This is an automated email from the ASF dual-hosted git repository. ccollins pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mynewt-artifact.git
commit 91a9bc9025e6a3b992f2033c1c427a03b7651dad Author: Andy Gross <[email protected]> AuthorDate: Wed Oct 16 01:05:25 2019 -0500 Fix issues with hash calculation This patch fixes the hash calculation to use the correct encrypted or unencrypted application image bytes. This patch also fixes an incorrect padding if a header size > 32 bytes is used. Signed-off-by: Andy Gross <[email protected]> --- image/create.go | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/image/create.go b/image/create.go index 51003f6..8783b70 100644 --- a/image/create.go +++ b/image/create.go @@ -287,8 +287,8 @@ func GenerateImage(opts ImageCreateOpts) (Image, error) { } if opts.ImagePad > 0 { - pad := opts.ImagePad - (len(ic.Body) % opts.ImagePad) - ic.Body = append(ic.Body, bytes.Repeat([]byte{byte(0xff)}, pad)...) + tail_pad := opts.ImagePad - (len(ic.Body) % opts.ImagePad) + ic.Body = append(ic.Body, bytes.Repeat([]byte{byte(0xff)}, tail_pad)...) } if ic.HWKeyIndex >= 0 { @@ -367,14 +367,6 @@ func calcHash(initialHash []byte, hdr ImageHdr, pad []byte, return nil, err } - extra := hdr.HdrSz - IMAGE_HEADER_SIZE - if extra > 0 { - b := make([]byte, extra) - if err := add(b); err != nil { - return nil, err - } - } - if err := add(plainBody); err != nil { return nil, err } @@ -401,7 +393,7 @@ func (ic *ImageCreator) Create() (Image, error) { img.Header.Flags |= IMAGE_F_NON_BOOTABLE } - // Set encrypted image flag if image is to be treated as encrypted + // Set encrypted image flag if image is to be treated as encrypted if ic.CipherSecret != nil && ic.HWKeyIndex < 0 { img.Header.Flags |= IMAGE_F_ENCRYPTED } @@ -419,22 +411,29 @@ func (ic *ImageCreator) Create() (Image, error) { img.Pad = make([]byte, extra) } - hashBytes, err := calcHash(ic.InitialHash, img.Header, img.Pad, ic.Body) - if err != nil { - return img, err - } + payload := &ic.Body // Followed by data. - if ic.CipherSecret != nil { + if ic.PlainSecret != nil { encBody, err := sec.EncryptAES(ic.Body, ic.PlainSecret, ic.Nonce) if err != nil { return img, err } img.Body = append(img.Body, encBody...) + + if ic.HWKeyIndex >= 0 { + payload = &encBody + } + } else { img.Body = append(img.Body, ic.Body...) } + hashBytes, err := calcHash(ic.InitialHash, img.Header, img.Pad, *payload) + if err != nil { + return img, err + } + // Hash TLV. tlv := ImageTlv{ Header: ImageTlvHdr{
