You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mynewt.apache.org by "supervillain101 (via GitHub)" <gi...@apache.org> on 2023/04/18 22:04:38 UTC

[GitHub] [mynewt-artifact] supervillain101 opened a new pull request, #35: Encrypted images that use HW encryption/decription need to be hashed …

supervillain101 opened a new pull request, #35:
URL: https://github.com/apache/mynewt-artifact/pull/35

   …using the encrypted image
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@mynewt.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [mynewt-artifact] utzig commented on a diff in pull request #35: Encrypted images that use HW encryption/decription need to be hashed …

Posted by "utzig (via GitHub)" <gi...@apache.org>.

utzig commented on code in PR #35:
URL: https://github.com/apache/mynewt-artifact/pull/35#discussion_r1183071889


##########
image/create.go:
##########
@@ -553,19 +553,33 @@ func (ic *ImageCreator) Create() (Image, error) {
 	var hashBytes []byte
 	var err error
 	if ic.PlainSecret != nil {
-		// For encrypted images, must calculate the hash with the plain
-		// body and encrypt the payload afterwards
-		img.Body = append(img.Body, ic.Body...)
-		hashBytes, err = img.CalcHash(ic.InitialHash)
-		if err != nil {
-			return img, err
-		}
-		encBody, err := sec.EncryptAES(ic.Body, ic.PlainSecret, ic.Nonce)
-		if err != nil {
-			return img, err
-		}
-		img.Body = nil
-		img.Body = append(img.Body, encBody...)
+            if img.HasEncryptionPayload() {
+                // For an encrypted image that will be HW decrypted while running,
+                // the hash must be calculated on the encrptyed image body.

Review Comment:
   typo: `encrptyed`



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@mynewt.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [mynewt-artifact] wes3 merged pull request #35: Encrypted images that use HW encryption/decription need to be hashed …

Posted by "wes3 (via GitHub)" <gi...@apache.org>.

wes3 merged PR #35:
URL: https://github.com/apache/mynewt-artifact/pull/35


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@mynewt.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org