t` value.
419 * policy usage flags (4 bytes): `psa_key_usage_t` value.
[all …]
A Dpsa-shared-memory.md60 …ion is not a valid signature (e.g. it could be a decryption), violating the RSA key's usage policy.
84 … the client a decryption oracle. This is a security violation if the key policy only allowed the c…
/mbedtls/
A DCMakeLists.txt25 # https://cmake.org/cmake/help/latest/policy/CMP0011.html
26 # Setting this policy is required in CMake >= 3.18.0, otherwise a warning is generated. The OLD
27 # policy setting is deprecated, and will be removed in future versions.
29 # https://cmake.org/cmake/help/latest/policy/CMP0012.html
30 # Setting the CMP0012 policy to NEW is required for FindPython3 to work with CMake 3.18.2
31 # (there is a bug in this particular version), otherwise, setting the CMP0012 policy is required
32 # for CMake versions >= 3.18.3 otherwise a deprecated warning is generated. The OLD policy setting
/mbedtls/tests/data_files/
A Dtest-ca.server1.opensslconf13 policy = policy_match
A Dtest-ca.server1.future-crl.opensslconf13 policy = policy_match
A Dtest-ca.server1.test_serial.opensslconf14 policy = policy_match
/mbedtls/tests/data_files/dir4/
A DReadme1 This directory contains the certificates for the tests targeting the enforcement of the policy indi…
/mbedtls/docs/architecture/psa-thread-safety/
A Dpsa-thread-safety.md17 - The core makes no additional guarantees for drivers. See [Driver policy](#driver-policy) for deta…
47 …API call completes in a finite number of steps regardless of the locking policy of the underlying …
99 ### Driver policy
337 A future policy we may wish to enforce for drivers is:
/mbedtls/docs/
A Dpsa-transition.md681 A key's policy indicates what algorithm(s) it can be used with (usage algorithm policy) and what op…
699 …be used to sign messages with multiple different hashes. In an algorithm policy, you can use [`PSA…
714 …se a private key for operations on the corresponding public key (as long as the policy permits it).
730 …se a private key for operations on the corresponding public key (as long as the policy permits it).
819 …oup__attributes_1gaffa134b74aa52aa3ed9397fcab4005aa) to change the key's policy (by default, it al…
899 …port_1ga668e35be8d2852ad3feeef74ac6f75bf). If the key is a key pair, its policy must allow `PSA_KE…
901 …port_1gaf22ae73312217aaede2ea02cdebb6062). This is always permitted regardless of the key's policy.
913 …or ECC key. The PK object can only be used as permitted by the PSA key's policy. The PK object con…
1203 …8e35be8d2852ad3feeef74ac6f75bf) on the key identifier. Note that the key policy must allow `PSA_KE…
1209 …8e35be8d2852ad3feeef74ac6f75bf) on the key identifier. Note that the key policy must allow `PSA_KE…
[all …]
/mbedtls/docs/proposed/
A Dpsa-driver-interface.md152 … macro that specifies a cryptographic algorithm or an algorithm wildcard policy defined by the PSA…
334 …que drivers; not permitted for transparent drivers): update the capacity policy on the operation. …
805 …ure that using it does not risk compromising B. This applies even if A's policy does not explicitl…

Completed in 190 milliseconds

12