PKI: EdDSA is supported only for descriptors verification

LedgerHQ · Jun 20, 2024 · 9df9fed · 9df9fed
1 parent a2586dc
commit 9df9fed
Showing 1 changed file with 18 additions and 19 deletions.
diff --git a/include/os_pki.h b/include/os_pki.h
@@ -121,31 +121,30 @@ enum {
 // clang-format off
 /** Array of field length and field maximum value corresponding to each tag */
 static const os_pki_certificate_tag_info_t C_os_pki_certificate_tag_info[] = {
- [CERTIFICATE_INFO_INDEX_STRUCTURE_TYPE] = {CERTIFICATE_STRUCTURE_TYPE_CERTIFICATE, 0x01 },
- [CERTIFICATE_INFO_INDEX_VERSION] = {CERTIFICATE_VERSION_UNKNOWN, 0x01 },
- [CERTIFICATE_INFO_INDEX_VALIDITY] = {CERTIFICATE_FIELD_UNKNOWN_VALUE, 0x04 },
- [CERTIFICATE_INFO_INDEX_VALIDITY_INDEX] = {CERTIFICATE_VALIDITY_INDEX, 0x04 },
- [CERTIFICATE_INFO_INDEX_CHALLENGE] = {CERTIFICATE_FIELD_UNKNOWN_VALUE, CERTIFICATE_FIELD_VAR_LEN},
- [CERTIFICATE_INFO_INDEX_SIGNER_KEY_ID] = {CERTIFICATE_KEY_ID_UNKNOWN, 0x02 },
- [CERTIFICATE_INFO_INDEX_SIGN_ALGO_ID] = {CERTIFICATE_SIGN_ALGO_ID_UNKNOWN,  0x01 },
- [CERTIFICATE_INFO_INDEX_TIME_VALIDITY] = {CERTIFICATE_FIELD_UNKNOWN_VALUE, 0x04 },
- [CERTIFICATE_INFO_INDEX_TRUSTED_NAME] = {CERTIFICATE_FIELD_UNKNOWN_VALUE, CERTIFICATE_FIELD_VAR_LEN},
- [CERTIFICATE_INFO_INDEX_PUBLIC_KEY_ID] = {CERTIFICATE_KEY_ID_UNKNOWN, 0x02 },
- [CERTIFICATE_INFO_INDEX_PUBLIC_KEY_USAGE] = {CERTIFICATE_PUBLIC_KEY_USAGE_UNKNOWN, 0x01 },
- [CERTIFICATE_INFO_INDEX_PUBLIC_KEY_CURVE_ID] = {CX_CURVE_TWISTED_EDWARDS_END, 0x01 },
- [CERTIFICATE_INFO_INDEX_COMPRESSED_PUBLIC_KEY] = {CERTIFICATE_FIELD_UNKNOWN_VALUE, CERTIFICATE_FIELD_VAR_LEN},
- [CERTIFICATE_INFO_INDEX_PK_SIGN_ALGO_ID] = {CERTIFICATE_SIGN_ALGO_ID_UNKNOWN, 0x01 },
- [CERTIFICATE_INFO_INDEX_TARGET_DEVICE] = {CERTIFICATE_TARGET_DEVICE_UNKNOWN, 0x01 },
- [CERTIFICATE_INFO_INDEX_SIGNATURE] = {CERTIFICATE_FIELD_UNKNOWN_VALUE, CERTIFICATE_FIELD_VAR_LEN},
- [CERTIFICATE_INFO_INDEX_DEPTH] = {CERTIFICATE_FIELD_UNKNOWN_VALUE, 0x01 },
+ [CERTIFICATE_INFO_INDEX_STRUCTURE_TYPE] = {CERTIFICATE_STRUCTURE_TYPE_CERTIFICATE,  0x01 },
+ [CERTIFICATE_INFO_INDEX_VERSION] = {CERTIFICATE_VERSION_UNKNOWN,  0x01 },
+ [CERTIFICATE_INFO_INDEX_VALIDITY] = {CERTIFICATE_FIELD_UNKNOWN_VALUE,  0x04 },
+ [CERTIFICATE_INFO_INDEX_VALIDITY_INDEX] = {CERTIFICATE_VALIDITY_INDEX,  0x04 },
+ [CERTIFICATE_INFO_INDEX_CHALLENGE] = {CERTIFICATE_FIELD_UNKNOWN_VALUE,  CERTIFICATE_FIELD_VAR_LEN},
+ [CERTIFICATE_INFO_INDEX_SIGNER_KEY_ID] = {CERTIFICATE_KEY_ID_UNKNOWN,  0x02 },
+ [CERTIFICATE_INFO_INDEX_SIGN_ALGO_ID] = {CERTIFICATE_SIGN_ALGO_ID_ECDSA_RIPEMD160, 0x01 },
+ [CERTIFICATE_INFO_INDEX_TIME_VALIDITY] = {CERTIFICATE_FIELD_UNKNOWN_VALUE,  0x04 },
+ [CERTIFICATE_INFO_INDEX_TRUSTED_NAME] = {CERTIFICATE_FIELD_UNKNOWN_VALUE,  CERTIFICATE_FIELD_VAR_LEN},
+ [CERTIFICATE_INFO_INDEX_PUBLIC_KEY_ID] = {CERTIFICATE_KEY_ID_UNKNOWN,  0x02 },
+ [CERTIFICATE_INFO_INDEX_PUBLIC_KEY_USAGE] = {CERTIFICATE_PUBLIC_KEY_USAGE_UNKNOWN,  0x01 },
+ [CERTIFICATE_INFO_INDEX_PUBLIC_KEY_CURVE_ID] = {CX_CURVE_TWISTED_EDWARDS_END,  0x01 },
+ [CERTIFICATE_INFO_INDEX_COMPRESSED_PUBLIC_KEY] = {CERTIFICATE_FIELD_UNKNOWN_VALUE,  CERTIFICATE_FIELD_VAR_LEN},
+ [CERTIFICATE_INFO_INDEX_PK_SIGN_ALGO_ID] = {CERTIFICATE_SIGN_ALGO_ID_UNKNOWN,  0x01 },
+ [CERTIFICATE_INFO_INDEX_TARGET_DEVICE] = {CERTIFICATE_TARGET_DEVICE_UNKNOWN,  0x01 },
+ [CERTIFICATE_INFO_INDEX_SIGNATURE] = {CERTIFICATE_FIELD_UNKNOWN_VALUE,  CERTIFICATE_FIELD_VAR_LEN},
+ [CERTIFICATE_INFO_INDEX_DEPTH] = {CERTIFICATE_FIELD_UNKNOWN_VALUE,  0x01 },
 };
 
 static const cx_md_t C_os_sign_algo_hash_info[] = {
  [CERTIFICATE_SIGN_ALGO_ID_ECDSA_SHA256] = CX_SHA256,
  [CERTIFICATE_SIGN_ALGO_ID_ECDSA_SHA3_256] = CX_SHA3_256,
  [CERTIFICATE_SIGN_ALGO_ID_ECDSA_KECCAK_256] = CX_KECCAK,
- [CERTIFICATE_SIGN_ALGO_ID_ECDSA_RIPEMD160] = CX_RIPEMD160,
- [CERTIFICATE_SIGN_ALGO_ID_EDDSA_SHA512] = CX_SHA512
+ [CERTIFICATE_SIGN_ALGO_ID_ECDSA_RIPEMD160] = CX_RIPEMD160
 };
 // clang-format on