Documentation ¶
Index ¶
- Constants
- Variables
- func GeneratePlainSecret() ([]byte, error)
- func GenerateSig(key sec.PrivSignKey, hash []byte) (sec.Sig, error)
- func GenerateSigEc(key sec.PrivSignKey, hash []byte) ([]byte, error)
- func GenerateSigEd25519(key sec.PrivSignKey, hash []byte) ([]byte, error)
- func GenerateSigRsa(key sec.PrivSignKey, hash []byte) ([]byte, error)
- func ImageTlvTypeIsSecret(tlvType uint8) bool
- func ImageTlvTypeIsSig(tlvType uint8) bool
- func ImageTlvTypeIsValid(tlvType uint8) bool
- func ImageTlvTypeName(tlvType uint8) string
- func ImageTlvTypeToSigType(tlvType uint8) (sec.SigType, bool)
- type ECDSASig
- type Image
- func Decrypt(img Image, privEncKey sec.PrivEncKey) (Image, error)
- func DecryptHw(img Image, secret []byte) (Image, error)
- func DecryptHwFull(img Image, secret []byte) (Image, error)
- func Encrypt(img Image, pubEncKey sec.PubEncKey) (Image, error)
- func GenerateImage(opts ImageCreateOpts) (Image, error)
- func ParseImage(imgData []byte) (Image, error)
- func ReadImage(filename string) (Image, error)
- func (img *Image) Bin() ([]byte, error)
- func (i *Image) CalcHash(initialHash []byte) ([]byte, error)
- func (img *Image) Clone() Image
- func (img *Image) CollectSecret() ([]byte, error)
- func (img *Image) CollectSigs() ([]sec.Sig, error)
- func (img *Image) ExtractSecret() ([]byte, error)
- func (i *Image) FindAllTlvs(tlvType uint8) []*ImageTlv
- func (i *Image) FindAllTlvsIf(pred func(tlv ImageTlv) bool) []*ImageTlv
- func (i *Image) FindAllUniqueTlv(tlvType uint8) (*ImageTlv, error)
- func (img *Image) FindProtTlvIndices(tlvType uint8) []int
- func (img *Image) FindProtTlvIndicesIf(pred func(tlv ImageTlv) bool) []int
- func (img *Image) FindProtTlvs(tlvType uint8) []*ImageTlv
- func (img *Image) FindProtTlvsIf(pred func(tlv ImageTlv) bool) []*ImageTlv
- func (i *Image) FindProtUniqueTlv(tlvType uint8) (*ImageTlv, error)
- func (img *Image) FindTlvIndices(tlvType uint8) []int
- func (img *Image) FindTlvIndicesIf(pred func(tlv ImageTlv) bool) []int
- func (img *Image) FindTlvs(tlvType uint8) []*ImageTlv
- func (img *Image) FindTlvsIf(pred func(tlv ImageTlv) bool) []*ImageTlv
- func (i *Image) FindUniqueTlv(tlvType uint8) (*ImageTlv, error)
- func (img *Image) HasEncryptionPayload() bool
- func (i *Image) Hash() ([]byte, error)
- func (img *Image) IsEncrypted() bool
- func (img *Image) Json() (string, error)
- func (img *Image) Map() (map[string]interface{}, error)
- func (i *Image) Offsets() (ImageOffsets, error)
- func (img *Image) ProtTrailer() ImageTrailer
- func (i *Image) RemoveProtTlvsIf(pred func(tlv ImageTlv) bool) []ImageTlv
- func (i *Image) RemoveProtTlvsWithType(tlvType uint8) []ImageTlv
- func (i *Image) RemoveTlvsIf(pred func(tlv ImageTlv) bool) []ImageTlv
- func (i *Image) RemoveTlvsWithType(tlvType uint8) []ImageTlv
- func (i *Image) TotalSize() (int, error)
- func (img *Image) Trailer() ImageTrailer
- func (img *Image) VerifyHash(privEncKeys []sec.PrivEncKey) (int, error)
