From 7cdb50ccb8675ae8b05000cfbaff1a84fc93a514 Mon Sep 17 00:00:00 2001
From: Dominik Ermel <dominik.ermel@nordicsemi.no>
Date: Wed, 19 Nov 2025 17:14:45 +0000
Subject: [PATCH 1/3] bootutil: Replace bootutil_verify_img with
 bootutil_verify_sig

With small changes the bootutil_verify_sig can now be used
for the same purpose as bootutil_verify_img.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
---
 boot/bootutil/src/bootutil_priv.h  |  9 ++++++---
 boot/bootutil/src/image_ed25519.c  | 20 +++++++++++---------
 boot/bootutil/src/image_validate.c |  2 +-
 3 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h
index 14c56cd21d..cc909db47e 100644
--- a/boot/bootutil/src/bootutil_priv.h
+++ b/boot/bootutil/src/bootutil_priv.h
@@ -281,10 +281,13 @@ struct boot_sector_buffer {
 #endif
 };
 
-/* The function is intended for verification of image hash against
- * provided signature.
+/* The function is intended for verification of message hash against
+ * provided signature. If MCUBOOT_SIGN_PURE is enabled the function
+ * expects msg to point to image to verify signature over, and mlen
+ * is image size; otherwise msg is expected  to be pointer to hash of
+ * an image and mlen to length of the hash.
  */
-fih_ret bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig,
+fih_ret bootutil_verify_sig(uint8_t *msg, uint32_t mlen, uint8_t *sig,
                             size_t slen, uint8_t key_id);
 
 /* The function is intended for direct verification of image
diff --git a/boot/bootutil/src/image_ed25519.c b/boot/bootutil/src/image_ed25519.c
index 4d83bb3d7c..80ff7adcf8 100644
--- a/boot/bootutil/src/image_ed25519.c
+++ b/boot/bootutil/src/image_ed25519.c
@@ -141,13 +141,13 @@ bootutil_verify(uint8_t *buf, uint32_t blen,
     FIH_RET(fih_rc);
 }
 
-/* Hash signature verification function.
- * Verifies hash against provided signature.
- * The function verifies that hash is of expected size and then
- * calls bootutil_verify to do the signature verification.
+/* Signature verification function.
+ * Verifies message with provided signature.
+ * When compiled without  MCUBOOT_SIGN_PURE, the function expects
+ * msg to be hash of expected size.
  */
 fih_ret
-bootutil_verify_sig(uint8_t *hash, uint32_t hlen,
+bootutil_verify_sig(uint8_t *msg, uint32_t mlen,
                     uint8_t *sig, size_t slen,
                     uint8_t key_id)
 {
@@ -155,14 +155,16 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen,
 
     BOOT_LOG_DBG("bootutil_verify_sig: ED25519 key_id %d", (int)key_id);
 
-    if (hlen != IMAGE_HASH_SIZE) {
-        BOOT_LOG_DBG("bootutil_verify_sig: expected hlen %d, got %d",
-                     IMAGE_HASH_SIZE, hlen);
+#if !defined(MCUBOOT_SIGN_PURE)
+    if (mlen != IMAGE_HASH_SIZE) {
+        BOOT_LOG_DBG("bootutil_verify_sig: expected hash len %d, got %d",
+                     IMAGE_HASH_SIZE, mlen);
         FIH_SET(fih_rc, FIH_FAILURE);
         goto out;
     }
+#endif
 
-    FIH_CALL(bootutil_verify, fih_rc, hash, IMAGE_HASH_SIZE, sig,
+    FIH_CALL(bootutil_verify, fih_rc, msg, mlen, sig,
              slen, key_id);
 
 out:
diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
index 3deb9a7d8d..39c2ec687d 100644
--- a/boot/bootutil/src/image_validate.c
+++ b/boot/bootutil/src/image_validate.c
@@ -422,7 +422,7 @@ bootutil_img_validate(struct boot_loader_state *state,
              * a device to memory. The pointer is beginning of image in flash,
              * so offset of area, the range is header + image + protected tlvs.
              */
-            FIH_CALL(bootutil_verify_img, valid_signature, (void *)(base + flash_area_get_off(fap)),
+            FIH_CALL(bootutil_verify_sig, valid_signature, (void *)(base + flash_area_get_off(fap)),
                      hdr->ih_hdr_size + hdr->ih_img_size + hdr->ih_protect_tlv_size,
                      buf, len, key_id);
 #endif

