This is an automated email from the ASF dual-hosted git repository. ccollins pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mynewt-imgmod.git
commit ec8fdbbd990773f05b5f619eeb046310c7c2da20 Author: Christopher Collins <ccoll...@apache.org> AuthorDate: Fri Feb 28 16:26:10 2020 -0800 New command: image decrypthw --- cli/image_cmds.go | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ iimg/iimg.go | 11 +++++++++++ 2 files changed, 59 insertions(+) diff --git a/cli/image_cmds.go b/cli/image_cmds.go index a4ea984..882277b 100644 --- a/cli/image_cmds.go +++ b/cli/image_cmds.go @@ -492,6 +492,39 @@ func runDecryptFullCmd(cmd *cobra.Command, args []string) { } } +func runDecryptHwCmd(cmd *cobra.Command, args []string) { + if len(args) < 2 { + ImgmodUsage(cmd, nil) + } + + imgFilename := args[0] + secretFilename := args[1] + + outFilename, err := CalcOutFilename(imgFilename) + if err != nil { + ImgmodUsage(cmd, err) + } + + img, err := readImage(imgFilename) + if err != nil { + ImgmodUsage(cmd, err) + } + + secretBytes, err := ioutil.ReadFile(secretFilename) + if err != nil { + ImgmodUsage(cmd, errors.Wrapf(err, "error reading secret file")) + } + + img, err = iimg.DecryptImageHw(img, secretBytes) + if err != nil { + ImgmodUsage(nil, err) + } + + if err := writeImage(img, outFilename); err != nil { + ImgmodUsage(nil, err) + } +} + func runEncryptCmd(cmd *cobra.Command, args []string) { if len(args) < 2 { ImgmodUsage(cmd, nil) @@ -733,6 +766,21 @@ func AddImageCommands(cmd *cobra.Command) { Run: runDecryptFullCmd, } + decryptHwCmd := &cobra.Command{ + Use: "decrypthw <image> <aes-secret>", + Short: "Decrypts an hardware-encrypted Mynewt image file", + Long: "Decrypts the body of a hardware-encrypted Mynewt image file and " + + "removes the encryption TLVs. The aes-secret can be 64-encoded " + + "or raw.", + Run: runDecryptHwCmd, + } + + decryptHwCmd.PersistentFlags().StringVarP(&OptOutFilename, "outfile", "o", + "", "File to write to") + decryptHwCmd.PersistentFlags().BoolVarP(&OptInPlace, "inplace", "i", false, + "Replace input file") + imageCmd.AddCommand(decryptHwCmd) + decryptFullCmd.PersistentFlags().StringVarP(&OptOutFilename, "outfile", "o", "", "File to write to") decryptFullCmd.PersistentFlags().BoolVarP(&OptInPlace, "inplace", "i", false, diff --git a/iimg/iimg.go b/iimg/iimg.go index d4e7c9a..9fc53fd 100644 --- a/iimg/iimg.go +++ b/iimg/iimg.go @@ -20,6 +20,7 @@ package iimg import ( + "encoding/base64" "encoding/hex" "fmt" "strings" @@ -181,6 +182,16 @@ func DecryptImageFull(img image.Image, return img, nil } +func DecryptImageHw(img image.Image, secretBytes []byte) (image.Image, error) { + secret, err := base64.StdEncoding.DecodeString(string(secretBytes)) + if err != nil { + // Not base64 encoded. Assume this is a raw AES secret. + secret = secretBytes + } + + return image.DecryptHw(img, secret) +} + func EncryptImage(img image.Image, pubKeBytes []byte) (image.Image, error) { key, err := sec.ParsePubEncKey(pubKeBytes) if err != nil {