- func (img *Image) VerifyManifest(man manifest.Manifest) error
- func (img *Image) VerifySigs(keys []sec.PubSignKey) (int, error)
- func (img *Image) VerifyStructure() error
- func (i *Image) Write(w io.Writer) (int, error)
- func (i *Image) WritePlusOffsets(w io.Writer) (ImageOffsets, error)
- func (i *Image) WriteToFile(filename string) error
- type ImageCreateOpts
- type ImageCreator
- type ImageHdr
- type ImageHdrV1
- type ImageOffsets
- type ImageTlv
- func BuildKeyHashTlv(keyBytes []byte) ImageTlv
- func BuildSigTlvs(keys []sec.PrivSignKey, hash []byte) ([]ImageTlv, error)
- func GenerateEncTlv(cipherSecret []byte) (ImageTlv, error)
- func GenerateHWKeyIndexTLV(secretIndex uint32, useLegacyTLV bool) (ImageTlv, error)
- func GenerateNonceTLV(nonce []byte, useLegacyTLV bool) (ImageTlv, error)
- func GenerateSectionTlv(section Section) (ImageTlv, error)
- type ImageTlvHdr
- type ImageTrailer
- type ImageV1
- func (img *ImageV1) FindTlvs(tlvType uint8) []ImageTlv
- func (img *ImageV1) Hash() ([]byte, error)
- func (img *ImageV1) Offsets() (ImageOffsets, error)
- func (img *ImageV1) TotalSize() (int, error)
- func (img *ImageV1) Write(w io.Writer) (int, error)
- func (img *ImageV1) WritePlusOffsets(w io.Writer) (ImageOffsets, error)
- type ImageVersion
- type Section
Constants ¶
const ( IMAGE_MAGIC = 0x96f3b83d /* Image header magic */ IMAGE_TRAILER_MAGIC = 0x6907 /* TLV info magic */ IMAGE_PROT_TRAILER_MAGIC = 0x6908 /* Protected TLV info magic */ )
const ( IMAGE_HEADER_SIZE = 32 IMAGE_TRAILER_SIZE = 4 IMAGE_TLV_SIZE = 4 /* Plus `value` field. */ )
const ( IMAGE_F_PIC = 0x00000001 IMAGE_F_ENCRYPTED = 0x00000004 /* encrypted image */ IMAGE_F_NON_BOOTABLE = 0x00000010 /* non bootable image */ )
* Image header flags.
const ( IMAGE_TLV_KEYHASH = 0x01 IMAGE_TLV_SHA256 = 0x10 IMAGE_TLV_RSA2048 = 0x20 IMAGE_TLV_ECDSA224 = 0x21 IMAGE_TLV_ECDSA256 = 0x22 IMAGE_TLV_RSA3072 = 0x23 IMAGE_TLV_ED25519 = 0x24 IMAGE_TLV_ENC_RSA = 0x30 IMAGE_TLV_ENC_KEK = 0x31 IMAGE_TLV_ENC_EC256 = 0x32 IMAGE_TLV_AES_NONCE_LEGACY = 0x50 IMAGE_TLV_SECRET_ID_LEGACY = 0x60 IMAGE_TLV_AES_NONCE = 0xa1 IMAGE_TLV_SECRET_ID = 0xa2 IMAGE_TLV_SECTION = 0xa3 )
* Image trailer TLV types.
const ( IMAGEv1_F_PIC = 0x00000001 IMAGEv1_F_SHA256 = 0x00000002 /* Image contains hash TLV */ IMAGEv1_F_PKCS15_RSA2048_SHA256 = 0x00000004 /* PKCS15 w/RSA2048 and SHA256 */ IMAGEv1_F_ECDSA224_SHA256 = 0x00000008 /* ECDSA224 over SHA256 */ IMAGEv1_F_NON_BOOTABLE = 0x00000010 /* non bootable image */ IMAGEv1_F_ECDSA256_SHA256 = 0x00000020 /* ECDSA256 over SHA256 */ IMAGEv1_F_PKCS1_PSS_RSA2048_SHA256 = 0x00000040 /* RSA-PSS w/RSA2048 and SHA256 */ )
const ( IMAGEv1_TLV_SHA256 = 1 IMAGEv1_TLV_RSA2048 = 2 IMAGEv1_TLV_ECDSA224 = 3 IMAGEv1_TLV_ECDSA256 = 4 )
const IMAGEv1_MAGIC = 0x96f3b83c /* Image header magic */
Variables ¶
var UseRsaPss = false
Set this to enable RSA-PSS for RSA signatures, instead of PKCS#1 v1.5. Eventually, this should be the default.
