bootutil: Add SHA-512 support to Ed25519 (a5f28c13) · Commits · Wenxi XU / Mcuboot

When Ed25519 signatures are used, the bootutil_verify_sig responsible for verifying a signature was expecting as argument the SHA-256 digest of the firmware image. This commit slightly modifies this routine to make possible to use Ed25519 with SHA-512 digests. Signed-off-by:

Thomas Altenbach <thomas.altenbach@legrand.com>

boot/bootutil/src/image_ed25519.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -17,6 +17,7 @@

		#include "bootutil_priv.h"
		#include "bootutil/crypto/common.h"
		#include "bootutil/crypto/sha.h"

		static const uint8_t ed25519_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x65\x70";
		#define NUM_ED25519_BYTES 32
		@@ -73,7 +74,7 @@ bootutil_verify_sig(uint8_t hash, uint32_t hlen, uint8_t sig, size_t slen,
		uint8_t *pubkey;
		uint8_t *end;

		if (hlen != 32 \|\| slen != 64) {
		if (hlen != IMAGE_HASH_SIZE \|\| slen != 64) {
		FIH_SET(fih_rc, FIH_FAILURE);
		goto out;
		}
		@@ -87,7 +88,7 @@ bootutil_verify_sig(uint8_t hash, uint32_t hlen, uint8_t sig, size_t slen,
		goto out;
		}

		rc = ED25519_verify(hash, 32, sig, pubkey);
		rc = ED25519_verify(hash, IMAGE_HASH_SIZE, sig, pubkey);

		if (rc == 0) {
		/* if verify returns 0, there was an error. */

Admin message