bootutil: Add SHA-512 support to Ed25519

When Ed25519 signatures are used, the bootutil_verify_sig responsible for verifying a signature was expecting as argument the SHA-256 digest of the firmware image. This commit slightly modifies this routine to make possible to use Ed25519 with SHA-512 digests. Signed-off-by: Thomas Altenbach <thomas.altenbach@legrand.com>
mcu-tools · Sep 19, 2024 · e051c46 · e051c46
1 parent 553af34
commit e051c46
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/boot/bootutil/src/image_ed25519.c b/boot/bootutil/src/image_ed25519.c
@@ -17,6 +17,7 @@
 
 #include "bootutil_priv.h"
 #include "bootutil/crypto/common.h"
+#include "bootutil/crypto/sha.h"
 
 static const uint8_t ed25519_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x65\x70";
 #define NUM_ED25519_BYTES 32
@@ -73,7 +74,7 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
  uint8_t *pubkey;
  uint8_t *end;
 
- if (hlen != 32 || slen != 64) {
+ if (hlen != IMAGE_HASH_SIZE || slen != 64) {
  FIH_SET(fih_rc, FIH_FAILURE);
  goto out;
  }
@@ -87,7 +88,7 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
  goto out;
  }
 
- rc = ED25519_verify(hash, 32, sig, pubkey);
+ rc = ED25519_verify(hash, IMAGE_HASH_SIZE, sig, pubkey);
 
  if (rc == 0) {
  /* if verify returns 0, there was an error. */