Skip to content

Commit 2baa48b

Browse files
committed
[nrf noup] bootutil: set RSA key bits for PSA OAEP decrypt
PSA Core Lite does not infer key size from imported DER. Set psa_set_key_bits() before psa_import_key() so bootutil_rsa_oaep_decrypt accepts RSA-2048 ciphertext when validating encrypted firmware images. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
1 parent 65ada4b commit 2baa48b

1 file changed

Lines changed: 5 additions & 0 deletions

File tree

  • boot/bootutil/include/bootutil/crypto

boot/bootutil/include/bootutil/crypto/rsa.h

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,11 @@ bootutil_rsa_parse_private_key(bootutil_rsa_context *ctx, uint8_t **p, uint8_t *
121121
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DECRYPT);
122122
psa_set_key_algorithm(&key_attributes, PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256));
123123
psa_set_key_type(&key_attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
124+
#if defined(MCUBOOT_SIGN_RSA_LEN)
125+
psa_set_key_bits(&key_attributes, MCUBOOT_SIGN_RSA_LEN);
126+
#else
127+
psa_set_key_bits(&key_attributes, 2048);
128+
#endif
124129

125130
status = psa_import_key(&key_attributes, *p, (end - *p), &ctx->key_id);
126131
return (int)status;

0 commit comments

Comments
 (0)