bootutil: Replace bootutil_verify_img with bootutil_verify_sig

de-nordic · de-nordic · commit 7cdb50ccb867 · 2025-11-21T15:43:42.000Z
With small changes the bootutil_verify_sig can now be used
for the same purpose as bootutil_verify_img.

Signed-off-by: Dominik Ermel &lt;dominik.ermel@nordicsemi.no&gt;
diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h
@@ -281,10 +281,13 @@ struct boot_sector_buffer {
 #endif
 };
 
-/* The function is intended for verification of image hash against
- * provided signature.
+/* The function is intended for verification of message hash against
+ * provided signature. If MCUBOOT_SIGN_PURE is enabled the function
+ * expects msg to point to image to verify signature over, and mlen
+ * is image size; otherwise msg is expected  to be pointer to hash of
+ * an image and mlen to length of the hash.
  */
-fih_ret bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig,
+fih_ret bootutil_verify_sig(uint8_t *msg, uint32_t mlen, uint8_t *sig,
                             size_t slen, uint8_t key_id);
 
 /* The function is intended for direct verification of image
diff --git a/boot/bootutil/src/image_ed25519.c b/boot/bootutil/src/image_ed25519.c
@@ -141,28 +141,30 @@ bootutil_verify(uint8_t *buf, uint32_t blen,
     FIH_RET(fih_rc);
 }
 
-/* Hash signature verification function.
- * Verifies hash against provided signature.
- * The function verifies that hash is of expected size and then
- * calls bootutil_verify to do the signature verification.
+/* Signature verification function.
+ * Verifies message with provided signature.
+ * When compiled without  MCUBOOT_SIGN_PURE, the function expects
+ * msg to be hash of expected size.
  */
 fih_ret
-bootutil_verify_sig(uint8_t *hash, uint32_t hlen,
+bootutil_verify_sig(uint8_t *msg, uint32_t mlen,
                     uint8_t *sig, size_t slen,
                     uint8_t key_id)
 {
     FIH_DECLARE(fih_rc, FIH_FAILURE);
 
     BOOT_LOG_DBG("bootutil_verify_sig: ED25519 key_id %d", (int)key_id);
 
-    if (hlen != IMAGE_HASH_SIZE) {
-        BOOT_LOG_DBG("bootutil_verify_sig: expected hlen %d, got %d",
-                     IMAGE_HASH_SIZE, hlen);
+#if !defined(MCUBOOT_SIGN_PURE)
+    if (mlen != IMAGE_HASH_SIZE) {
+        BOOT_LOG_DBG("bootutil_verify_sig: expected hash len %d, got %d",
+                     IMAGE_HASH_SIZE, mlen);
         FIH_SET(fih_rc, FIH_FAILURE);
         goto out;
     }
+#endif
 
-    FIH_CALL(bootutil_verify, fih_rc, hash, IMAGE_HASH_SIZE, sig,
+    FIH_CALL(bootutil_verify, fih_rc, msg, mlen, sig,
              slen, key_id);
 
 out:
diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
@@ -422,7 +422,7 @@ bootutil_img_validate(struct boot_loader_state *state,
              * a device to memory. The pointer is beginning of image in flash,
              * so offset of area, the range is header + image + protected tlvs.
              */
-            FIH_CALL(bootutil_verify_img, valid_signature, (void *)(base + flash_area_get_off(fap)),
+            FIH_CALL(bootutil_verify_sig, valid_signature, (void *)(base + flash_area_get_off(fap)),
                      hdr->ih_hdr_size + hdr->ih_img_size + hdr->ih_protect_tlv_size,
                      buf, len, key_id);
 #endif
