bootutil: Add SHA-512 support to Ed25519

When Ed25519 signatures are used, the bootutil_verify_sig responsible for verifying a signature was expecting as argument the SHA-256 digest of the firmware image. This commit slightly modifies this routine to make possible to use Ed25519 with SHA-512 digests. Signed-off-by: Thomas Altenbach <thomas.altenbach@legrand.com>
mcu-tools · Oct 10, 2024 · a5f28c1 · a5f28c1
1 parent 601463d
commit a5f28c1
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/boot/bootutil/src/image_ed25519.c b/boot/bootutil/src/image_ed25519.c
@@ -17,6 +17,7 @@
 
 #include "bootutil_priv.h"
 #include "bootutil/crypto/common.h"
+#include "bootutil/crypto/sha.h"
 
 static const uint8_t ed25519_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x65\x70";
 #define NUM_ED25519_BYTES 32
@@ -73,7 +74,7 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
     uint8_t *pubkey;
     uint8_t *end;
 
-    if (hlen != 32 || slen != 64) {
+    if (hlen != IMAGE_HASH_SIZE || slen != 64) {
         FIH_SET(fih_rc, FIH_FAILURE);
         goto out;
     }
@@ -87,7 +88,7 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
         goto out;
     }
 
-    rc = ED25519_verify(hash, 32, sig, pubkey);
+    rc = ED25519_verify(hash, IMAGE_HASH_SIZE, sig, pubkey);
 
     if (rc == 0) {
         /* if verify returns 0, there was an error. */