This is an automated email from the ASF dual-hosted git repository.
ccollins pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-imgmod.git
commit ec8fdbbd990773f05b5f619eeb046310c7c2da20
Author: Christopher Collins <ccoll...@apache.org>
AuthorDate: Fri Feb 28 16:26:10 2020 -0800
New command: image decrypthw
---
cli/image_cmds.go | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
iimg/iimg.go | 11 +++++++++++
2 files changed, 59 insertions(+)
diff --git a/cli/image_cmds.go b/cli/image_cmds.go
index a4ea984..882277b 100644
--- a/cli/image_cmds.go
+++ b/cli/image_cmds.go
@@ -492,6 +492,39 @@ func runDecryptFullCmd(cmd *cobra.Command, args []string) {
}
}
+func runDecryptHwCmd(cmd *cobra.Command, args []string) {
+ if len(args) < 2 {
+ ImgmodUsage(cmd, nil)
+ }
+
+ imgFilename := args[0]
+ secretFilename := args[1]
+
+ outFilename, err := CalcOutFilename(imgFilename)
+ if err != nil {
+ ImgmodUsage(cmd, err)
+ }
+
+ img, err := readImage(imgFilename)
+ if err != nil {
+ ImgmodUsage(cmd, err)
+ }
+
+ secretBytes, err := ioutil.ReadFile(secretFilename)
+ if err != nil {
+ ImgmodUsage(cmd, errors.Wrapf(err, "error reading secret file"))
+ }
+
+ img, err = iimg.DecryptImageHw(img, secretBytes)
+ if err != nil {
+ ImgmodUsage(nil, err)
+ }
+
+ if err := writeImage(img, outFilename); err != nil {
+ ImgmodUsage(nil, err)
+ }
+}
+
func runEncryptCmd(cmd *cobra.Command, args []string) {
if len(args) < 2 {
ImgmodUsage(cmd, nil)
@@ -733,6 +766,21 @@ func AddImageCommands(cmd *cobra.Command) {
Run: runDecryptFullCmd,
}
+ decryptHwCmd := &cobra.Command{
+ Use: "decrypthw <image> <aes-secret>",
+ Short: "Decrypts an hardware-encrypted Mynewt image file",
+ Long: "Decrypts the body of a hardware-encrypted Mynewt image
file and " +
+ "removes the encryption TLVs. The aes-secret can be
64-encoded " +
+ "or raw.",
+ Run: runDecryptHwCmd,
+ }
+
+ decryptHwCmd.PersistentFlags().StringVarP(&OptOutFilename, "outfile",
"o",
+ "", "File to write to")
+ decryptHwCmd.PersistentFlags().BoolVarP(&OptInPlace, "inplace", "i",
false,
+ "Replace input file")
+ imageCmd.AddCommand(decryptHwCmd)
+
decryptFullCmd.PersistentFlags().StringVarP(&OptOutFilename, "outfile",
"o",
"", "File to write to")
decryptFullCmd.PersistentFlags().BoolVarP(&OptInPlace, "inplace", "i",
false,
diff --git a/iimg/iimg.go b/iimg/iimg.go
index d4e7c9a..9fc53fd 100644
--- a/iimg/iimg.go
+++ b/iimg/iimg.go
@@ -20,6 +20,7 @@
package iimg
import (
+ "encoding/base64"
"encoding/hex"
"fmt"
"strings"
@@ -181,6 +182,16 @@ func DecryptImageFull(img image.Image,
return img, nil
}
+func DecryptImageHw(img image.Image, secretBytes []byte) (image.Image, error) {
+ secret, err := base64.StdEncoding.DecodeString(string(secretBytes))
+ if err != nil {
+ // Not base64 encoded. Assume this is a raw AES secret.
+ secret = secretBytes
+ }
+
+ return image.DecryptHw(img, secret)
+}
+
func EncryptImage(img image.Image, pubKeBytes []byte) (image.Image, error) {
key, err := sec.ParsePubEncKey(pubKeBytes)
if err != nil {
