func (c *PolicyRuleRequires) SHA256Sum() (string, error) {
sha := sha512.New512_256()
if err := json.NewEncoder(sha).Encode(c); err != nil {
return "", err
}
return fmt.Sprintf("%x", sha.Sum(nil)), nil
}
func NewVerifier(hashes map[string]string, size int64) (*Verifier, error) {
if size <= 0 {
return nil, &ErrInvalidSize{size}
}
v := &Verifier{
hashes: make([]*Hash, 0, len(hashes)),
size: size,
}
for algorithm, value := range hashes {
h := &Hash{algorithm: algorithm, expected: value}
switch algorithm {
case "sha256":
h.hash = sha256.New()
case "sha512":
h.hash = sha512.New()
case "sha512_256":
h.hash = sha512.New512_256()
default:
continue
}
v.hashes = append(v.hashes, h)
}
if len(v.hashes) == 0 {
return nil, ErrNoHashes
}
return v, nil
}
func (b *Builder) mksquashfs(dir string) (string, *ct.ImageLayer, error) {
tmp, err := ioutil.TempFile("", "squashfs-")
if err != nil {
return "", nil, err
}
defer tmp.Close()
if out, err := exec.Command("mksquashfs", dir, tmp.Name(), "-noappend").CombinedOutput(); err != nil {
os.Remove(tmp.Name())
return "", nil, fmt.Errorf("mksquashfs error: %s: %s", err, out)
}
h := sha512.New512_256()
length, err := io.Copy(h, tmp)
if err != nil {
os.Remove(tmp.Name())
return "", nil, err
}
sha := hex.EncodeToString(h.Sum(nil))
return tmp.Name(), &ct.ImageLayer{
ID: sha,
Type: ct.ImageLayerTypeSquashfs,
Length: length,
Hashes: map[string]string{"sha512_256": sha},
}, nil
}
// SHA256Sum calculates L3n4Addr's internal SHA256Sum.
func (l3n4Addr L3n4Addr) SHA256Sum() (string, error) {
sha := sha512.New512_256()
if err := json.NewEncoder(sha).Encode(l3n4Addr); err != nil {
return "", err
}
return fmt.Sprintf("%x", sha.Sum(nil)), nil
}
// SHA256Sum calculates lbls' internal SHA256Sum. For a particular set of labels is
// guarantee that it will always have the same SHA256Sum.
func (lbls Labels) SHA256Sum() (string, error) {
sha := sha512.New512_256()
sortedMap := lbls.sortMap()
if err := json.NewEncoder(sha).Encode(sortedMap); err != nil {
return "", err
}
return fmt.Sprintf("%x", sha.Sum(nil)), nil
}
// KeyGenerator creates a cryptographically secure sha512 sum based on secure pseudorandom numbers
func KeyGenerator() string {
baseKeyBytes := make([]byte, 512)
rand.Read(baseKeyBytes) // Create 512 cryptographically secure pseudorandom numbers
hasher := sha512.New512_256() // Create a new hash.Hash
hashBytes := hasher.Sum(baseKeyBytes) // Use sha512 hasher to hash to byte array
key := base64.StdEncoding.EncodeToString(hashBytes) // Encode the hashBytes as a string
return key
}
func makeHash(name string) hash.Hash {
switch strings.ToLower(name) {
case "ripemd160":
return ripemd160.New()
case "md4":
return md4.New()
case "md5":
return md5.New()
case "sha1":
return sha1.New()
case "sha256":
return sha256.New()
case "sha384":
return sha512.New384()
case "sha3-224":
return sha3.New224()
case "sha3-256":
return sha3.New256()
case "sha3-384":
return sha3.New384()
case "sha3-512":
return sha3.New512()
case "sha512":
return sha512.New()
case "sha512-224":
return sha512.New512_224()
case "sha512-256":
return sha512.New512_256()
case "crc32-ieee":
return crc32.NewIEEE()
case "crc64-iso":
return crc64.New(crc64.MakeTable(crc64.ISO))
case "crc64-ecma":
return crc64.New(crc64.MakeTable(crc64.ECMA))
case "adler32":
return adler32.New()
case "fnv32":
return fnv.New32()
case "fnv32a":
return fnv.New32a()
case "fnv64":
return fnv.New64()
case "fnv64a":
return fnv.New64a()
case "xor8":
return new(xor8)
case "fletch16":
return &fletch16{}
}
return nil
}
func calculateDigest(files []string, algorithm string) {
var hasher hash.Hash
switch algorithm {
case "md5":
hasher = md5.New()
case "sha1":
hasher = sha1.New()
case "sha224":
hasher = sha256.New224()
case "sha256":
hasher = sha256.New()
case "sha384":
hasher = sha512.New384()
case "sha512":
hasher = sha512.New()
case "sha512224":
hasher = sha512.New512_224()
case "sha512256":
hasher = sha512.New512_256()
case "ripemd160":
hasher = ripemd160.New()
default:
fmt.Printf("Algorithm %s not implemented yet\n", algorithm)
os.Exit(1)
}
for _, fn := range files {
hasher.Reset()
file, err := os.Open(fn)
if err != nil {
panic(err.Error())
}
if _, err := io.Copy(hasher, file); err != nil {
panic(err.Error())
}
fmt.Printf("%x %s\n", hasher.Sum(nil), fn)
file.Close()
}
}
func (this HashFile) Exec(input types.Value) (out types.Value, err error) {
var inputMap types.Map
if i, ok := input.(types.Map); ok {
inputMap = i
