You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by cc...@apache.org on 2018/11/14 18:11:06 UTC
[mynewt-newt] branch master updated (88ad5de -> 9041b05)
This is an automated email from the ASF dual-hosted git repository.
ccollins pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-newt.git.
from 88ad5de resolve: Prune orphan packages during dep resolutn
new 1831dd3 Some cosmetic changes
new 426c006 Support arbitrary lists of signing keys
new 9041b05 Allow key list to be specified in `newt run`.
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
newt/builder/build.go | 17 +-
newt/builder/targetbuild.go | 6 +-
newt/cli/image_cmds.go | 49 ++--
newt/cli/run_cmds.go | 15 +-
newt/image/image.go | 702 +++++++++++++++++++++++---------------------
5 files changed, 425 insertions(+), 364 deletions(-)
[mynewt-newt] 02/03: Support arbitrary lists of signing keys
Posted by cc...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ccollins pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-newt.git
commit 426c006c3b9229f3cda4a84605f112e10f1e1458
Author: Christopher Collins <cc...@apache.org>
AuthorDate: Mon Nov 12 12:41:02 2018 -0800
Support arbitrary lists of signing keys
Prior to this commit, newt allowed one RSA key and / or one ECC key per
image.
This commit allows images to be signed by an arbitrary list of keys
(e.g., 3 RSA keys and 2 ECC keys).
---
newt/builder/build.go | 12 +-
newt/builder/targetbuild.go | 6 +-
newt/cli/image_cmds.go | 49 +++--
newt/image/image.go | 513 ++++++++++++++++++++++++--------------------
4 files changed, 318 insertions(+), 262 deletions(-)
diff --git a/newt/builder/build.go b/newt/builder/build.go
index 9336465..9db2213 100644
--- a/newt/builder/build.go
+++ b/newt/builder/build.go
@@ -794,7 +794,8 @@ func (b *Builder) buildRomElf(common *symbol.SymbolMap) error {
}
func (b *Builder) CreateImage(version string,
- keystr string, keyId uint8, loaderImg *image.Image) (*image.Image, error) {
+ keystrs []string, keyId uint8,
+ loaderImg *image.Image) (*image.Image, error) {
img, err := image.NewImage(b.AppBinPath(), b.AppImgPath())
if err != nil {
@@ -806,9 +807,12 @@ func (b *Builder) CreateImage(version string,
return nil, err
}
- if keystr != "" {
- err = img.SetSigningKey(keystr, keyId)
- if err != nil {
+ if len(keystrs) == 1 {
+ if err := img.SetKeyV1(keystrs[0], keyId); err != nil {
+ return nil, err
+ }
+ } else {
+ if err := img.SetKeys(keystrs); err != nil {
return nil, err
}
}
diff --git a/newt/builder/targetbuild.go b/newt/builder/targetbuild.go
index 9ee7317..f5fa8e6 100644
--- a/newt/builder/targetbuild.go
+++ b/newt/builder/targetbuild.go
@@ -867,7 +867,7 @@ func (t *TargetBuilder) verifyImgSizes(li *image.Image, ai *image.Image) error {
// @return app-image, loader-image, error
func (t *TargetBuilder) CreateImages(version string,
- keystr string, keyId uint8) (*image.Image, *image.Image, error) {
+ keystrs []string, keyId uint8) (*image.Image, *image.Image, error) {
if err := t.Build(); err != nil {
return nil, nil, err
@@ -883,7 +883,7 @@ func (t *TargetBuilder) CreateImages(version string,
}
if t.LoaderBuilder != nil {
- loaderImg, err = t.LoaderBuilder.CreateImage(version, keystr, keyId,
+ loaderImg, err = t.LoaderBuilder.CreateImage(version, keystrs, keyId,
nil)
if err != nil {
return nil, nil, err
@@ -900,7 +900,7 @@ func (t *TargetBuilder) CreateImages(version string,
}
}
- appImg, err = t.AppBuilder.CreateImage(version, keystr, keyId, loaderImg)
+ appImg, err = t.AppBuilder.CreateImage(version, keystrs, keyId, loaderImg)
if err != nil {
return nil, nil, err
}
diff --git a/newt/cli/image_cmds.go b/newt/cli/image_cmds.go
index 3063d3e..73459ed 100644
--- a/newt/cli/image_cmds.go
+++ b/newt/cli/image_cmds.go
@@ -32,9 +32,28 @@ import (
var useV1 bool
var useV2 bool
+func parseKeyArgs(args []string) ([]string, uint8, error) {
+ if len(args) == 0 {
+ return nil, 0, nil
+ }
+
+ if len(args) == 1 {
+ return args, 0, nil
+ }
+
+ if image.UseV1 {
+ keyId64, err := strconv.ParseUint(args[1], 10, 8)
+ if err != nil {
+ return nil, 0, util.NewNewtError("Key ID must be between 0-255")
+ }
+ return args[:1], uint8(keyId64), nil
+ }
+
+ return args, 0, nil
+}
+
func createImageRunCmd(cmd *cobra.Command, args []string) {
var keyId uint8
- var keystr string
if len(args) < 2 {
NewtUsage(cmd, util.NewNewtError("Must specify target and version"))
@@ -59,26 +78,18 @@ func createImageRunCmd(cmd *cobra.Command, args []string) {
version := args[1]
- if len(args) > 2 {
- if len(args) > 3 {
- keyId64, err := strconv.ParseUint(args[3], 10, 8)
- if err != nil {
- NewtUsage(cmd,
- util.NewNewtError("Key ID must be between 0-255"))
- }
- keyId = uint8(keyId64)
- }
- keystr = args[2]
- }
-
b, err := builder.NewTargetBuilder(t)
if err != nil {
NewtUsage(nil, err)
}
- if _, _, err := b.CreateImages(version, keystr, keyId); err != nil {
+ keystrs, keyId, err := parseKeyArgs(args[2:])
+ if err != nil {
+ NewtUsage(cmd, err)
+ }
+
+ if _, _, err := b.CreateImages(version, keystrs, keyId); err != nil {
NewtUsage(nil, err)
- return
}
}
@@ -116,7 +127,7 @@ func resignImageRunCmd(cmd *cobra.Command, args []string) {
keyId = uint8(keyId64)
}
keystr = args[1]
- err = img.SetSigningKey(keystr, keyId)
+ err = img.SetKeyV1(keystr, keyId)
if err != nil {
NewtUsage(nil, err)
return
@@ -151,10 +162,12 @@ func AddImageCommands(cmd *cobra.Command) {
createImageHelpEx := " newt create-image my_target1 1.3.0\n"
createImageHelpEx += " newt create-image my_target1 1.3.0.3\n"
createImageHelpEx += " newt create-image my_target1 1.3.0.3 private.pem\n"
- createImageHelpEx += " newt create-image my_target1 1.3.0.3 private.pem 5\n"
+ createImageHelpEx +=
+ " newt create-image -2 my_target1 1.3.0.3 private-1.pem private-2.pem\n"
createImageCmd := &cobra.Command{
- Use: "create-image <target-name> <version> [signing-key [key-id]]",
+ Use: "create-image <target-name> <version> [signing-key-1] " +
+ "[signing-key-2] [...]",
Short: "Add image header to target binary",
Long: createImageHelpText,
Example: createImageHelpEx,
diff --git a/newt/image/image.go b/newt/image/image.go
index 557448b..278804e 100644
--- a/newt/image/image.go
+++ b/newt/image/image.go
@@ -67,13 +67,18 @@ type ImageVersion struct {
BuildNum uint32
}
+type ImageKey struct {
+ // Only one of these members is non-nil.