Functions ¶
func GeneratePlainSecret ¶
GeneratePlainSecret randomly generates a 16-byte image-encrypting secret.
func GenerateSig ¶
GenerateSig signs an image.
func GenerateSigEc ¶
func GenerateSigEc(key sec.PrivSignKey, hash []byte) ([]byte, error)
GenerateSig signs an image using an ec key.
func GenerateSigEd25519 ¶ added in v0.0.3
func GenerateSigEd25519(key sec.PrivSignKey, hash []byte) ([]byte, error)
GenerateSig signs an image using an ed25519 key.
func GenerateSigRsa ¶
func GenerateSigRsa(key sec.PrivSignKey, hash []byte) ([]byte, error)
GenerateSig signs an image using an rsa key.
func ImageTlvTypeIsSecret ¶ added in v0.0.2
func ImageTlvTypeIsSig ¶
func ImageTlvTypeIsValid ¶
func ImageTlvTypeName ¶
Types ¶
type Image ¶
func Decrypt ¶ added in v0.0.2
func Decrypt(img Image, privEncKey sec.PrivEncKey) (Image, error)
Decrypt decrypts an image body and strips the "secret" TLV. It does NOT clear the "encrypted" flag in the image header.
func DecryptHw ¶ added in v0.0.17
DecryptHw decrypts a hardware-encrypted image. It does NOT strip the "nonce" or "secret ID" protected TLVs.
func DecryptHwFull ¶ added in v0.0.17
DecryptHw decrypts a hardware-encrypted image and strips the "nonce" and "secret ID" protected TLVs.
func Encrypt ¶ added in v0.0.2
Encrypt encrypts an image body and adds a "secret" TLV. It does NOT set the "encrypted" flag in the image header.
func GenerateImage ¶
func GenerateImage(opts ImageCreateOpts) (Image, error)
GenerateImage produces an Image object from a set of image creation options.
func ParseImage ¶
func (*Image) CalcHash ¶
CalcHash calculates a SHA256 of the given image. initialHash should be nil for non-split-images.
func (*Image) CollectSecret ¶ added in v0.0.2
CollectSecret finds the "secret" TLV in an image and returns its body. It returns nil if there is no "secret" TLV.
func (*Image) CollectSigs ¶
CollectSigs returns a slice of all signatures present in an image's trailer.
func (*Image) ExtractSecret ¶ added in v0.0.2
ExtractSecret finds the "secret" TLV in an image, removes it, and returns its body. It returns nil if there is no "secret" TLV.
func (*Image) FindAllTlvs ¶ added in v0.0.11
func (*Image) FindAllTlvsIf ¶ added in v0.0.11
func (*Image) FindAllUniqueTlv ¶ added in v0.0.11
func (*Image) FindProtTlvIndices ¶ added in v0.0.11
FindProtTlvIndices searches an image for TLVs of the specified type and returns their indices.
func (*Image) FindProtTlvIndicesIf ¶ added in v0.0.11
FindProtTlvIndicesIf searches an image for TLVs satisfying the given predicate and returns their indices.
func (*Image) FindProtTlvs ¶ added in v0.0.11
FindProtTlvs retrieves all TLVs in an image's footer with the specified type.
func (*Image) FindProtTlvsIf ¶ added in v0.0.11
FindTlvIndices searches an image for TLVs satisfying the given predicate and returns them.
func (*Image) FindProtUniqueTlv ¶ added in v0.0.11
FindProtUniqueTlv retrieves a TLV in an image's footer with the specified type. It returns an error if there is more than one TLV with this type.
func (*Image) FindTlvIndices ¶
FindTlvIndices searches an image for TLVs of the specified type and returns their indices.
func (*Image) FindTlvIndicesIf ¶ added in v0.0.2
FindTlvIndicesIf searches an image for TLVs satisfying the given predicate and returns their indices.
func (*Image) FindTlvsIf ¶ added in v0.0.2
FindTlvIndices searches an image for TLVs satisfying the given predicate and returns them.
func (*Image) FindUniqueTlv ¶
FindUniqueTlv retrieves a TLV in an image's footer with the specified type. It returns an error if there is more than one TLV with this type.
func (*Image) HasEncryptionPayload ¶ added in v0.0.23
HasEncryptionPayload indicates whether an image's contains a HW encryption payload.
func (*Image) IsEncrypted ¶ added in v0.0.2
IsEncrypted indicates whether an image's "encrypted" flag is set.
func (*Image) Offsets ¶
func (i *Image) Offsets() (ImageOffsets, error)
Offsets returns the offsets of each of an image's components if it were serialized.
func (*Image) ProtTrailer ¶ added in v0.0.8
func (img *Image) ProtTrailer() ImageTrailer
ProtTrailer constructs a protected ImageTrailer corresponding to the given image.
func (*Image) RemoveProtTlvsIf ¶ added in v0.0.11
RemoveProtTlvsIf removes all TLVs from an image that satisfy the supplied predicate. It returns a slice of the removed TLVs.
func (*Image) RemoveProtTlvsWithType ¶ added in v0.0.11
RemoveProtTlvsWithType removes from an image all TLVs with the specified type. It returns a slice of the removed TLVs.
