PureEdDSA and support for calculating SHA directly on device

boot/bootutil/include/bootutil/crypto/sha.h

@@ -69,7 +69,11 @@
 #endif /* MCUBOOT_USE_MBED_TLS */
 
 #if defined(MCUBOOT_USE_TINYCRYPT)
+#if defined(MCUBOOT_SHA512)
+    #include <tinycrypt/sha512.h>
+#else
     #include <tinycrypt/sha256.h>
+#endif
     #include <tinycrypt/constants.h>
 #endif /* MCUBOOT_USE_TINYCRYPT */
 
@@ -192,11 +196,19 @@ static inline int bootutil_sha_finish(bootutil_sha_context *ctx,
 #endif /* MCUBOOT_USE_MBED_TLS */
 
 #if defined(MCUBOOT_USE_TINYCRYPT)
+#if defined(MCUBOOT_SHA512)
+typedef struct tc_sha512_state_struct bootutil_sha_context;
+#else
 typedef struct tc_sha256_state_struct bootutil_sha_context;
+#endif
 
 static inline int bootutil_sha_init(bootutil_sha_context *ctx)
 {
+#if defined(MCUBOOT_SHA512)
+    tc_sha512_init(ctx);
+#else
     tc_sha256_init(ctx);
+#endif
     return 0;
 }
 
@@ -210,13 +222,21 @@ static inline int bootutil_sha_update(bootutil_sha_context *ctx,
                                       const void *data,
                                       uint32_t data_len)
 {
+#if defined(MCUBOOT_SHA512)
+    return tc_sha512_update(ctx, data, data_len);
+#else
     return tc_sha256_update(ctx, data, data_len);
+#endif
 }
 
 static inline int bootutil_sha_finish(bootutil_sha_context *ctx,
                                       uint8_t *output)
 {
+#if defined(MCUBOOT_SHA512)
+    return tc_sha512_final(output, ctx);
+#else
     return tc_sha256_final(output, ctx);
+#endif
 }
 #endif /* MCUBOOT_USE_TINYCRYPT */
 

boot/bootutil/src/bootutil_priv.h

@@ -265,9 +265,18 @@ struct boot_loader_state {
 #endif /* MCUBOOT_DIRECT_XIP || MCUBOOT_RAM_LOAD */
 };
 
+/* The function is intended for verification of image hash against
+ * provided signature.
+ */
 fih_ret bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig,
                             size_t slen, uint8_t key_id);
 
+/* The function is intended for direct verification of image
+ * against provided signature.
+ */
+fih_ret bootutil_verify_img(uint8_t *img, uint32_t size,
+                            uint8_t *sig, size_t slen, uint8_t key_id);
+
 fih_ret boot_fih_memequal(const void *s1, const void *s2, size_t n);
 
 int boot_find_status(int image_index, const struct flash_area **fap);

boot/bootutil/src/image_ed25519.c

@@ -19,12 +19,14 @@
 #include "bootutil/crypto/common.h"
 #include "bootutil/crypto/sha.h"
 
+#define EDDSA_SIGNATURE_LENGTH 64
+
 static const uint8_t ed25519_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x65\x70";
 #define NUM_ED25519_BYTES 32
 
 extern int ED25519_verify(const uint8_t *message, size_t message_len,
-                          const uint8_t signature[64],
-                          const uint8_t public_key[32]);
+                          const uint8_t signature[EDDSA_SIGNATURE_LENGTH],
+                          const uint8_t public_key[NUM_ED25519_BYTES]);
 
 /*
  * Parse the public key used for signing.
@@ -65,16 +67,23 @@ bootutil_import_key(uint8_t **cp, uint8_t *end)
     return 0;
 }
 
-fih_ret
-bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
-  uint8_t key_id)
+/* Signature verification base function.
+ * The function takes buffer of specified length and tries to verify
+ * it against provided signature.
+ * The function does key import and checks whether signature is
+ * of expected length.
+ */
+static fih_ret
+bootutil_verify(uint8_t *buf, uint32_t blen,
+                uint8_t *sig, size_t slen,
+                uint8_t key_id)
 {
     int rc;
     FIH_DECLARE(fih_rc, FIH_FAILURE);
     uint8_t *pubkey;
     uint8_t *end;
 
-    if (hlen != IMAGE_HASH_SIZE || slen != 64) {
+    if (slen != EDDSA_SIGNATURE_LENGTH) {
         FIH_SET(fih_rc, FIH_FAILURE);
         goto out;
     }
@@ -88,7 +97,7 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
         goto out;
     }
 
-    rc = ED25519_verify(hash, IMAGE_HASH_SIZE, sig, pubkey);
+    rc = ED25519_verify(buf, blen, sig, pubkey);
 
     if (rc == 0) {
         /* if verify returns 0, there was an error. */
@@ -102,4 +111,45 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
     FIH_RET(fih_rc);
 }
 
+/* Hash signature verification function.
+ * Verifies hash against provided signature.
+ * The function verifies that hash is of expected size and then
+ * calls bootutil_verify to do the signature verification.
+ */
+fih_ret
+bootutil_verify_sig(uint8_t *hash, uint32_t hlen,
+                    uint8_t *sig, size_t slen,
+                    uint8_t key_id)
+{
+    FIH_DECLARE(fih_rc, FIH_FAILURE);
+
+    if (hlen != IMAGE_HASH_SIZE) {
+        FIH_SET(fih_rc, FIH_FAILURE);
+        goto out;
+    }
+
+    FIH_CALL(bootutil_verify, fih_rc, hash, IMAGE_HASH_SIZE, sig,
+             slen, key_id);
+
+out:
+    FIH_RET(fih_rc);
+}
+
+/* Image verification function.
+ * The function directly calls bootutil_verify to verify signature
+ * of image.
+ */
+fih_ret
+bootutil_verify_img(uint8_t *img, uint32_t size,
+                    uint8_t *sig, size_t slen,
+                    uint8_t key_id)
+{
+    FIH_DECLARE(fih_rc, FIH_FAILURE);
+
+    FIH_CALL(bootutil_verify, fih_rc, img, size, sig,
+             slen, key_id);
+
+    FIH_RET(fih_rc);
+}
+
 #endif /* MCUBOOT_SIGN_ED25519 */