Skip to content

Commit

Permalink
[nrf noup] Add ASN.1 bypass to bootutil_verify_img
Browse files Browse the repository at this point in the history
Allow ASN.1 bypass for image verification.

Signed-off-by: Dominik Ermel <[email protected]>
  • Loading branch information
de-nordic committed Oct 9, 2024
1 parent 36fc9d3 commit 8c99a50
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions boot/bootutil/src/image_ed25519.c
Original file line number Diff line number Diff line change
Expand Up @@ -143,11 +143,25 @@ bootutil_verify_img(const uint8_t *img, uint32_t size,
pubkey = (uint8_t *)bootutil_keys[key_id].key;
end = pubkey + *bootutil_keys[key_id].len;

#if !defined(MCUBOOT_KEY_IMPORT_BYPASS_ASN)
rc = bootutil_import_key(&pubkey, end);
if (rc) {
FIH_SET(fih_rc, FIH_FAILURE);
goto out;
}
#else
/* Directly use the key contents from the ASN stream,
* these are the last NUM_ED25519_BYTES.
* There is no check whether this is the correct key,
* here, by the algorithm selected.
*/
if (*bootutil_keys[key_id].len < NUM_ED25519_BYTES) {
FIH_SET(fih_rc, FIH_FAILURE);
goto out;
}

pubkey = end - NUM_ED25519_BYTES;
#endif

rc = ED25519_verify(img, size, sig, pubkey);

Expand Down

0 comments on commit 8c99a50

Please sign in to comment.