pkg/provisioning/cbnt/config.go: Rework IBB segment hashing (#327)

This commit is contained in:
Christian Walter 2022-05-18 00:30:30 +02:00 committed by GitHub
parent c3c13e1e3c
commit 8bb065875e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 63 deletions

View File

@ -7,6 +7,7 @@ import (
"crypto/sha512"
"encoding/json"
"fmt"
"hash"
"io"
"io/ioutil"
"os"
@ -95,80 +96,37 @@ func getIBBSegment(ibbs []bootpolicy.IBBSegment, image []byte) ([][]byte, error)
return ibbSegments, nil
}
func getIBBsDigest(ibbs []bootpolicy.IBBSegment, image []byte, algo manifest.Algorithm) ([]byte, error) {
var hash []byte
func getIBBsDigest(ibbs []bootpolicy.IBBSegment, image []byte, algo manifest.Algorithm) (hashout []byte, err error) {
var hashFunc hash.Hash
switch algo {
case manifest.AlgSHA1:
h := sha1.New()
segments, err := getIBBSegment(ibbs, image)
if err != nil {
return nil, fmt.Errorf("unable to get IBB segments: %w", err)
}
for _, segment := range segments {
_, err = h.Write(segment)
if err != nil {
return nil, fmt.Errorf("unable to hash a segment: %w", err)
}
}
hash = h.Sum(nil)
hashFunc = sha1.New()
case manifest.AlgSHA256:
h := sha256.New()
segments, err := getIBBSegment(ibbs, image)
if err != nil {
return nil, fmt.Errorf("unable to get IBB segments: %w", err)
}
for _, segment := range segments {
_, err = h.Write(segment)
if err != nil {
return nil, fmt.Errorf("unable to hash a segment: %w", err)
}
}
hash = h.Sum(nil)
hashFunc = sha256.New()
case manifest.AlgSHA384:
h := sha512.New384()
segments, err := getIBBSegment(ibbs, image)
if err != nil {
return nil, fmt.Errorf("unable to get IBB segments: %w", err)
}
for _, segment := range segments {
_, err = h.Write(segment)
if err != nil {
return nil, fmt.Errorf("unable to hash a segment: %w", err)
}
}
hash = h.Sum(nil)
hashFunc = sha512.New384()
case manifest.AlgSHA512:
h := sha512.New512_256()
segments, err := getIBBSegment(ibbs, image)
if err != nil {
return nil, fmt.Errorf("unable to get IBB segments: %w", err)
}
for _, segment := range segments {
_, err = h.Write(segment)
if err != nil {
return nil, fmt.Errorf("unable to hash a segment: %w", err)
}
}
hash = h.Sum(nil)
hashFunc = sha512.New512_256()
case manifest.AlgSM3:
h := sm3.New()
segments, err := getIBBSegment(ibbs, image)
if err != nil {
return nil, fmt.Errorf("unable to get IBB segments: %w", err)
}
for _, segment := range segments {
_, err = h.Write(segment)
if err != nil {
return nil, fmt.Errorf("unable to hash a segment: %w", err)
}
}
hash = h.Sum(nil)
hashFunc = sm3.New()
case manifest.AlgNull:
return nil, nil
default:
return nil, fmt.Errorf("couldn't match requested hash algorithm: 0x%x", algo)
}
return hash, nil
segments, err := getIBBSegment(ibbs, image)
if err != nil {
return nil, err
}
for _, segment := range segments {
_, err = hashFunc.Write(segment)
if err != nil {
return nil, err
}
}
hashout = hashFunc.Sum(nil)
return hashout, nil
}
func setIBBSegment(cbnto *Options, image []byte) (*bootpolicy.SE, error) {