+ Rsa *rsa.PrivateKey
+ Ec *ecdsa.PrivateKey
+}
+
type Image struct {
SourceBin string
SourceImg string
TargetImg string
Version ImageVersion
- SigningRSA *rsa.PrivateKey
- SigningEC *ecdsa.PrivateKey
+ Keys []ImageKey
KeyId uint8
Hash []byte
SrcSkip uint // Number of bytes to skip from the source image.
@@ -367,77 +372,115 @@ func ParsePrivateKey(keyBytes []byte) (interface{}, error) {
return privKey, nil
}
-func (image *Image) SetSigningKey(fileName string, keyId uint8) error {
- keyBytes, err := ioutil.ReadFile(fileName)
+func readKey(filename string) (ImageKey, error) {
+ key := ImageKey{}
+
+ keyBytes, err := ioutil.ReadFile(filename)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Error reading key file: %s", err))
+ return key, util.FmtNewtError("Error reading key file: %s", err)
}
- image.KeyId = keyId
privKey, err := ParsePrivateKey(keyBytes)
if err != nil {
- return err
+ return key, err
}
switch priv := privKey.(type) {
case *rsa.PrivateKey:
- image.SigningRSA = priv
+ key.Rsa = priv
case *ecdsa.PrivateKey:
- image.SigningEC = priv
+ key.Ec = priv
default:
- return util.NewNewtError("Unknown private key format")
+ return key, util.NewNewtError("Unknown private key format")
+ }
+
+ return key, nil
+}
+
+func (key *ImageKey) assertValid() {
+ if key.Rsa == nil && key.Ec == nil {
+ panic("invalid key; neither RSA nor ECC")
+ }
+
+ if key.Rsa != nil && key.Ec != nil {
+ panic("invalid key; neither RSA nor ECC")
+ }
+}
+
+func (image *Image) SetKeys(filenames []string) error {
+ for _, filename := range filenames {
+ key, err := readKey(filename)
+ if err != nil {
+ return err
+ }
+
+ image.Keys = append(image.Keys, key)
}
return nil
}
-func (image *Image) sigHdrTypeV1() (uint32, error) {
- if image.SigningRSA != nil {
+func (image *Image) SetKeyV1(filename string, keyId uint8) error {
+ key, err := readKey(filename)
+ if err != nil {
+ return err
+ }
+
+ image.KeyId = keyId
+ image.Keys = []ImageKey{key}
+
+ return nil
+}
+
+func (key *ImageKey) sigHdrTypeV1() (uint32, error) {
+ key.assertValid()
+
+ if key.Rsa != nil {
if UseRsaPss {
return IMAGEv1_F_PKCS1_PSS_RSA2048_SHA256, nil
} else {
return IMAGEv1_F_PKCS15_RSA2048_SHA256, nil
}
- } else if image.SigningEC != nil {
- switch image.SigningEC.Curve.Params().Name {
+ } else {
+ switch key.Ec.Curve.Params().Name {
case "P-224":
return IMAGEv1_F_ECDSA224_SHA256, nil
case "P-256":
return IMAGEv1_F_ECDSA256_SHA256, nil
default:
- return 0, util.NewNewtError("Unsupported ECC curve")
+ return 0, util.FmtNewtError("Unsupported ECC curve")
}
- } else {
- return 0, nil
}
}
-func (image *Image) sigKeyHash() ([]uint8, error) {
- if image.SigningRSA != nil {
- pubkey, _ := asn1.Marshal(image.SigningRSA.PublicKey)
+func (key *ImageKey) sigKeyHash() ([]uint8, error) {
+ key.assertValid()
+
+ if key.Rsa != nil {
+ pubkey, _ := asn1.Marshal(key.Rsa.PublicKey)
sum := sha256.Sum256(pubkey)
return sum[:4], nil
- } else if image.SigningEC != nil {
- switch image.SigningEC.Curve.Params().Name {
+ } else {
+ switch key.Ec.Curve.Params().Name {
case "P-224":
fallthrough
case "P-256":
- pubkey, _ := x509.MarshalPKIXPublicKey(&image.SigningEC.PublicKey)
+ pubkey, _ := x509.MarshalPKIXPublicKey(&key.Ec.PublicKey)
sum := sha256.Sum256(pubkey)
return sum[:4], nil
default:
- return []uint8{}, util.NewNewtError("Unsupported ECC curve")
+ return nil, util.NewNewtError("Unsupported ECC curve")
}
- } else {
- return []uint8{}, util.NewNewtError("No public key to hash")
}
}
-func (image *Image) sigLen() uint16 {
- if image.SigningRSA != nil {
+func (key *ImageKey) sigLen() uint16 {
+ key.assertValid()
+
+ if key.Rsa != nil {
return 256
- } else if image.SigningEC != nil {
- switch image.SigningEC.Curve.Params().Name {
+ } else {
+ switch key.Ec.Curve.Params().Name {
case "P-224":
return 68
case "P-256":
@@ -445,42 +488,38 @@ func (image *Image) sigLen() uint16 {
default:
return 0
}
- } else {
- return 0
}
}
-func (image *Image) sigTlvTypeV1() uint8 {
- if image.SigningRSA != nil {
- return IMAGEv1_TLV_RSA2048
- } else if image.SigningEC != nil {
- switch image.SigningEC.Curve.Params().Name {
- case "P-224":
- return IMAGEv1_TLV_ECDSA224
- case "P-256":
- return IMAGEv1_TLV_ECDSA256
- default:
- return 0
- }
- } else {
- return 0
- }
-}
+func (key *ImageKey) sigTlvType() uint8 {
