You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mynewt.apache.org by GitBox <gi...@apache.org> on 2021/07/29 16:19:19 UTC

[GitHub] [mynewt-artifact] ccollins476ad commented on a change in pull request #32: Support Hardware Encryption is isEncrypted function

ccollins476ad commented on a change in pull request #32:
URL: https://github.com/apache/mynewt-artifact/pull/32#discussion_r679300433



##########
File path: image/image.go
##########
@@ -790,7 +790,18 @@ func DecryptHwFull(img Image, secret []byte) (Image, error) {
 	return img, nil
 }
 
-// IsEncrypted indicates whether an image's "encrypted" flag is set.
+// IsEncrypted indicates whether an image's "encrypted" flag is set or hw encryption is used.
 func (img *Image) IsEncrypted() bool {
-	return img.Header.Flags&IMAGE_F_ENCRYPTED != 0
+	enc := false
+	if img.Header.Flags&IMAGE_F_ENCRYPTED != 0 {
+		enc = true
+	} else {
+		for _, tlv := range img.ProtTlvs {
+			if tlv.Header.Type&IMAGE_TLV_SECRET_ID_LEGACY != 0 || tlv.Header.Type&IMAGE_TLV_SECRET_ID != 0 {
+				enc = true
+			}
+		}

Review comment:
       `tlv.Header.Type` is a regular integer, not a bitmap.  So you should compare it with the constant directly using `==` rather than `&`.
   
   But I think it would be easier to just use the "find" functions that already exist.  That suggestion is up to you though.
   
   Are you sure this doesn't break anything?  I remember there being some tricky image types that used encryption, but whose encrypted flag was unset.  I recall it being important that these images appeared unencrypted during some parts of the image production process.  It has been a long time since I've looked at any of this, so I could definitely be wrong.  If you say it works, I'll take your word for it.
    
   ```suggestion
   			if img.FindAllUniqueTlv(IMAGE_TLV_SECRET_ID_LEGACY) != nil || img.FindAllUniqueTlv(IMAGE_TLV_SECRET_ID) != nil {
   			    enc = true
   			}
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@mynewt.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org