[nrf noup] Support for ed25519 signature verification using ITS

nordic-mik7 · nordic-mik7 · commit d01e51a95b3e · 2025-08-22T12:59:08.000+02:00
Thic commit introduces support for ed25519 signature verification when
CONFIG_NCS_BOOT_SIGNATURE_USING_ITS is set (through PSA API).

Signed-off-by: Michal Kozikowski &lt;artur.hadasz@nordicsemi.no&gt;
diff --git a/boot/bootutil/src/ed25519_psa.c b/boot/bootutil/src/ed25519_psa.c
@@ -41,7 +41,18 @@ BUILD_ASSERT(CONFIG_BOOT_SIGNATURE_KMU_SLOTS <= ARRAY_SIZE(kmu_key_ids),
 	     "Invalid number of KMU slots, up to 3 are supported on nRF54L15");
 #endif
 
-#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
+#if defined(CONFIG_NCS_BOOT_SIGNATURE_USING_ITS)
+static const psa_key_id_t its_key_ids[] =  {
+    0x40022100,
+    0x40022101,
+    0x40022102,
+    0x40022103
+};
+
+#define BOOT_SIGNATURE_ITS_KEY_SLOTS ARRAY_SIZE(its_key_ids)
+#endif
+
+#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) && !defined(CONFIG_NCS_BOOT_SIGNATURE_USING_ITS)
 int ED25519_verify(const uint8_t *message, size_t message_len,
                    const uint8_t signature[EDDSA_SIGNAGURE_LENGTH],
                    const uint8_t public_key[EDDSA_KEY_LENGTH])
@@ -103,6 +114,13 @@ int ED25519_verify(const uint8_t *message, size_t message_len,
     /* Set to any error */
     psa_status_t status = PSA_ERROR_BAD_STATE;
     int ret = 0;        /* Fail by default */
+#if defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
+    const int key_slots_count = CONFIG_BOOT_SIGNATURE_KMU_SLOTS;
+    psa_key_id_t *key_ids = kmu_key_ids;
+#else
+    const int key_slots_count = BOOT_SIGNATURE_ITS_KEY_SLOTS;
+    psa_key_id_t const *key_ids = its_key_ids;
+#endif
 
     /* Initialize PSA Crypto */
     status = psa_crypto_init();
@@ -113,23 +131,24 @@ int ED25519_verify(const uint8_t *message, size_t message_len,
 
     status = PSA_ERROR_BAD_STATE;
 
-    for (int i = 0; i < CONFIG_BOOT_SIGNATURE_KMU_SLOTS; ++i) {
-        psa_key_id_t kid = kmu_key_ids[i];
+    for (int i = 0; i < key_slots_count; ++i) {
+        psa_key_id_t kid = key_ids[i];
 
         status = psa_verify_message(kid, PSA_ALG_PURE_EDDSA, message,
                                     message_len, signature,
                                     EDDSA_SIGNAGURE_LENGTH);
         if (status == PSA_SUCCESS) {
             ret = 1;
 #if defined(CONFIG_BOOT_KMU_KEYS_REVOCATION)
-            validated_with = kmu_key_ids + i;
+            validated_with = key_ids + i;
 #endif
-            break;
+            return ret;
         }
 
-        BOOT_LOG_ERR("ED25519 signature verification failed %d", status);
     }
 
+    BOOT_LOG_ERR("ED25519 signature verification failed %d", status);
+
     return ret;
 }
 #if defined(CONFIG_BOOT_KMU_KEYS_REVOCATION)
diff --git a/boot/bootutil/src/image_ed25519.c b/boot/bootutil/src/image_ed25519.c
@@ -36,6 +36,7 @@ extern int ED25519_verify(const uint8_t *message, size_t message_len,
 
 #if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
 #if !defined(MCUBOOT_KEY_IMPORT_BYPASS_ASN)
+#if !defined(CONFIG_NCS_BOOT_SIGNATURE_USING_ITS)
 /*
  * Parse the public key used for signing.
  */
@@ -78,6 +79,7 @@ bootutil_import_key(uint8_t **cp, uint8_t *end)
 }
 #endif /* !defined(MCUBOOT_KEY_IMPORT_BYPASS_ASN) */
 #endif
+#endif
 
 /* Signature verification base function.
  * The function takes buffer of specified length and tries to verify
@@ -93,7 +95,7 @@ bootutil_verify(uint8_t *buf, uint32_t blen,
     int rc;
     FIH_DECLARE(fih_rc, FIH_FAILURE);
     uint8_t *pubkey = NULL;
-#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
+#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) && !defined(CONFIG_NCS_BOOT_SIGNATURE_USING_ITS)
     uint8_t *end;
 #endif
 
@@ -106,7 +108,7 @@ bootutil_verify(uint8_t *buf, uint32_t blen,
         goto out;
     }
 
-#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
+#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) && !defined(CONFIG_NCS_BOOT_SIGNATURE_USING_ITS)
     pubkey = (uint8_t *)bootutil_keys[key_id].key;
     end = pubkey + *bootutil_keys[key_id].len;
 
diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
@@ -772,13 +772,13 @@ bootutil_img_validate(struct boot_loader_state *state,
         case EXPECTED_SIG_TLV:
         {
             BOOT_LOG_DBG("bootutil_img_validate: EXPECTED_SIG_TLV == %d", EXPECTED_SIG_TLV);
-#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
+#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) && !defined(CONFIG_NCS_BOOT_SIGNATURE_USING_ITS)
             /* Ignore this signature if it is out of bounds. */
             if (key_id < 0 || key_id >= bootutil_key_cnt) {
                 key_id = -1;
                 continue;
             }
-#endif /* !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) */
+#endif /* !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) && !defined(CONFIG_NCS_BOOT_SIGNATURE_USING_ITS) */
             if (!EXPECTED_SIG_LEN(len) || len > sizeof(buf)) {
                 rc = -1;
                 goto out;
@@ -1022,7 +1022,7 @@ bootutil_img_validate(struct boot_loader_state *state,
 
             if (type == IMAGE_TLV_DECOMP_SIGNATURE) {
                 /* Ignore this signature if it is out of bounds. */
-#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
+#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) && !defined(CONFIG_NCS_BOOT_SIGNATURE_USING_ITS)
                 if (key_id < 0 || key_id >= bootutil_key_cnt) {
                     key_id = -1;
                     continue;
