stboot

package
v7.0.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 31, 2020 License: BSD-3-Clause Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// BallName is the file name of the archive, which is expected to contain
	// the stboot configuration file along with the corresponding files
	BallName string = "stboot.ball"
	// ConfigName is the name of the stboot configuration file
	ConfigName string = "stconfig.json"
	//HostVarsName is the name of file containing host-specific data
	HostVarsName string = "hostvars.json"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AlwaysValidSigner 

type AlwaysValidSigner struct{}

AlwaysValidSigner creates signatures that are always valid.

func (AlwaysValidSigner) Hash 

func (AlwaysValidSigner) Hash(files ...string) ([]byte, error)

Hash hashes the the provided files. I case of AlwaysValidSigner just 8 random bytes are returned.

func (AlwaysValidSigner) Sign 

func (AlwaysValidSigner) Sign(privKey string, data []byte) ([]byte, error)

Sign signes the provided data with privKey. In case of AlwaysValidSigner just 8 random bytes are returned

func (AlwaysValidSigner) Verify 

func (AlwaysValidSigner) Verify(sig Signature, hash []byte) error

Verify checks if sig contains a valid signature of hash. In case of AlwaysValidSigner this is allwazs the case.

type BootBall 

type BootBall struct {
	Archive string

	RootCertPEM []byte

	NumSignatures int

	Signer Signer
	// contains filtered or unexported fields
}

BootBall contains data to operate on the system transparency bootball archive. There is an underlying temporary directory representing the extracted archive.

func BootBallFromArchive 

func BootBallFromArchive(archive string) (*BootBall, error)

BootBallFromArchive constructs a BootBall zip file at archive

func BootBallFromConfig 

func BootBallFromConfig(configFile string) (*BootBall, error)

BootBallFromConfig constructs a BootBall from a stconfig.json at configFile. the underlying tmporary directory is created with standardized paths and an updated copy of stconfig.json

func (*BootBall) Clean 

func (ball *BootBall) Clean() error

Clean removes the underlying temporary directory.

func (*BootBall) Dir 

func (ball *BootBall) Dir() string

Dir returns the temporary directory associated with BootBall.

func (*BootBall) GetBootConfigByIndex 

func (ball *BootBall) GetBootConfigByIndex(index int) (*jsonboot.BootConfig, error)

GetBootConfigByIndex returns the Bootconfig at index from the BootBall's configs arrey.

func (*BootBall) Hash 

func (ball *BootBall) Hash() error

Hash calculates hashes of all boot configurations in BootBall using the BootBall.Signer's hash function

func (*BootBall) Pack 

func (ball *BootBall) Pack() error

Pack archives the all contents of the underlying temporary directory using zip.

func (*BootBall) Sign 

func (ball *BootBall) Sign(privKeyFile, certFile string) error

Sign signes the hashes of all boot configurations in BootBall using the BootBall.Signer's hash function with the provided privKeyFile. The signature is stored along with the provided certFile inside the BootBall.

func (*BootBall) VerifyBootconfigByID 

func (ball *BootBall) VerifyBootconfigByID(id string) (found, verified int, err error)

VerifyBootconfigByID validates the certificates stored together with the signatures of BootConfig id and verifies the signatures. The number of valid signatures is returned.

type HostVars 

type HostVars struct {
	HostIP         string `json:"host_ip"`
	HostNetmask    string `json:"netmask"`
	DefaultGateway string `json:"gateway"`
	DNSServer      string `json:"dns"`

	BootstrapURL string `json:"bootstrap_url"`

	MinimalSignaturesMatch int `json:"minimal_signatures_match"`
}

HostVars contains contains platform-specific data

func FindHostVarsInInitramfs 

func FindHostVarsInInitramfs() (HostVars, error)

FindHostVarsInInitramfs looks for netvars.json at a given path inside the initramfs file system. The hostvars.json is expected to be in /etc.

type Sha512PssSigner 

type Sha512PssSigner struct{}

Sha512PssSigner uses SHA512 hashes ans PSS signatures along with x509 certificates.

func (Sha512PssSigner) Hash 

func (Sha512PssSigner) Hash(files ...string) ([]byte, error)

Hash hashes the the provided files. In case of Sha512PssSigner it is a SHA512 hash.

func (Sha512PssSigner) Sign 

func (Sha512PssSigner) Sign(privKey string, data []byte) ([]byte, error)

Sign signes the provided data with privKey. In case of Sha512PssSigner it is a PSS signature.

func (Sha512PssSigner) Verify 

func (Sha512PssSigner) Verify(sig Signature, hash []byte) error

Verify checks if sig contains a valid signature of hash.

type Signature 

type Signature struct {
	Bytes []byte
	Cert  *x509.Certificate
}

type Signer 

type Signer interface {
	Hash(files ...string) ([]byte, error)
	Sign(privKey string, data []byte) ([]byte, error)
	Verify(sig Signature, hash []byte) error
}

Signer is used by BootBall to hash, sign and varify the BootConfigs with appropriate algorithms

type Stconfig 

type Stconfig struct {
	// configs is an array of u-root BootConfigs
	BootConfigs []jsonboot.BootConfig `json:"boot_configs"`
	// rootCertPath is the path to root certificate of the signing
	RootCertPath string `json:"root_cert"`
}

Stconfig contains multiple u-root BootConfig stucts and additional information for stboot

func (*Stconfig) IsValid 

func (cfg *Stconfig) IsValid() bool

IsValid returns true if all BootConfig structs inside the config has valid content.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.