+ key.assertValid()
-func (image *Image) sigTlvType() uint8 {
- if image.SigningRSA != nil {
- return IMAGE_TLV_RSA2048
- } else if image.SigningEC != nil {
- switch image.SigningEC.Curve.Params().Name {
- case "P-224":
- return IMAGE_TLV_ECDSA224
- case "P-256":
- return IMAGE_TLV_ECDSA256
- default:
- return 0
+ if UseV1 {
+ if key.Rsa != nil {
+ return IMAGEv1_TLV_RSA2048
+ } else {
+ switch key.Ec.Curve.Params().Name {
+ case "P-224":
+ return IMAGEv1_TLV_ECDSA224
+ case "P-256":
+ return IMAGEv1_TLV_ECDSA256
+ default:
+ return 0
+ }
}
} else {
- return 0
+ if key.Rsa != nil {
+ return IMAGE_TLV_RSA2048
+ } else {
+ switch key.Ec.Curve.Params().Name {
+ case "P-224":
+ return IMAGE_TLV_ECDSA224
+ case "P-256":
+ return IMAGE_TLV_ECDSA256
+ default:
+ return 0
+ }
+ }
}
}
@@ -568,6 +607,151 @@ func (image *Image) ReSign() error {
return image.Generate(nil)
}
+func generateSigRsa(key *rsa.PrivateKey, hash []byte) ([]byte, error) {
+ var signature []byte
+ var err error
+
+ if UseRsaPss || !UseV1 {
+ opts := rsa.PSSOptions{
+ SaltLength: rsa.PSSSaltLengthEqualsHash,
+ }
+ signature, err = rsa.SignPSS(
+ rand.Reader, key, crypto.SHA256, hash, &opts)
+ } else {
+ signature, err = rsa.SignPKCS1v15(
+ rand.Reader, key, crypto.SHA256, hash)
+ }
+ if err != nil {
+ return nil, util.FmtNewtError("Failed to compute signature: %s", err)
+ }
+
+ return signature, nil
+}
+
+func generateSigEc(key *ecdsa.PrivateKey, hash []byte) ([]byte, error) {
+ r, s, err := ecdsa.Sign(rand.Reader, key, hash)
+ if err != nil {
+ return nil, util.FmtNewtError("Failed to compute signature: %s", err)
+ }
+
+ ECDSA := ECDSASig{
+ R: r,
+ S: s,
+ }
+
+ signature, err := asn1.Marshal(ECDSA)
+ if err != nil {
+ return nil, util.FmtNewtError("Failed to construct signature: %s", err)
+ }
+
+ return signature, nil
+}
+
+func generateSigTlvRsa(key ImageKey, hash []byte) ([]byte, error) {
+ tlv := &ImageTrailerTlv{
+ Type: key.sigTlvType(),
+ Pad: 0,
+ Len: 256, /* 2048 bits */
+ }
+
+ sig, err := generateSigRsa(key.Rsa, hash)
+ if err != nil {
+ return nil, err
+ }
+
+ b := &bytes.Buffer{}
+
+ err = binary.Write(b, binary.LittleEndian, tlv)
+ if err != nil {
+ return nil, util.FmtNewtError(
+ "Failed to serialize image trailer: %s", err.Error())
+ }
+ _, err = b.Write(sig)
+ if err != nil {
+ return nil, util.FmtNewtError(
+ "Failed to append sig: %s", err.Error())
+ }
+
+ return b.Bytes(), nil
+}
+
+func generateSigTlvEc(key ImageKey, hash []byte) ([]byte, error) {
+ sig, err := generateSigEc(key.Ec, hash)
+ if err != nil {
+ return nil, err
+ }
+
+ sigLen := key.sigLen()
+ if len(sig) > int(sigLen) {
+ return nil, util.FmtNewtError("Something is really wrong\n")
+ }
+
+ tlv := &ImageTrailerTlv{
+ Type: key.sigTlvType(),
+ Pad: 0,
+ Len: sigLen,
+ }
+
+ b := &bytes.Buffer{}
+
+ if err := binary.Write(b, binary.LittleEndian, tlv); err != nil {
+ return nil, util.FmtNewtError(
+ "Failed to serialize image trailer: %s", err.Error())
+ }
+
+ if _, err := b.Write(sig); err != nil {
+ return nil, util.FmtNewtError("Failed to append sig: %s", err.Error())
+ }
+
+ pad := make([]byte, int(sigLen)-len(sig))
+ if _, err := b.Write(pad); err != nil {
+ return nil, util.FmtNewtError(
+ "Failed to serialize image trailer: %s", err.Error())
+ }
+
+ return b.Bytes(), nil
+}
+
+func generateSigTlv(key ImageKey, hash []byte) ([]byte, error) {
+ key.assertValid()
+
+ if key.Rsa != nil {
+ return generateSigTlvRsa(key, hash)
+ } else {
+ return generateSigTlvEc(key, hash)
+ }
+}
+
+func generateKeyHashTlv(key ImageKey) ([]byte, error) {
+ key.assertValid()
+
+ keyHash, err := key.sigKeyHash()
+ if err != nil {
+ return nil, util.FmtNewtError(
+ "Failed to compute hash of the public key: %s", err.Error())
+ }
+
+ tlv := &ImageTrailerTlv{
+ Type: IMAGE_TLV_KEYHASH,
+ Pad: 0,
+ Len: uint16(len(keyHash)),
+ }
+
+ b := &bytes.Buffer{}
+
+ if err := binary.Write(b, binary.LittleEndian, tlv); err != nil {
+ return nil, util.FmtNewtError(
+ "Failed to serial image trailer: %s", err.Error())
+ }
+
+ if _, err := b.Write(keyHash); err != nil {
+ return nil, util.FmtNewtError(
+ "Failed to append key hash: %s", err.Error())
+ }
+
+ return b.Bytes(), nil
+}
+
func (image *Image) generateV1(loader *Image) error {
binFile, err := os.Open(image.SourceBin)
