Merge pull request #30 from agross-korg/support-legacy-tlvs
image: Support legacy TLV values via option
diff --git a/image/create.go b/image/create.go
index 176c085..129baaa 100644
--- a/image/create.go
+++ b/image/create.go
@@ -49,6 +49,7 @@
HeaderSize int
InitialHash []byte
Bootable bool
+ UseLegacyTLV bool
}
type ImageCreateOpts struct {
@@ -61,6 +62,7 @@
LoaderHash []byte
HdrPad int
ImagePad int
+ UseLegacyTLV bool
}
type ECDSASig struct {
@@ -103,12 +105,20 @@
}
// GenerateHWKeyIndexTLV creates a hardware key index TLV.
-func GenerateHWKeyIndexTLV(secretIndex uint32) (ImageTlv, error) {
+func GenerateHWKeyIndexTLV(secretIndex uint32, useLegacyTLV bool) (ImageTlv, error) {
+ var tlvType uint8
id := make([]byte, 4)
binary.LittleEndian.PutUint32(id, secretIndex)
+
+ if useLegacyTLV {
+ tlvType = IMAGE_TLV_SECRET_ID_LEGACY
+ } else {
+ tlvType = IMAGE_TLV_SECRET_ID
+ }
+
return ImageTlv{
Header: ImageTlvHdr{
- Type: IMAGE_TLV_SECRET_ID,
+ Type: tlvType,
Pad: 0,
Len: uint16(len(id)),
},
@@ -117,10 +127,18 @@
}
// GenerateNonceTLV creates a nonce TLV given a nonce.
-func GenerateNonceTLV(nonce []byte) (ImageTlv, error) {
+func GenerateNonceTLV(nonce []byte, useLegacyTLV bool) (ImageTlv, error) {
+ var tlvType uint8
+
+ if useLegacyTLV {
+ tlvType = IMAGE_TLV_AES_NONCE_LEGACY
+ } else {
+ tlvType = IMAGE_TLV_AES_NONCE
+ }
+
return ImageTlv{
Header: ImageTlvHdr{
- Type: IMAGE_TLV_AES_NONCE,
+ Type: tlvType,
Pad: 0,
Len: uint16(len(nonce)),
},
@@ -154,17 +172,17 @@
// GenerateEncTlv creates an encryption-secret TLV given a secret.
func GenerateSectionTlv(section Section) (ImageTlv, error) {
- data := make([]byte, 8 + len(section.Name))
+ data := make([]byte, 8+len(section.Name))
binary.LittleEndian.PutUint32(data[0:], uint32(section.Offset))
binary.LittleEndian.PutUint32(data[4:], uint32(section.Size))
copy(data[8:], section.Name)
- return ImageTlv {
+ return ImageTlv{
Header: ImageTlvHdr{
Type: IMAGE_TLV_SECTION,
- Pad: 0,
- Len: uint16(len(data)),
+ Pad: 0,
+ Len: uint16(len(data)),
},
Data: data,
}, nil
@@ -337,6 +355,7 @@
ic.SigKeys = opts.SigKeys
ic.HWKeyIndex = opts.SrcEncKeyIndex
ic.Sections = opts.Sections
+ ic.UseLegacyTLV = opts.UseLegacyTLV
if opts.LoaderHash != nil {
ic.InitialHash = opts.LoaderHash
@@ -509,13 +528,14 @@
}
if ic.HWKeyIndex >= 0 {
- tlv, err := GenerateHWKeyIndexTLV(uint32(ic.HWKeyIndex))
+ tlv, err := GenerateHWKeyIndexTLV(uint32(ic.HWKeyIndex),
+ ic.UseLegacyTLV)
if err != nil {
return img, err
}
img.ProtTlvs = append(img.ProtTlvs, tlv)
- tlv, err = GenerateNonceTLV(ic.Nonce)
+ tlv, err = GenerateNonceTLV(ic.Nonce, ic.UseLegacyTLV)
if err != nil {
return img, err
}
diff --git a/image/image.go b/image/image.go
index 7defa38..9aa775f 100644
--- a/image/image.go
+++ b/image/image.go
@@ -750,9 +750,15 @@
tlvs := dup.FindProtTlvs(IMAGE_TLV_AES_NONCE)
if len(tlvs) != 1 {
- return dup, errors.Errorf(
- "failed to decrypt hw-encrypted image: "+
- "wrong count of AES nonce TLVs; have=%d want=1", len(tlvs))
+ // try to find legacy TLV
+ tlvs := dup.FindProtTlvs(IMAGE_TLV_AES_NONCE_LEGACY)
+
+ if len(tlvs) != 1 {
+
+ return dup, errors.Errorf(
+ "failed to decrypt hw-encrypted image: "+
+ "wrong count of AES nonce TLVs; have=%d want=1", len(tlvs))
+ }
}
nonce := tlvs[0].Data
@@ -778,6 +784,8 @@
img.RemoveProtTlvsWithType(IMAGE_TLV_AES_NONCE)
img.RemoveProtTlvsWithType(IMAGE_TLV_SECRET_ID)
+ img.RemoveProtTlvsWithType(IMAGE_TLV_AES_NONCE_LEGACY)
+ img.RemoveProtTlvsWithType(IMAGE_TLV_SECRET_ID_LEGACY)
return img, nil
}