From e892ad67e5cccda00309837ce3656a7153849a44 Mon Sep 17 00:00:00 2001
From: Dominik Ermel <dominik.ermel@nordicsemi.no>
Date: Wed, 19 Nov 2025 17:16:10 +0000
Subject: [PATCH 2/3] bootutil: Remove bootutil_verify_img

No longer needed.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
---
 boot/bootutil/src/bootutil_priv.h |  6 ------
 boot/bootutil/src/image_ed25519.c | 19 -------------------
 2 files changed, 25 deletions(-)

diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h
index cc909db47e..ce3bdf81c3 100644
--- a/boot/bootutil/src/bootutil_priv.h
+++ b/boot/bootutil/src/bootutil_priv.h
@@ -290,12 +290,6 @@ struct boot_sector_buffer {
 fih_ret bootutil_verify_sig(uint8_t *msg, uint32_t mlen, uint8_t *sig,
                             size_t slen, uint8_t key_id);
 
-/* The function is intended for direct verification of image
- * against provided signature.
- */
-fih_ret bootutil_verify_img(uint8_t *img, uint32_t size,
-                            uint8_t *sig, size_t slen, uint8_t key_id);
-
 fih_ret boot_fih_memequal(const void *s1, const void *s2, size_t n);
 
 const struct flash_area *boot_find_status(const struct boot_loader_state *state,
diff --git a/boot/bootutil/src/image_ed25519.c b/boot/bootutil/src/image_ed25519.c
index 80ff7adcf8..a076f76317 100644
--- a/boot/bootutil/src/image_ed25519.c
+++ b/boot/bootutil/src/image_ed25519.c
@@ -171,23 +171,4 @@ bootutil_verify_sig(uint8_t *msg, uint32_t mlen,
     FIH_RET(fih_rc);
 }
 
-/* Image verification function.
- * The function directly calls bootutil_verify to verify signature
- * of image.
- */
-fih_ret
-bootutil_verify_img(uint8_t *img, uint32_t size,
-                    uint8_t *sig, size_t slen,
-                    uint8_t key_id)
-{
-    FIH_DECLARE(fih_rc, FIH_FAILURE);
-
-    BOOT_LOG_DBG("bootutil_verify_img: ED25519 key_id %d", (int)key_id);
-
-    FIH_CALL(bootutil_verify, fih_rc, img, size, sig,
-             slen, key_id);
-
-    FIH_RET(fih_rc);
-}
-
 #endif /* MCUBOOT_SIGN_ED25519 */

From 9d0f2c92187aac3208cb148b0fafac9d2453edc5 Mon Sep 17 00:00:00 2001
From: Dominik Ermel <dominik.ermel@nordicsemi.no>
Date: Wed, 19 Nov 2025 17:20:41 +0000
Subject: [PATCH 3/3] bootutil: ed25519 psa: Merge bootutil_verify_sig and
 bootutil_verify

Reduce layers of calls.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
---
 boot/bootutil/src/image_ed25519.c | 52 +++++++++----------------------
 1 file changed, 15 insertions(+), 37 deletions(-)

diff --git a/boot/bootutil/src/image_ed25519.c b/boot/bootutil/src/image_ed25519.c
index a076f76317..669ac179bb 100644
--- a/boot/bootutil/src/image_ed25519.c
+++ b/boot/bootutil/src/image_ed25519.c
@@ -83,8 +83,8 @@ bootutil_import_key(uint8_t **cp, uint8_t *end)
  * The function does key import and checks whether signature is
  * of expected length.
  */
-static fih_ret
-bootutil_verify(uint8_t *buf, uint32_t blen,
+fih_ret
+bootutil_verify_sig(uint8_t *msg, uint32_t mlen,
                 uint8_t *sig, size_t slen,
                 uint8_t key_id)
 {
@@ -93,10 +93,18 @@ bootutil_verify(uint8_t *buf, uint32_t blen,
     uint8_t *pubkey;
     uint8_t *end;
 
