bootutil: ed25519 psa: Merge bootutil_verify_sig and bootutil_verify

de-nordic · de-nordic · commit 1586e185fb03 · 2025-12-03T14:13:38.000Z
Reduce layers of calls.

Signed-off-by: Dominik Ermel &lt;dominik.ermel@nordicsemi.no&gt;
diff --git a/boot/bootutil/src/image_ed25519.c b/boot/bootutil/src/image_ed25519.c
@@ -83,20 +83,27 @@ bootutil_import_key(uint8_t **cp, uint8_t *end)
  * The function does key import and checks whether signature is
  * of expected length.
  */
-static fih_ret
-bootutil_verify(uint8_t *buf, uint32_t blen,
-                uint8_t *sig, size_t slen,
-                uint8_t key_id)
+fih_ret
+bootutil_verify_sig(uint8_t *msg, uint32_t mlen, uint8_t *sig, size_t slen,
+                    uint8_t key_id)
 {
     int rc;
     FIH_DECLARE(fih_rc, FIH_FAILURE);
     uint8_t *pubkey;
     uint8_t *end;
 
-    BOOT_LOG_DBG("bootutil_verify: ED25519 key_id %d", (int)key_id);
+    BOOT_LOG_DBG("bootutil_verify_sig: ED25519 key_id %d", (int)key_id);
+
+#if !defined(MCUBOOT_SIGN_PURE)
+    if (mlen != IMAGE_HASH_SIZE) {
+        BOOT_LOG_DBG("bootutil_verify_sig: expected hash len %d, got %d",
+                     IMAGE_HASH_SIZE, mlen);
+        goto out;
+    }
+#endif
 
     if (slen != EDDSA_SIGNATURE_LENGTH) {
-        BOOT_LOG_DBG("bootutil_verify: expected slen %d, got %u",
+        BOOT_LOG_DBG("bootutil_verify_sig: expected slen %d, got %u",
                      EDDSA_SIGNATURE_LENGTH, (unsigned int)slen);
         FIH_SET(fih_rc, FIH_FAILURE);
         goto out;
@@ -108,7 +115,7 @@ bootutil_verify(uint8_t *buf, uint32_t blen,
 #if !defined(MCUBOOT_KEY_IMPORT_BYPASS_ASN)
     rc = bootutil_import_key(&pubkey, end);
     if (rc) {
-        BOOT_LOG_DBG("bootutil_verify: import key failed %d", rc);
+        BOOT_LOG_DBG("bootutil_verify_sig: import key failed %d", rc);
         FIH_SET(fih_rc, FIH_FAILURE);
         goto out;
     }
@@ -118,7 +125,7 @@ bootutil_verify(uint8_t *buf, uint32_t blen,
      * There is no check whether this is the correct key,
      * here, by the algorithm selected.
      */
-    BOOT_LOG_DBG("bootutil_verify: bypass ASN1");
+    BOOT_LOG_DBG("bootutil_verify_sig: bypass ASN1");
     if (*bootutil_keys[key_id].len < NUM_ED25519_BYTES) {
         FIH_SET(fih_rc, FIH_FAILURE);
         goto out;
@@ -127,7 +134,7 @@ bootutil_verify(uint8_t *buf, uint32_t blen,
     pubkey = end - NUM_ED25519_BYTES;
 #endif
 
-    rc = ED25519_verify(buf, blen, sig, pubkey);
+    rc = ED25519_verify(msg, mlen, sig, pubkey);
 
     if (rc == 0) {
         /* if verify returns 0, there was an error. */
@@ -141,34 +148,4 @@ bootutil_verify(uint8_t *buf, uint32_t blen,
     FIH_RET(fih_rc);
 }
 
-/* Signature verification function.
- * Verifies message with provided signature.
- * When compiled without  MCUBOOT_SIGN_PURE, the function expects
- * msg to be hash of expected size.
- */
-fih_ret
-bootutil_verify_sig(uint8_t *msg, uint32_t mlen,
-                    uint8_t *sig, size_t slen,
-                    uint8_t key_id)
-{
-    FIH_DECLARE(fih_rc, FIH_FAILURE);
-
-    BOOT_LOG_DBG("bootutil_verify_sig: ED25519 key_id %d", (int)key_id);
-
-#if !defined(MCUBOOT_SIGN_PURE)
-    if (mlen != IMAGE_HASH_SIZE) {
-        BOOT_LOG_DBG("bootutil_verify_sig: expected hash len %d, got %d",
-                     IMAGE_HASH_SIZE, mlen);
-        FIH_SET(fih_rc, FIH_FAILURE);
-        goto out;
-    }
-#endif
-
-    FIH_CALL(bootutil_verify, fih_rc, msg, mlen, sig,
-             slen, key_id);
-
-out:
-    FIH_RET(fih_rc);
-}
-
 #endif /* MCUBOOT_SIGN_ED25519 */