if err != nil {
@@ -618,15 +802,13 @@ func (image *Image) generateV1(loader *Image) error {
Pad3: 0,
}
- hdr.Flags, err = image.sigHdrTypeV1()
- if err != nil {
- return err
- }
- if hdr.Flags != 0 {
- /*
- * Signature present
- */
- hdr.TlvSz = 4 + image.sigLen()
+ if len(image.Keys) > 0 {
+ hdr.Flags, err = image.Keys[0].sigHdrTypeV1()
+ if err != nil {
+ return err
+ }
+
+ hdr.TlvSz = 4 + image.Keys[0].sigLen()
hdr.KeyId = image.KeyId
}
@@ -747,87 +929,18 @@ func (image *Image) generateV1(loader *Image) error {
}
_, err = imgFile.Write(image.Hash)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to append hash: %s",
- err.Error()))
- }
-
- if image.SigningRSA != nil {
- /*
- * If signing key was set, generate TLV for that.
- */
- tlv := &ImageTrailerTlv{
- Type: IMAGEv1_TLV_RSA2048,
- Pad: 0,
- Len: 256, /* 2048 bits */
- }
- var signature []byte
- if UseRsaPss {
- opts := rsa.PSSOptions{
- SaltLength: rsa.PSSSaltLengthEqualsHash,
- }
- signature, err = rsa.SignPSS(rand.Reader, image.SigningRSA,
- crypto.SHA256, image.Hash, &opts)
- } else {
- signature, err = rsa.SignPKCS1v15(rand.Reader, image.SigningRSA,
- crypto.SHA256, image.Hash)
- }
- if err != nil {
- return util.NewNewtError(fmt.Sprintf(
- "Failed to compute signature: %s", err))
- }
-
- err = binary.Write(imgFile, binary.LittleEndian, tlv)
- if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to serialize image "+
- "trailer: %s", err.Error()))
- }
- _, err = imgFile.Write(signature)
- if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to append sig: %s",
- err.Error()))
- }
+ return util.FmtNewtError(
+ "Failed to append hash: %s", err.Error())
}
- if image.SigningEC != nil {
- r, s, err := ecdsa.Sign(rand.Reader, image.SigningEC, image.Hash)
- if err != nil {
- return util.NewNewtError(fmt.Sprintf(
- "Failed to compute signature: %s", err))
- }
- sigLen := image.sigLen()
-
- var ECDSA ECDSASig
- ECDSA.R = r
- ECDSA.S = s
- signature, err := asn1.Marshal(ECDSA)
- if err != nil {
- return util.NewNewtError(fmt.Sprintf(
- "Failed to construct signature: %s", err))
- }
- if len(signature) > int(sigLen) {
- return util.NewNewtError(fmt.Sprintf(
- "Something is really wrong\n"))
- }
- tlv := &ImageTrailerTlv{
- Type: image.sigTlvTypeV1(),
- Pad: 0,
- Len: sigLen,
- }
- err = binary.Write(imgFile, binary.LittleEndian, tlv)
- if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to serialize image "+
- "trailer: %s", err.Error()))
- }
- _, err = imgFile.Write(signature)
+ if len(image.Keys) > 0 {
+ tlvBytes, err := generateSigTlv(image.Keys[0], image.Hash)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to append sig: %s",
- err.Error()))
+ return err
}
- pad := make([]byte, int(sigLen)-len(signature))
- _, err = imgFile.Write(pad)
- if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to serialize image "+
- "trailer: %s", err.Error()))
+ if _, err := imgFile.Write(tlvBytes); err != nil {
+ return util.FmtNewtError(
+ "Failed to append sig TLV: %s", err.Error())
}
}
@@ -1099,110 +1212,36 @@ func (image *Image) generateV2(loader *Image) error {
}
err = binary.Write(imgFile, binary.LittleEndian, tlv)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to serialize image "+
- "trailer: %s", err.Error()))
+ return util.FmtNewtError("Failed to serialize image "+
+ "trailer: %s", err.Error())
}
_, err = imgFile.Write(image.Hash)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to append hash: %s",
- err.Error()))
+ return util.FmtNewtError("Failed to append hash: %s",
+ err.Error())
}
- if image.SigningRSA != nil || image.SigningEC != nil {
- keyHash, err := image.sigKeyHash()
- if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to compute hash " +
- "of the public key"))
- }
+ for _, key := range image.Keys {
+ key.assertValid()
- tlv = &ImageTrailerTlv{
- Type: IMAGE_TLV_KEYHASH,
- Pad: 0,
- Len: uint16(len(keyHash)),
- }
- err = binary.Write(imgFile, binary.LittleEndian, tlv)
- if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to serial image "+
- "trailer: %s", err.Error()))
- }
- _, err = imgFile.Write(keyHash)
- if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to append "+
- "key hash: %s", err.Error()))
- }
- }
- if image.SigningRSA != nil {
- /*
- * If signing key was set, generate TLV for that.
