Add PsaSignMessage and PsaVerifyMessage usage flags functions #83
Conversation
Signed-off-by: artur.kazimierski <[email protected]>
Signed-off-by: artur.kazimierski <[email protected]>
Signed-off-by: artur.kazimierski <[email protected]>
akazimierskigl
force-pushed
the
sign-verify-message-functions
branch
from
db55c1c
to
869111f
Compare
| if flags.sign_hash { | ||
| usage_flags |= psa_crypto_sys::PSA_KEY_USAGE_SIGN_HASH; | ||
| } | ||
| //if flags.verify_message { | ||
| //usage_flags |= psa_crypto_sys::PSA_KEY_USAGE_VERIFY_MESSAGE; |
There was a problem hiding this comment.
That was commented because the Mbed TLS version used by this crate does not support it, that's why the tests fail I think 😢
Very topical as this PR (Mbed-TLS/mbedtls#4357) seems to add it! Meanwhile I think this is fine to keep this commented.
The whole permissions around sign/very hash/message will need to be revamped as part of #82 anyway
Signed-off-by: artur.kazimierski <[email protected]>
psa-crypto/src/types/key.rs
Outdated
| @@ -113,6 +113,36 @@ impl Attributes { | |||
| } | |||
| } | |||
|
|
|||
| /// Check if a key has permission to sign a message | |||
| pub fn is_message_signable(self) -> bool { | |||
| self.policy.usage_flags.sign_hash & self.policy.usage_flags.sign_message | |||
There was a problem hiding this comment.
Shouldn't it be | here instead of &?
From the sign_hash explanation:
This flag automatically sets sign_message: if an application sets the flag sign_hash when creating a key, then the key always has the permissions conveyed by sign_message. For a key pair, this concerns the private key.
It means that a key can either have (ideally, this is currently not implemented, will be in #82):
sign_hashandsign_messagetofalsesign_hashandsign_messagetotruesign_hashtofalseandsign_messagetotrue
& would mean that 3 is not possible?
And same for verify. Not 100% sure so feel free to correct me!
There was a problem hiding this comment.
Yeah, that's true, I mis-remembered it the other way around - if you have sign_message you should also have sign_hash (since you're hashing the message and signing that...).
There was a problem hiding this comment.
So it is possible for scenario 3. to exist? If yes then it make sense to change it to |.
As Ionut metioned and from point of view of cryptoauthlib you always need to be able to sign hash to sign message.
There was a problem hiding this comment.
So it is possible for scenario 3. to exist?
From the PSA Crypto API, yes it is! The scenario sign_hash to true and sign_message to false is not possible.
Signed-off-by: artur.kazimierski <[email protected]>
New functions for checking usage flags for PsaSignMessage and PsaVerifyMessage.