func (*Image) RemoveTlvsIf ¶
RemoveTlvsIf removes all TLVs from an image that satisfy the supplied predicate. It returns a slice of the removed TLVs.
func (*Image) RemoveTlvsWithType ¶
RemoveTlvsWithType removes from an image all TLVs with the specified type. It returns a slice of the removed TLVs.
func (*Image) Trailer ¶
func (img *Image) Trailer() ImageTrailer
Trailer constructs an ImageTrailer corresponding to the given image.
func (*Image) VerifyHash ¶ added in v0.0.2
func (img *Image) VerifyHash(privEncKeys []sec.PrivEncKey) (int, error)
VerifyHash calculates an image's hash and compares it to the image's SHA256 TLV. If the image is encrypted, this function temporarily decrypts it before calculating the hash. The returned int is the index of the key that was used to decrypt the image, or -1 if none. An error is returned if the hash is incorrect.
func (*Image) VerifyManifest ¶
VerifyManifest compares an image's structure to its manifest. It returns an error if the image doesn't match the manifest.
func (*Image) VerifySigs ¶ added in v0.0.2
func (img *Image) VerifySigs(keys []sec.PubSignKey) (int, error)
VerifySigs checks an image's attached signatures against the provided set of keys. It succeeds if the image has no signatures or if any signature can be verified. The returned int is the index of the key that was used to verify a signature, or -1 if none. An error is returned if there is at least one signature and they all fail the check.
func (*Image) VerifyStructure ¶ added in v0.0.2
VerifyStructure checks an image's structure for internal consistency. It returns an error if the image is incorrect.
func (*Image) WritePlusOffsets ¶
func (i *Image) WritePlusOffsets(w io.Writer) (ImageOffsets, error)
WritePlusOffsets writes a binary image to the given writer. It returns the offsets of the image components that got written.
func (*Image) WriteToFile ¶
WriteToFile writes a Mynewt image to a file.
type ImageCreateOpts ¶
type ImageCreator ¶
type ImageCreator struct { Body []byte Version ImageVersion SigKeys []sec.PrivSignKey Sections []Section HWKeyIndex int Nonce []byte PlainSecret []byte CipherSecret []byte HeaderSize int InitialHash []byte Bootable bool UseLegacyTLV bool }
func NewImageCreator ¶
func NewImageCreator() ImageCreator
func (*ImageCreator) Create ¶
func (ic *ImageCreator) Create() (Image, error)
Create produces an Image object.
func (*ImageCreator) CreateV1 ¶
func (ic *ImageCreator) CreateV1() (ImageV1, error)
type ImageHdr ¶
type ImageHdrV1 ¶
type ImageOffsets ¶
type ImageTlv ¶
type ImageTlv struct { Header ImageTlvHdr Data []byte }
func BuildKeyHashTlv ¶
BuildKeyHash produces a key-hash TLV given a public verification key. Users do not normally need to call this. Call BuildSigTlvs instead.
func BuildSigTlvs ¶
func BuildSigTlvs(keys []sec.PrivSignKey, hash []byte) ([]ImageTlv, error)
BuildSigTlvs signs an image and creates a pair of TLVs representing the signature.
func GenerateEncTlv ¶
GenerateEncTlv creates an encryption-secret TLV given a secret.
func GenerateHWKeyIndexTLV ¶ added in v0.0.6
GenerateHWKeyIndexTLV creates a hardware key index TLV.
func GenerateNonceTLV ¶ added in v0.0.6
GenerateNonceTLV creates a nonce TLV given a nonce.
func GenerateSectionTlv ¶ added in v0.0.20
GenerateEncTlv creates an encryption-secret TLV given a secret.
type ImageTlvHdr ¶
type ImageTrailer ¶
func (*ImageTrailer) Map ¶
func (t *ImageTrailer) Map(offset int) map[string]interface{}
type ImageV1 ¶
type ImageV1 struct { Header ImageHdrV1 Body []byte Tlvs []ImageTlv }
func GenerateV1Image ¶
func GenerateV1Image(opts ImageCreateOpts) (ImageV1, error)
func (*ImageV1) Offsets ¶
func (img *ImageV1) Offsets() (ImageOffsets, error)
func (*ImageV1) WritePlusOffsets ¶
func (img *ImageV1) WritePlusOffsets(w io.Writer) (ImageOffsets, error)
type ImageVersion ¶
func ParseVersion ¶
func ParseVersion(versStr string) (ImageVersion, error)
ParseVersion parses an image version string (e.g., "1.2.3.4")
func (ImageVersion) String ¶
func (ver ImageVersion) String() string