New command: image decrypthw
diff --git a/cli/image_cmds.go b/cli/image_cmds.go
index a4ea984..882277b 100644
--- a/cli/image_cmds.go
+++ b/cli/image_cmds.go
@@ -492,6 +492,39 @@
}
}
+func runDecryptHwCmd(cmd *cobra.Command, args []string) {
+ if len(args) < 2 {
+ ImgmodUsage(cmd, nil)
+ }
+
+ imgFilename := args[0]
+ secretFilename := args[1]
+
+ outFilename, err := CalcOutFilename(imgFilename)
+ if err != nil {
+ ImgmodUsage(cmd, err)
+ }
+
+ img, err := readImage(imgFilename)
+ if err != nil {
+ ImgmodUsage(cmd, err)
+ }
+
+ secretBytes, err := ioutil.ReadFile(secretFilename)
+ if err != nil {
+ ImgmodUsage(cmd, errors.Wrapf(err, "error reading secret file"))
+ }
+
+ img, err = iimg.DecryptImageHw(img, secretBytes)
+ if err != nil {
+ ImgmodUsage(nil, err)
+ }
+
+ if err := writeImage(img, outFilename); err != nil {
+ ImgmodUsage(nil, err)
+ }
+}
+
func runEncryptCmd(cmd *cobra.Command, args []string) {
if len(args) < 2 {
ImgmodUsage(cmd, nil)
@@ -733,6 +766,21 @@
Run: runDecryptFullCmd,
}
+ decryptHwCmd := &cobra.Command{
+ Use: "decrypthw <image> <aes-secret>",
+ Short: "Decrypts an hardware-encrypted Mynewt image file",
+ Long: "Decrypts the body of a hardware-encrypted Mynewt image file and " +
+ "removes the encryption TLVs. The aes-secret can be 64-encoded " +
+ "or raw.",
+ Run: runDecryptHwCmd,
+ }
+
+ decryptHwCmd.PersistentFlags().StringVarP(&OptOutFilename, "outfile", "o",
+ "", "File to write to")
+ decryptHwCmd.PersistentFlags().BoolVarP(&OptInPlace, "inplace", "i", false,
+ "Replace input file")
+ imageCmd.AddCommand(decryptHwCmd)
+
decryptFullCmd.PersistentFlags().StringVarP(&OptOutFilename, "outfile", "o",
"", "File to write to")
decryptFullCmd.PersistentFlags().BoolVarP(&OptInPlace, "inplace", "i", false,
diff --git a/iimg/iimg.go b/iimg/iimg.go
index d4e7c9a..9fc53fd 100644
--- a/iimg/iimg.go
+++ b/iimg/iimg.go
@@ -20,6 +20,7 @@
package iimg
import (
+ "encoding/base64"
"encoding/hex"
"fmt"
"strings"
@@ -181,6 +182,16 @@
return img, nil
}
+func DecryptImageHw(img image.Image, secretBytes []byte) (image.Image, error) {
+ secret, err := base64.StdEncoding.DecodeString(string(secretBytes))
+ if err != nil {
+ // Not base64 encoded. Assume this is a raw AES secret.
+ secret = secretBytes
+ }
+
+ return image.DecryptHw(img, secret)
+}
+
func EncryptImage(img image.Image, pubKeBytes []byte) (image.Image, error) {
key, err := sec.ParsePubEncKey(pubKeBytes)
if err != nil {