- */
- tlv := &ImageTrailerTlv{
- Type: IMAGE_TLV_RSA2048,
- Pad: 0,
- Len: 256, /* 2048 bits */
- }
- var signature []byte
- opts := rsa.PSSOptions{
- SaltLength: rsa.PSSSaltLengthEqualsHash,
- }
- signature, err = rsa.SignPSS(rand.Reader, image.SigningRSA,
- crypto.SHA256, image.Hash, &opts)
+ tlvBytes, err := generateKeyHashTlv(key)
if err != nil {
- return util.NewNewtError(fmt.Sprintf(
- "Failed to compute signature: %s", err))
+ return err
}
- err = binary.Write(imgFile, binary.LittleEndian, tlv)
- if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to serialize image "+
- "trailer: %s", err.Error()))
- }
- _, err = imgFile.Write(signature)
- if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to append sig: %s",
- err.Error()))
- }
- }
- if image.SigningEC != nil {
- r, s, err := ecdsa.Sign(rand.Reader, image.SigningEC, image.Hash)
- if err != nil {
- return util.NewNewtError(fmt.Sprintf(
- "Failed to compute signature: %s", err))
+ if _, err = imgFile.Write(tlvBytes); err != nil {
+ return util.FmtNewtError(
+ "Failed to append key hash: %s", err.Error())
}
- sigLen := image.sigLen()
-
- var ECDSA ECDSASig
- ECDSA.R = r
- ECDSA.S = s
- signature, err := asn1.Marshal(ECDSA)
+ tlvBytes, err = generateSigTlv(key, image.Hash)
if err != nil {
- return util.NewNewtError(fmt.Sprintf(
- "Failed to construct signature: %s", err))
+ return err
}
- if len(signature) > int(sigLen) {
- return util.NewNewtError(fmt.Sprintf(
- "Something is really wrong\n"))
- }
- tlv := &ImageTrailerTlv{
- Type: image.sigTlvType(),
- Pad: 0,
- Len: sigLen,
- }
- err = binary.Write(imgFile, binary.LittleEndian, tlv)
- if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to serialize image "+
- "trailer: %s", err.Error()))
- }
- _, err = imgFile.Write(signature)
- if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to append sig: %s",
- err.Error()))
- }
- pad := make([]byte, int(sigLen)-len(signature))
- _, err = imgFile.Write(pad)
- if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to serialize image "+
- "trailer: %s", err.Error()))
+
+ if _, err = imgFile.Write(tlvBytes); err != nil {
+ return util.FmtNewtError(
+ "Failed to append signature: %s", err.Error())
}
}
[mynewt-newt] 01/03: Some cosmetic changes
Posted by cc...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ccollins pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-newt.git
commit 1831dd3621cc0a3dbae22d23a7f43c61992c5209
Author: Christopher Collins <cc...@apache.org>
AuthorDate: Mon Nov 12 12:54:38 2018 -0800
Some cosmetic changes
Run gofmt, use `FmtNewtError()` instead of
`NewNewtError(fmt.Sprintf())`, etc.
---
newt/builder/build.go | 5 +-
newt/image/image.go | 189 ++++++++++++++++++++++++--------------------------
2 files changed, 94 insertions(+), 100 deletions(-)
diff --git a/newt/builder/build.go b/newt/builder/build.go
index ff6d505..9336465 100644
--- a/newt/builder/build.go
+++ b/newt/builder/build.go
@@ -285,7 +285,7 @@ func (b *Builder) newCompiler(bpkg *BuildPackage,
return nil, err
}
- log.Warnf("Unsupported build profile for package, using default build profile " +
+ log.Warnf("Unsupported build profile for package, using default build profile "+
"(pkg=\"%s\" build_profile=\"%s\" OS=\"%s\")",
bpkg.rpkg.Lpkg.FullName(), buildProfile, runtime.GOOS)
@@ -814,8 +814,7 @@ func (b *Builder) CreateImage(version string,
}
img.HeaderSize = uint(b.targetBuilder.target.HeaderSize)
- err = img.Generate(loaderImg)
- if err != nil {
+ if err := img.Generate(loaderImg); err != nil {
return nil, err
}
diff --git a/newt/image/image.go b/newt/image/image.go
index bbc6b5a..557448b 100644
--- a/newt/image/image.go
+++ b/newt/image/image.go
@@ -327,8 +327,8 @@ func ParsePrivateKey(keyBytes []byte) (interface{}, error) {
*/
privKey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
- return nil, util.NewNewtError(fmt.Sprintf("Private key parsing "+
- "failed: %s", err))
+ return nil, util.FmtNewtError(
+ "Private key parsing failed: %s", err)
}
}
if block != nil && block.Type == "EC PRIVATE KEY" {
@@ -337,8 +337,8 @@ func ParsePrivateKey(keyBytes []byte) (interface{}, error) {
*/
privKey, err = x509.ParseECPrivateKey(block.Bytes)
if err != nil {
- return nil, util.NewNewtError(fmt.Sprintf("Private key parsing "+
- "failed: %s", err))
+ return nil, util.FmtNewtError(
+ "Private key parsing failed: %s", err)
}
}
if block != nil && block.Type == "PRIVATE KEY" {
@@ -347,8 +347,8 @@ func ParsePrivateKey(keyBytes []byte) (interface{}, error) {
// the key itself.
