Skip to content

Commit

Permalink
Merge pull request #543 from LedgerHQ/pki-update
Browse files Browse the repository at this point in the history 
Allow any key ID value and key usage value
  • Loading branch information
@srasoamiaramanana-ledger
srasoamiaramanana-ledger authored Jan 27, 2025
2 parents 14ab1aa + c9726cc commit f279e30
Showing 1 changed file with 12 additions and 12 deletions.
24 changes: 12 additions & 12 deletions src/bolos/os_pki.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,10 +92,10 @@ uint32_t os_pki_check_value(uint8_t *certificate_value,
case CERTIFICATE_TAG_CHALLENGE:
break;
case CERTIFICATE_TAG_SIGNER_KEY_ID:
if ((U2BE(certificate_value, OS_PKI_TLV_VALUE_OFFSET) >=
C_os_pki_certificate_tag_info[tag].value) ||
(certificate_value[OS_PKI_TLV_LENGTH_OFFSET] !=
C_os_pki_certificate_tag_info[tag].field_len)) {
// Do not restrict Signer key ID value
// any new key ID added to SDK will be accepted
if (certificate_value[OS_PKI_TLV_LENGTH_OFFSET] !=
C_os_pki_certificate_tag_info[tag].field_len) {
return 0x4233;
}
os_pki.signer_id = U2BE(certificate_value, OS_PKI_TLV_VALUE_OFFSET);
Expand All @@ -116,10 +116,10 @@ uint32_t os_pki_check_value(uint8_t *certificate_value,
}
break;
case CERTIFICATE_TAG_PUBLIC_KEY_ID:
if ((U2BE(certificate_value, OS_PKI_TLV_VALUE_OFFSET) >=
C_os_pki_certificate_tag_info[tag].value) ||
(certificate_value[OS_PKI_TLV_LENGTH_OFFSET] !=
C_os_pki_certificate_tag_info[tag].field_len)) {
// Do not restrict public key ID value
// any new key ID added to SDK will be accepted
if (certificate_value[OS_PKI_TLV_LENGTH_OFFSET] !=
C_os_pki_certificate_tag_info[tag].field_len) {
return 0x4235;
}
break;
Expand All @@ -133,10 +133,10 @@ uint32_t os_pki_check_value(uint8_t *certificate_value,
os_pki.trusted_name_len = certificate_value[OS_PKI_TLV_LENGTH_OFFSET];
break;
case CERTIFICATE_TAG_PUBLIC_KEY_USAGE:
if ((certificate_value[OS_PKI_TLV_VALUE_OFFSET] >=
C_os_pki_certificate_tag_info[tag].value) ||
(certificate_value[OS_PKI_TLV_LENGTH_OFFSET] !=
C_os_pki_certificate_tag_info[tag].field_len)) {
// Do not restrict public key usage value
// any new key usage added to SDK will be accepted
if (certificate_value[OS_PKI_TLV_LENGTH_OFFSET] !=
C_os_pki_certificate_tag_info[tag].field_len) {
return 0x4236;
}
os_pki.key_usage = certificate_value[OS_PKI_TLV_VALUE_OFFSET];
Expand Down

0 comments on commit f279e30

Please sign in to comment.