Skip to content

Commit ff37a06

Browse files
srasoamiaramanana-ledgersrasoamiaramanana-ledger
committed
Allow any key ID value and key usage value
1 parent 68d20b7 commit ff37a06

File tree

1 file changed

+12
-12
lines changed

1 file changed

+12
-12
lines changed

src/bolos/os_pki.c

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -92,10 +92,10 @@ uint32_t os_pki_check_value(uint8_t *certificate_value,
9292
case CERTIFICATE_TAG_CHALLENGE:
9393
break;
9494
case CERTIFICATE_TAG_SIGNER_KEY_ID:
95-
if ((U2BE(certificate_value, OS_PKI_TLV_VALUE_OFFSET) >=
96-
C_os_pki_certificate_tag_info[tag].value) ||
97-
(certificate_value[OS_PKI_TLV_LENGTH_OFFSET] !=
98-
C_os_pki_certificate_tag_info[tag].field_len)) {
95+
// Do not restrict Signer key ID value
96+
// any new key ID added to SDK will be accepted
97+
if (certificate_value[OS_PKI_TLV_LENGTH_OFFSET] !=
98+
C_os_pki_certificate_tag_info[tag].field_len) {
9999
return 0x4233;
100100
}
101101
os_pki.signer_id = U2BE(certificate_value, OS_PKI_TLV_VALUE_OFFSET);
@@ -116,10 +116,10 @@ uint32_t os_pki_check_value(uint8_t *certificate_value,
116116
}
117117
break;
118118
case CERTIFICATE_TAG_PUBLIC_KEY_ID:
119-
if ((U2BE(certificate_value, OS_PKI_TLV_VALUE_OFFSET) >=
120-
C_os_pki_certificate_tag_info[tag].value) ||
121-
(certificate_value[OS_PKI_TLV_LENGTH_OFFSET] !=
122-
C_os_pki_certificate_tag_info[tag].field_len)) {
119+
// Do not restrict public key ID value
120+
// any new key ID added to SDK will be accepted
121+
if (certificate_value[OS_PKI_TLV_LENGTH_OFFSET] !=
122+
C_os_pki_certificate_tag_info[tag].field_len) {
123123
return 0x4235;
124124
}
125125
break;
@@ -133,10 +133,10 @@ uint32_t os_pki_check_value(uint8_t *certificate_value,
133133
os_pki.trusted_name_len = certificate_value[OS_PKI_TLV_LENGTH_OFFSET];
134134
break;
135135
case CERTIFICATE_TAG_PUBLIC_KEY_USAGE:
136-
if ((certificate_value[OS_PKI_TLV_VALUE_OFFSET] >=
137-
C_os_pki_certificate_tag_info[tag].value) ||
138-
(certificate_value[OS_PKI_TLV_LENGTH_OFFSET] !=
139-
C_os_pki_certificate_tag_info[tag].field_len)) {
136+
// Do not restrict public key usage value
137+
// any new key usage added to SDK will be accepted
138+
if (certificate_value[OS_PKI_TLV_LENGTH_OFFSET] !=
139+
C_os_pki_certificate_tag_info[tag].field_len) {
140140
return 0x4236;
141141
}
142142
os_pki.key_usage = certificate_value[OS_PKI_TLV_VALUE_OFFSET];

0 commit comments

Comments
 (0)