privKey, err = x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
- return nil, util.NewNewtError(fmt.Sprintf("Private key parsing "+
- "failed: %s", err))
+ return nil, util.FmtNewtError(
+ "Private key parsing failed: %s", err)
}
}
if block != nil && block.Type == "ENCRYPTED PRIVATE KEY" {
@@ -487,14 +487,14 @@ func (image *Image) sigTlvType() uint8 {
func (image *Image) ReSign() error {
srcImg, err := os.Open(image.SourceImg)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Can't open image file %s: %s",
- image.SourceImg, err.Error()))
+ return util.FmtNewtError("Can't open image file %s: %s",
+ image.SourceImg, err.Error())
}
srcInfo, err := srcImg.Stat()
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Can't stat image file %s: %s",
- image.SourceImg, err.Error()))
+ return util.FmtNewtError("Can't stat image file %s: %s",
+ image.SourceImg, err.Error())
}
var hdr1 ImageHdrV1
@@ -508,15 +508,15 @@ func (image *Image) ReSign() error {
err = binary.Read(srcImg, binary.LittleEndian, &hdr2)
}
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failing to access image %s: %s",
- image.SourceImg, err.Error()))
+ return util.FmtNewtError("Failing to access image %s: %s",
+ image.SourceImg, err.Error())
}
if hdr1.Magic == IMAGEv1_MAGIC {
if uint32(srcInfo.Size()) !=
uint32(hdr1.HdrSz)+hdr1.ImgSz+uint32(hdr1.TlvSz) {
- return util.NewNewtError(fmt.Sprintf("File %s is not an image\n",
- image.SourceImg))
+ return util.FmtNewtError("File %s is not an image\n",
+ image.SourceImg)
}
imgSz = hdr1.ImgSz
hdrSz = hdr1.HdrSz
@@ -527,8 +527,8 @@ func (image *Image) ReSign() error {
hdr1.Vers.BuildNum)
} else if hdr2.Magic == IMAGE_MAGIC {
if uint32(srcInfo.Size()) < uint32(hdr2.HdrSz)+hdr2.ImgSz {
- return util.NewNewtError(fmt.Sprintf("File %s is not an image\n",
- image.SourceImg))
+ return util.FmtNewtError("File %s is not an image\n",
+ image.SourceImg)
}
imgSz = hdr2.ImgSz
hdrSz = hdr2.HdrSz
@@ -538,15 +538,15 @@ func (image *Image) ReSign() error {
hdr2.Vers.Major, hdr2.Vers.Minor, hdr2.Vers.Rev,
hdr2.Vers.BuildNum)
} else {
- return util.NewNewtError(fmt.Sprintf("File %s is not an image\n",
- image.SourceImg))
+ return util.FmtNewtError("File %s is not an image\n",
+ image.SourceImg)
}
srcImg.Seek(int64(hdrSz), 0)
tmpBin, err := ioutil.TempFile("", "")
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Creating temp file failed: %s",
- err.Error()))
+ return util.FmtNewtError("Creating temp file failed: %s",
+ err.Error())
}
tmpBinName := tmpBin.Name()
defer os.Remove(tmpBinName)
@@ -557,8 +557,8 @@ func (image *Image) ReSign() error {
srcImg.Close()
tmpBin.Close()
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Cannot copy to tmpfile %s: %s",
- tmpBin.Name(), err.Error()))
+ return util.FmtNewtError("Cannot copy to tmpfile %s: %s",
+ tmpBin.Name(), err.Error())
}
image.SourceBin = tmpBinName
@@ -571,22 +571,22 @@ func (image *Image) ReSign() error {
func (image *Image) generateV1(loader *Image) error {
binFile, err := os.Open(image.SourceBin)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Can't open app binary: %s",
- err.Error()))
+ return util.FmtNewtError("Can't open app binary: %s",
+ err.Error())
}
defer binFile.Close()
binInfo, err := binFile.Stat()
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Can't stat app binary %s: %s",
- image.SourceBin, err.Error()))
+ return util.FmtNewtError("Can't stat app binary %s: %s",
+ image.SourceBin, err.Error())
}
imgFile, err := os.OpenFile(image.TargetImg,
os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0666)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Can't open target image %s: %s",
- image.TargetImg, err.Error()))
+ return util.FmtNewtError("Can't open target image %s: %s",
+ image.TargetImg, err.Error())
}
defer imgFile.Close()
@@ -598,8 +598,7 @@ func (image *Image) generateV1(loader *Image) error {
if loader != nil {
err = binary.Write(hash, binary.LittleEndian, loader.Hash)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to seed hash: %s",
- err.Error()))
+ return util.FmtNewtError("Failed to seed hash: %s", err.Error())
}
}
@@ -645,7 +644,8 @@ func (image *Image) generateV1(loader *Image) error {
* the image when it is padded.
