Categorygithub.com/apache/mynewt-artifactimage
package
0.0.24
Repository: https://github.com/apache/mynewt-artifact.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
23
Dependents
9
Files
2.2k SLOC

# README

Mynewt Images

Anatomy

    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                            Header                             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    ~                      Padding (optional)                       ~
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    ~                                                               ~
    ~                                                               ~
    ~                             Body                              ~
    ~                                                               ~
    ~                                                               ~
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                 Protected Trailer (optional)                  |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    ~                                                               ~
    ~                   Protected TLVs (optional)                   ~
    ~                                                               ~
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                            Trailer                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    ~                                                               ~
    ~                             TLVs                              ~
    ~                                                               ~
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

All fields are in host-byte order (typically little endian).

Header

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                      Magic (0x96f3b83d)                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     Reserved1 (0x00000000)                    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |          Header size          |        Protected size         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Body size                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                             Flags                             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Major version | Minor version |           Revision            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                         Build number                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     Reserved2 (0x00000000)                    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
FieldDescriptionNotes
MagicIdentifies the start of an image
Header size32 + the amount of padding that follows the header
Protected sizeSize, in bytes, of the protected trailer PLUS the protected TLVs0 if no protected TLVs
Body sizeSize, in bytes, of the image body
FlagsOne bit per flagSee below
Major versionThe first element of the version numbermajor.minor.revision.build
Minor versionThe second element of the version numbermajor.minor.revision.build
RevisionThe third element of the version numbermajor.minor.revision.build
Build numberThe fourth element of the version numberNo meaning in semver

Body

The executable itself. In encrypted images, this is the encrypted portion.

Protected trailer

Describes the set of protected TLVs that follow. This trailer is NOT present if there are no protected TLVs.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |        Magic (0x6908)         |        Protected size         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
FieldDescriptionNotes
MagicIdentifies the start of the protected trailer
Protected sizeSize, in bytes, of the protected trailer PLUS the protected TLVsIdentical to "Protected size" in image header

Protected TLVs

A sequence of TLV structures (see "TLVs" section for specifics). The structure of these TLVs is identical to the non-protected TLVs. The difference is that these TLVs are included as input to the image hash.

Trailer

Describes the set of TLVs that follow. This trailer is always present.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |        Magic (0x6907)         |             Size              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
FieldDescriptionNotes
MagicIdentifies the start of the trailer
SizeSize, in bytes, of the trailer PLUS the TLVs

TLVs

The TLVs (type-length-value) are a sequence of variable length structures containing image metadata.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      | Reserved (00) |            Length             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    ~                                                               ~
    ~                             Body                              ~
    ~                                                               ~
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
FieldDescriptionNotes
TypeIdentifies the type of data in the TLV body
LengthThe length, in bytes, of the TLV body
BodyVaries by type

Header flags

Each header flag is represented by a single bit. As with the other numeric fields, the flags field is in host byte order.

ValueDescriptionNotes
0x00000004Encrypted by key in TLVImplies the presence of an "enc" TLV
0x00000010Non-bootableSecond half of a split image

TLV types

ValueDescriptionNotes
0x01Key hashSHA256 of image verification key
0x10SHA256SHA256 of parts of the image (see below)
0x20Signature: RSA2048
0x21Signature: ECDSA224
0x22Signature: ECDSA256
0x23Signature: RSA3072
0x24Signature: ED25519
0x30Key-encrypting key: RSA
0x31Key-encrypting key: KEK
0x32Key-encrypting key: EC256
0x50Encryption nonce
0x60Secret indexIndicates hardware-specific location of encryption key

SHA256

The sha256 is calculated using the following inputs:

  • Header
  • Post-header padding
  • Unencrypted image body
  • Protected trailer (if present)
  • Protected TLVs (if present)

# Functions

BuildKeyHash produces a key-hash TLV given a public verification key.
BuildSigTlvs signs an image and creates a pair of TLVs representing the signature.
Decrypt decrypts an image body and strips the "secret" TLV.
DecryptHw decrypts a hardware-encrypted image.
DecryptHw decrypts a hardware-encrypted image and strips the "nonce" and "secret ID" protected TLVs.
Encrypt encrypts an image body and adds a "secret" TLV.
GenerateEncTlv creates an encryption-secret TLV given a secret.
GenerateHWKeyIndexTLV creates a hardware key index TLV.
GenerateImage produces an Image object from a set of image creation options.
GenerateNonceTLV creates a nonce TLV given a nonce.
GeneratePlainSecret randomly generates a 16-byte image-encrypting secret.
GenerateEncTlv creates an encryption-secret TLV given a secret.
GenerateSig signs an image.
GenerateSig signs an image using an ec key.
GenerateSig signs an image using an ed25519 key.
GenerateSig signs an image using an rsa key.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
ParseVersion parses an image version string (e.g., "1.2.3.4").
No description provided by the author

# Constants

encrypted image */.
non bootable image */.
* Image header flags.
No description provided by the author
Image header magic */.
Protected TLV info magic */.
* Image trailer TLV types.
* Image trailer TLV types.
* Image trailer TLV types.
* Image trailer TLV types.
* Image trailer TLV types.
* Image trailer TLV types.
* Image trailer TLV types.
* Image trailer TLV types.
* Image trailer TLV types.
* Image trailer TLV types.
* Image trailer TLV types.
* Image trailer TLV types.
* Image trailer TLV types.
* Image trailer TLV types.
* Image trailer TLV types.
Plus `value` field.
TLV info magic */.
No description provided by the author
ECDSA224 over SHA256 */.
ECDSA256 over SHA256 */.
non bootable image */.
No description provided by the author
RSA-PSS w/RSA2048 and SHA256 */.
PKCS15 w/RSA2048 and SHA256 */.
Image contains hash TLV */.
Image header magic */.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author

# Variables

Set this to enable RSA-PSS for RSA signatures, instead of PKCS#1 v1.5.

# Structs

No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author