bootutil: Add FIH for ED25519 sig verification
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: If43ff9a7c3d755a32b310230e05d01235868392d
diff --git a/boot/bootutil/src/image_ed25519.c b/boot/bootutil/src/image_ed25519.c
index b5838c4..c51fea4 100644
--- a/boot/bootutil/src/image_ed25519.c
+++ b/boot/bootutil/src/image_ed25519.c
@@ -2,7 +2,7 @@
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2019 JUUL Labs
- * Copyright (c) 2021 Arm Limited
+ * Copyright (c) 2021-2023 Arm Limited
*/
#include <string.h>
@@ -64,16 +64,18 @@
return 0;
}
-int
+fih_ret
bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
uint8_t key_id)
{
int rc;
+ FIH_DECLARE(fih_rc, FIH_FAILURE);
uint8_t *pubkey;
uint8_t *end;
if (hlen != 32 || slen != 64) {
- return -1;
+ FIH_SET(fih_rc, FIH_FAILURE);
+ goto out;
}
pubkey = (uint8_t *)bootutil_keys[key_id].key;
@@ -81,15 +83,22 @@
rc = bootutil_import_key(&pubkey, end);
if (rc) {
- return -1;
+ FIH_SET(fih_rc, FIH_FAILURE);
+ goto out;
}
rc = ED25519_verify(hash, 32, sig, pubkey);
+
if (rc == 0) {
- return -2;
+ /* if verify returns 0, there was an error. */
+ FIH_SET(fih_rc, FIH_FAILURE);
+ goto out;
}
- return 0;
+ FIH_SET(fih_rc, FIH_SUCCESS);
+out:
+
+ FIH_RET(fih_rc);
}
#endif /* MCUBOOT_SIGN_ED25519 */