*/
if image.HeaderSize < IMAGE_HEADER_SIZE {
- return util.NewNewtError(fmt.Sprintf("Image header must be at least %d bytes", IMAGE_HEADER_SIZE))
+ return util.FmtNewtError(
+ "Image header must be at least %d bytes", IMAGE_HEADER_SIZE)
}
hdr.HdrSz = uint16(image.HeaderSize)
@@ -653,13 +653,12 @@ func (image *Image) generateV1(loader *Image) error {
err = binary.Write(imgFile, binary.LittleEndian, hdr)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to serialize image hdr: %s",
- err.Error()))
+ return util.FmtNewtError("Failed to serialize image hdr: %s",
+ err.Error())
}
err = binary.Write(hash, binary.LittleEndian, hdr)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to hash data: %s",
- err.Error()))
+ return util.FmtNewtError("Failed to hash data: %s", err.Error())
}
if image.HeaderSize > IMAGE_HEADER_SIZE {
@@ -671,14 +670,13 @@ func (image *Image) generateV1(loader *Image) error {
_, err = imgFile.Write(buf)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to write padding: %s",
- err.Error()))
+ return util.FmtNewtError(
+ "Failed to write padding: %s", err.Error())
}
_, err = hash.Write(buf)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to hash padding: %s",
- err.Error()))
+ return util.FmtNewtError("Failed to hash padding: %s", err.Error())
}
}
@@ -689,8 +687,8 @@ func (image *Image) generateV1(loader *Image) error {
buf := make([]byte, image.SrcSkip)
_, err = binFile.Read(buf)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to read from %s: %s",
- image.SourceBin, err.Error()))
+ return util.FmtNewtError(
+ "Failed to read from %s: %s", image.SourceBin, err.Error())
}
nonZero := false
@@ -714,21 +712,21 @@ func (image *Image) generateV1(loader *Image) error {
for {
cnt, err := binFile.Read(dataBuf)
if err != nil && err != io.EOF {
- return util.NewNewtError(fmt.Sprintf("Failed to read from %s: %s",
- image.SourceBin, err.Error()))
+ return util.FmtNewtError(
+ "Failed to read from %s: %s", image.SourceBin, err.Error())
}
if cnt == 0 {
break
}
_, err = imgFile.Write(dataBuf[0:cnt])
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to write to %s: %s",
- image.TargetImg, err.Error()))
+ return util.FmtNewtError(
+ "Failed to write to %s: %s", image.TargetImg, err.Error())
}
_, err = hash.Write(dataBuf[0:cnt])
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to hash data: %s",
- err.Error()))
+ return util.FmtNewtError(
+ "Failed to hash data: %s", err.Error())
}
}
@@ -744,8 +742,8 @@ func (image *Image) generateV1(loader *Image) error {
}
err = binary.Write(imgFile, binary.LittleEndian, tlv)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to serialize image "+
- "trailer: %s", err.Error()))
+ return util.FmtNewtError(
+ "Failed to serialize image trailer: %s", err.Error())
}
_, err = imgFile.Write(image.Hash)
if err != nil {
@@ -851,22 +849,21 @@ func (image *Image) generateV1(loader *Image) error {
func (image *Image) generateV2(loader *Image) error {
binFile, err := os.Open(image.SourceBin)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Can't open app binary: %s",
- err.Error()))
+ return util.FmtNewtError("Can't open app binary: %s", err.Error())
}
defer binFile.Close()
binInfo, err := binFile.Stat()
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Can't stat app binary %s: %s",
- image.SourceBin, err.Error()))
+ return util.FmtNewtError("Can't stat app binary %s: %s",
+ image.SourceBin, err.Error())
}
imgFile, err := os.OpenFile(image.TargetImg,
os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0666)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Can't open target image %s: %s",
- image.TargetImg, err.Error()))
+ return util.FmtNewtError("Can't open target image %s: %s",
+ image.TargetImg, err.Error())
}
defer imgFile.Close()
@@ -876,12 +873,12 @@ func (image *Image) generateV2(loader *Image) error {
if PubKeyFile != "" {
_, err = rand.Read(plainSecret)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Random generation error: %s\n", err))
+ return util.FmtNewtError("Random generation error: %s\n", err)
}
keyBytes, err := ioutil.ReadFile(PubKeyFile)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Error reading pubkey file: %s", err))
+ return util.FmtNewtError("Error reading pubkey file: %s", err)
}
// Try reading as PEM (asymetric key), if it fails, assume this is a
@@ -890,26 +887,26 @@ func (image *Image) generateV2(loader *Image) error {
if b == nil {
kek, err := base64.StdEncoding.DecodeString(string(keyBytes))
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Error decoding kek: %s", err))
+ return util.FmtNewtError("Error decoding kek: %s", err)
} else if len(kek) != 16 {
- return util.NewNewtError(fmt.Sprintf("Unexpected key size: %d != 16", len(kek)))
+ return util.FmtNewtError("Unexpected key size: %d != 16", len(kek))
}
cipher, err := aes.NewCipher(kek)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Error creating keywrap cipher: %s", err))
+ return util.FmtNewtError("Error creating keywrap cipher: %s", err)
}
cipherSecret, err = keywrap.Wrap(cipher, plainSecret)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Error key-wrapping: %s", err))
+ return util.FmtNewtError("Error key-wrapping: %s", err)
}
} else if b.Type != "PUBLIC KEY" && b.Type != "RSA PUBLIC KEY" {
return util.NewNewtError("Invalid PEM file")
} else {
pub, err := x509.ParsePKIXPublicKey(b.Bytes)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Error parsing pubkey file: %s", err))
+ return util.FmtNewtError("Error parsing pubkey file: %s", err)
}
var pubk *rsa.PublicKey
@@ -917,13 +914,13 @@ func (image *Image) generateV2(loader *Image) error {
case *rsa.PublicKey:
pubk = pub.(*rsa.PublicKey)
default:
- return util.NewNewtError(fmt.Sprintf("Error parsing pubkey file: %s", err))
+ return util.FmtNewtError("Error parsing pubkey file: %s", err)
}
rng := rand.Reader
cipherSecret, err = rsa.EncryptOAEP(sha256.New(), rng, pubk, plainSecret, nil)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Error from encryption: %s\n", err))
+ return util.FmtNewtError("Error from encryption: %s\n", err)
}
}
}
@@ -936,8 +933,8 @@ func (image *Image) generateV2(loader *Image) error {
if loader != nil {
err = binary.Write(hash, binary.LittleEndian, loader.Hash)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to seed hash: %s",
- err.Error()))
+ return util.FmtNewtError("Failed to seed hash: %s",
+ err.Error())
}
}
@@ -969,8 +966,8 @@ func (image *Image) generateV2(loader *Image) error {
* the image when it is padded.