-    BOOT_LOG_DBG("bootutil_verify: ED25519 key_id %d", (int)key_id);
+    BOOT_LOG_DBG("bootutil_verify_sig: ED25519 key_id %d", (int)key_id);
+
+#if !defined(MCUBOOT_SIGN_PURE)
+    if (mlen != IMAGE_HASH_SIZE) {
+        BOOT_LOG_DBG("bootutil_verify_sig: expected hash len %d, got %d",
+                     IMAGE_HASH_SIZE, mlen);
+        goto out;
+    }
+#endif
 
     if (slen != EDDSA_SIGNATURE_LENGTH) {
-        BOOT_LOG_DBG("bootutil_verify: expected slen %d, got %u",
+        BOOT_LOG_DBG("bootutil_verify_sig: expected slen %d, got %u",
                      EDDSA_SIGNATURE_LENGTH, (unsigned int)slen);
         FIH_SET(fih_rc, FIH_FAILURE);
         goto out;
@@ -108,7 +116,7 @@ bootutil_verify(uint8_t *buf, uint32_t blen,
 #if !defined(MCUBOOT_KEY_IMPORT_BYPASS_ASN)
     rc = bootutil_import_key(&pubkey, end);
     if (rc) {
-        BOOT_LOG_DBG("bootutil_verify: import key failed %d", rc);
+        BOOT_LOG_DBG("bootutil_verify_sig: import key failed %d", rc);
         FIH_SET(fih_rc, FIH_FAILURE);
         goto out;
     }
@@ -118,7 +126,7 @@ bootutil_verify(uint8_t *buf, uint32_t blen,
      * There is no check whether this is the correct key,
      * here, by the algorithm selected.
      */
-    BOOT_LOG_DBG("bootutil_verify: bypass ASN1");
+    BOOT_LOG_DBG("bootutil_verify_sig: bypass ASN1");
     if (*bootutil_keys[key_id].len < NUM_ED25519_BYTES) {
         FIH_SET(fih_rc, FIH_FAILURE);
         goto out;
@@ -127,7 +135,7 @@ bootutil_verify(uint8_t *buf, uint32_t blen,
     pubkey = end - NUM_ED25519_BYTES;
 #endif
 
-    rc = ED25519_verify(buf, blen, sig, pubkey);
+    rc = ED25519_verify(msg, mlen, sig, pubkey);
 
     if (rc == 0) {
         /* if verify returns 0, there was an error. */
@@ -141,34 +149,4 @@ bootutil_verify(uint8_t *buf, uint32_t blen,
     FIH_RET(fih_rc);
 }
 
-/* Signature verification function.
- * Verifies message with provided signature.
- * When compiled without  MCUBOOT_SIGN_PURE, the function expects
- * msg to be hash of expected size.
- */
-fih_ret
-bootutil_verify_sig(uint8_t *msg, uint32_t mlen,
-                    uint8_t *sig, size_t slen,
-                    uint8_t key_id)
-{
-    FIH_DECLARE(fih_rc, FIH_FAILURE);
-
-    BOOT_LOG_DBG("bootutil_verify_sig: ED25519 key_id %d", (int)key_id);
-
-#if !defined(MCUBOOT_SIGN_PURE)
-    if (mlen != IMAGE_HASH_SIZE) {
-        BOOT_LOG_DBG("bootutil_verify_sig: expected hash len %d, got %d",
-                     IMAGE_HASH_SIZE, mlen);
-        FIH_SET(fih_rc, FIH_FAILURE);
-        goto out;
-    }
-#endif
-
-    FIH_CALL(bootutil_verify, fih_rc, msg, mlen, sig,
-             slen, key_id);
-
-out:
-    FIH_RET(fih_rc);
-}
-
 #endif /* MCUBOOT_SIGN_ED25519 */