} else {
err = errors.New(fmt.Sprintf("expected a map as input, got a %T", input))
return
}
var hashName string
var hashNameElement = inputMap[types.Keyword("hash")]
if hashNameElement == nil {
hashName = "sha256"
} else if h, ok := hashNameElement.(types.String); ok {
hashName = string(h)
} else if k, ok := hashNameElement.(types.Keyword); ok {
hashName = string(k)
} else if s, ok := hashNameElement.(types.Symbol); ok {
hashName = string(s)
} else {
err = errors.New(":hash must be a string, keyword, or symbol if specified")
return
}
hashName = strings.ToLower(hashName)
var hash hash.Hash
if hashName == "md5" {
hash = md5.New()
} else if hashName == "sha" || hashName == "sha1" || hashName == "sha-1" {
hash = sha1.New()
} else if hashName == "sha224" || hashName == "sha-224" {
hash = sha256.New224()
} else if hashName == "sha256" || hashName == "sha-256" {
hash = sha256.New()
} else if hashName == "sha384" || hashName == "sha-384" {
hash = sha512.New384()
} else if hashName == "sha512/224" || hashName == "sha-512/224" {
hash = sha512.New512_224()
} else if hashName == "sha512/256" || hashName == "sha-512/256" {
hash = sha512.New512_256()
} else if hashName == "sha512" || hashName == "sha-512" {
hash = sha512.New()
} else {
err = errors.New(fmt.Sprint("unknown hash name: ", hashName))
return
}
var fileName string
var fileElem = inputMap[types.Keyword("file")]
if fileElem == nil {
err = errors.New(":file argument is required")
return
} else if f, ok := fileElem.(types.String); ok {
fileName = string(f)
} else {
err = errors.New(":file argument must be a string")
return
}
file, err := os.Open(fileName)
if err != nil {
return
}
hashOut := bufio.NewWriterSize(hash, hash.BlockSize())
wrote, err := io.Copy(hashOut, file)
hashOut.Flush()
if err != nil {
return
}
out = types.Map{
types.Keyword("success"): types.Bool(true),
types.Keyword("size"): types.Int(wrote),
types.Keyword("file"): types.String(fileName),
types.Keyword("hash"): types.Keyword(hashName),
types.Keyword("digest"): types.String(fmt.Sprintf("%x", hash.Sum(nil))),
}
return
}
func run(dir string, uid, gid int) error {
client, err := controller.NewClient("", os.Getenv("CONTROLLER_KEY"))
if err != nil {
return err
}
// create a squashfs layer
layer, err := ioutil.TempFile("", "squashfs-")
if err != nil {
return err
}
defer os.Remove(layer.Name())
defer layer.Close()
if out, err := exec.Command("mksquashfs", dir, layer.Name(), "-noappend").CombinedOutput(); err != nil {
return fmt.Errorf("mksquashfs error: %s: %s", err, out)
}
h := sha512.New512_256()
length, err := io.Copy(h, layer)
if err != nil {
return err
}
layerSHA := hex.EncodeToString(h.Sum(nil))
// upload the layer to the blobstore
if _, err := layer.Seek(0, os.SEEK_SET); err != nil {
return err
}
layerURL := fmt.Sprintf("http://blobstore.discoverd/slugs/layers/%s.squashfs", layerSHA)
if err := upload(layer, layerURL); err != nil {
return err
}
manifest := &ct.ImageManifest{
Type: ct.ImageManifestTypeV1,
// TODO: parse Procfile / .release and add to manifest.Entrypoints
Entrypoints: map[string]*ct.ImageEntrypoint{
"_default": {
Env: map[string]string{
"PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM": "xterm",
"HOME": "/app",
},
WorkingDir: "/app",
Args: []string{"/runner/init", "bash"},
Uid: typeconv.Uint32Ptr(uint32(uid)),
Gid: typeconv.Uint32Ptr(uint32(gid)),
},
},
Rootfs: []*ct.ImageRootfs{{
Platform: ct.DefaultImagePlatform,
Layers: []*ct.ImageLayer{{
ID: layerSHA,
Type: ct.ImageLayerTypeSquashfs,
Length: length,
Hashes: map[string]string{"sha512_256": layerSHA},
}},
}},
}
rawManifest := manifest.RawManifest()
manifestURL := fmt.Sprintf("http://blobstore.discoverd/slugs/images/%s.json", manifest.ID())
if err := upload(bytes.NewReader(rawManifest), manifestURL); err != nil {
return err
}
artifact := &ct.Artifact{
ID: os.Getenv("SLUG_IMAGE_ID"),
Type: ct.ArtifactTypeFlynn,
URI: manifestURL,
Meta: map[string]string{
"blobstore": "true",
},
RawManifest: rawManifest,
Hashes: manifest.Hashes(),
Size: int64(len(rawManifest)),
LayerURLTemplate: "http://blobstore.discoverd/slugs/layers/{id}.squashfs",
}
// create artifact
if err := client.CreateArtifact(artifact); err != nil {
return err
}
fmt.Printf("-----> Compiled slug size is %s\n", units.BytesSize(float64(length)))
return nil
}
func EncryptData(data string) string {
EncrypHash := sha512.New512_256()
EncrypData := EncrypHash.Sum([]byte(data))
return hex.EncodeToString(EncrypData)
}