*/
if image.HeaderSize < IMAGE_HEADER_SIZE {
- return util.NewNewtError(fmt.Sprintf("Image header must be at "+
- "least %d bytes", IMAGE_HEADER_SIZE))
+ return util.FmtNewtError("Image header must be at "+
+ "least %d bytes", IMAGE_HEADER_SIZE)
}
hdr.HdrSz = uint16(image.HeaderSize)
@@ -978,13 +975,13 @@ func (image *Image) generateV2(loader *Image) error {
err = binary.Write(imgFile, binary.LittleEndian, hdr)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to serialize image hdr: %s",
- err.Error()))
+ return util.FmtNewtError("Failed to serialize image hdr: %s",
+ err.Error())
}
err = binary.Write(hash, binary.LittleEndian, hdr)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to hash data: %s",
- err.Error()))
+ return util.FmtNewtError("Failed to hash data: %s",
+ err.Error())
}
if image.HeaderSize > IMAGE_HEADER_SIZE {
@@ -996,14 +993,14 @@ func (image *Image) generateV2(loader *Image) error {
_, err = imgFile.Write(buf)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to write padding: %s",
- err.Error()))
+ return util.FmtNewtError("Failed to write padding: %s",
+ err.Error())
}
_, err = hash.Write(buf)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to hash padding: %s",
- err.Error()))
+ return util.FmtNewtError("Failed to hash padding: %s",
+ err.Error())
}
}
@@ -1014,8 +1011,8 @@ func (image *Image) generateV2(loader *Image) error {
buf := make([]byte, image.SrcSkip)
_, err = binFile.Read(buf)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to read from %s: %s",
- image.SourceBin, err.Error()))
+ return util.FmtNewtError("Failed to read from %s: %s",
+ image.SourceBin, err.Error())
}
nonZero := false
@@ -1049,16 +1046,16 @@ func (image *Image) generateV2(loader *Image) error {
for {
cnt, err := binFile.Read(dataBuf)
if err != nil && err != io.EOF {
- return util.NewNewtError(fmt.Sprintf("Failed to read from %s: %s",
- image.SourceBin, err.Error()))
+ return util.FmtNewtError("Failed to read from %s: %s",
+ image.SourceBin, err.Error())
}
if cnt == 0 {
break
}
_, err = hash.Write(dataBuf[0:cnt])
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to hash data: %s",
- err.Error()))
+ return util.FmtNewtError("Failed to hash data: %s",
+ err.Error())
}
if cipherSecret == nil {
_, err = imgFile.Write(dataBuf[0:cnt])
@@ -1067,8 +1064,8 @@ func (image *Image) generateV2(loader *Image) error {
_, err = imgFile.Write(encBuf[0:cnt])
}
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to write to %s: %s",
- image.TargetImg, err.Error()))
+ return util.FmtNewtError("Failed to write to %s: %s",
+ image.TargetImg, err.Error())
}
}
@@ -1088,8 +1085,8 @@ func (image *Image) generateV2(loader *Image) error {
}
err = binary.Write(imgFile, binary.LittleEndian, tlvInfo)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to serialize image hdr: %s",
- err.Error()))
+ return util.FmtNewtError("Failed to serialize image hdr: %s",
+ err.Error())
}
/*
@@ -1215,22 +1212,20 @@ func (image *Image) generateV2(loader *Image) error {
} else if len(cipherSecret) == 24 {
_type = IMAGE_TLV_ENC_KEK
} else {
- return util.NewNewtError(fmt.Sprintf("Invalid enc TLV size "))
+ return util.FmtNewtError("Invalid enc TLV size ")
}
tlv := &ImageTrailerTlv{
Type: _type,
Pad: 0,
Len: uint16(len(cipherSecret)),
}
- err = binary.Write(imgFile, binary.LittleEndian, tlv)
- if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to serialize image "+
- "trailer: %s", err.Error()))
+ if err := binary.Write(imgFile, binary.LittleEndian, tlv); err != nil {
+ return util.FmtNewtError(
+ "Failed to serialize cipher secret TLV: %s", err.Error())
}
- _, err = imgFile.Write(cipherSecret)
- if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to append encrypted key: %s",
- err.Error()))
+ if _, err := imgFile.Write(cipherSecret); err != nil {
+ return util.FmtNewtError("Failed to append encrypted key: %s",
+ err.Error())
}
}
@@ -1258,8 +1253,8 @@ func (image *Image) generateV2(loader *Image) error {
}
err = binary.Write(imgFile, binary.LittleEndian, tlvInfo)
if err != nil {
- return util.NewNewtError(fmt.Sprintf("Failed to serialize image hdr: %s",
- err.Error()))
+ return util.FmtNewtError("Failed to serialize image hdr: %s",
+ err.Error())
}
return nil
[mynewt-newt] 03/03: Allow key list to be specified in `newt run`.
Posted by cc...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ccollins pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-newt.git
commit 9041b05ac66832d5ad617bcc667d269087ab1c6a
Author: Christopher Collins <cc...@apache.org>
AuthorDate: Mon Nov 12 12:45:50 2018 -0800
Allow key list to be specified in `newt run`.
---
newt/cli/run_cmds.go | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/newt/cli/run_cmds.go b/newt/cli/run_cmds.go
index 49a2e4d..d3f3ed9 100644
--- a/newt/cli/run_cmds.go
+++ b/newt/cli/run_cmds.go
@@ -88,11 +88,20 @@ func runRunCmd(cmd *cobra.Command, args []string) {
}
if len(version) > 0 {
- _, _, err = b.CreateImages(version, "", 0)
+ var keystrs []string
+ var keyId uint8
+
+ if len(args) > 2 {
+ keystrs, keyId, err = parseKeyArgs(args[2:])
+ if err != nil {
+ NewtUsage(cmd, err)
+ }
+ }
+
+ _, _, err = b.CreateImages(version, keystrs, keyId)
if err != nil {
NewtUsage(cmd, err)
}
-
}
if err := b.Load(extraJtagCmd); err != nil {
@@ -113,6 +122,8 @@ func AddRunCommands(cmd *cobra.Command) {
" - debug <target>\n\n" +
"Note if version number is omitted, create-image step is skipped\n"
runHelpEx := " newt run <target-name> [<version>]\n"
+ runHelpEx +=
+ " newt run -2 my_target1 1.3.0.3 private-1.pem private-2.pem\n"
runCmd := &cobra.Command{
Use: "run",