bootutil: Add support for multi-sign of same type

This commit adds functionality to the bootutil library to support
multiple sign verfication of same type when 'MCUBOOT_BUILTIN_KEY' or
'MCUBOOT_HW_KEY' is enabled.

Signed-off-by: Maulik Patel <[email protected]>
Change-Id: I05c97ac385c5816c812c51feb010028df8412fe5

Author: maulik-arm

boot/bootutil/CMakeLists.txt

@@ -14,28 +14,32 @@ target_include_directories(bootutil
         src
 )
 
-target_sources(bootutil
-    PRIVATE
-        src/boot_record.c
-        src/bootutil_misc.c
-        src/bootutil_public.c
-        src/caps.c
-        src/encrypted.c
-        src/fault_injection_hardening.c
-        src/fault_injection_hardening_delay_rng_mbedtls.c
-        src/image_ecdsa.c
-        src/image_ed25519.c
-        src/image_rsa.c
-        src/image_validate.c
-        src/loader.c
-        src/swap_misc.c
-        src/swap_move.c
-        src/swap_scratch.c
-        src/tlv.c
+set(BOOTUTIL_SOURCES
+    src/boot_record.c
+    src/bootutil_misc.c
+    src/bootutil_public.c
+    src/caps.c
+    src/encrypted.c
+    src/fault_injection_hardening.c
+    src/fault_injection_hardening_delay_rng_mbedtls.c
+    src/image_ecdsa.c
+    src/image_ed25519.c
+    src/image_rsa.c
+    src/loader.c
+    src/swap_misc.c
+    src/swap_move.c
+    src/swap_scratch.c
+    src/tlv.c
 )
+
 if(CONFIG_BOOT_RAM_LOAD)
-    target_sources(bootutil
-        PRIVATE
-            src/ram_load.c
-    )
+    list(APPEND BOOTUTIL_SOURCES src/ram_load.c)
 endif()
+
+if(MCUBOOT_IMAGE_MULTI_SIG_SUPPORT)
+    list(APPEND BOOTUTIL_SOURCES src/image_multi_sig.c)
+else()
+    list(APPEND BOOTUTIL_SOURCES src/image_validate.c)
+endif()
+
+target_sources(bootutil PRIVATE ${BOOTUTIL_SOURCES})

boot/bootutil/include/bootutil/sign_key.h

@@ -62,15 +62,18 @@ extern struct bootutil_key bootutil_keys[];
  * Retrieve the hash of the corresponding public key for image authentication.
  *
  * @param[in]      image_index      Index of the image to be authenticated.
+ * @param[in]      key_index        Index of the key to be used.
  * @param[out]     public_key_hash  Buffer to store the key-hash in.
  * @param[in,out]  key_hash_size    As input the size of the buffer. As output
  *                                  the actual key-hash length.
  *
  * @return                          0 on success; nonzero on failure.
  */
 int boot_retrieve_public_key_hash(uint8_t image_index,
+                                  uint8_t key_index,
                                   uint8_t *public_key_hash,
                                   size_t *key_hash_size);
+
 #endif /* !MCUBOOT_HW_KEY */
 
 extern const int bootutil_key_cnt;