github.com/google/trillian-examples@v0.0.0-20240520080811-0d40d35cef0e/binary_transparency/firmware/internal/ftmap/log.go

github.com/google/trillian-examples@v0.0.0-20240520080811-0d40d35cef0e/binary_transparency/firmware/internal/ftmap/log.go (about)

     1  // Copyright 2021 Google LLC. All Rights Reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package ftmap
    16  
    17  import (
    18  	"crypto"
    19  	"crypto/sha256"
    20  	"encoding/binary"
    21  	"fmt"
    22  	"reflect"
    23  	"sort"
    24  
    25  	"github.com/apache/beam/sdks/v2/go/pkg/beam"
    26  
    27  	"github.com/google/trillian-examples/binary_transparency/firmware/api"
    28  	"github.com/google/trillian/experimental/batchmap"
    29  	"github.com/google/trillian/merkle/coniks"
    30  	"github.com/google/trillian/merkle/smt/node"
    31  	"github.com/transparency-dev/merkle/compact"
    32  )
    33  
    34  func init() {
    35  	beam.RegisterFunction(logEntryDeviceIDFn)
    36  	beam.RegisterFunction(makeDeviceReleaseLogFn)
    37  	beam.RegisterType(reflect.TypeOf((*moduleLogHashFn)(nil)).Elem())
    38  	beam.RegisterType(reflect.TypeOf((*api.DeviceReleaseLog)(nil)).Elem())
    39  }
    40  
    41  // MakeReleaseLogs takes all firmwareLogEntrys and processes these by
    42  // DeviceID in order to create logs of release revisions. The versions for
    43  // each DeviceID are sorted (by ID in the original log), and a log is
    44  // constructed for each device. This method returns two PCollections:
    45  // 1. the first is of type Entry; the key/value data to include in the map
    46  // 2. the second is of type DeviceReleaseLog.
    47  func MakeReleaseLogs(s beam.Scope, treeID int64, logEntries beam.PCollection) (beam.PCollection, beam.PCollection) {
    48  	keyed := beam.ParDo(s, logEntryDeviceIDFn, logEntries)
    49  	logs := beam.ParDo(s, makeDeviceReleaseLogFn, beam.GroupByKey(s, keyed))
    50  	return beam.ParDo(s, &moduleLogHashFn{TreeID: treeID}, logs), logs
    51  }
    52  
    53  func logEntryDeviceIDFn(l *firmwareLogEntry) (string, *firmwareLogEntry) {
    54  	return l.Firmware.DeviceID, l
    55  }
    56  
    57  type moduleLogHashFn struct {
    58  	TreeID int64
    59  
    60  	rf *compact.RangeFactory
    61  }
    62  
    63  func (fn *moduleLogHashFn) Setup() {
    64  	fn.rf = &compact.RangeFactory{
    65  		Hash: NodeHash,
    66  	}
    67  }
    68  
    69  func (fn *moduleLogHashFn) ProcessElement(log *api.DeviceReleaseLog) (*batchmap.Entry, error) {
    70  	logRange := fn.rf.NewEmptyRange(0)
    71  	for _, v := range log.Revisions {
    72  		bs := make([]byte, 8)
    73  		binary.LittleEndian.PutUint64(bs, v)
    74  		h := RecordHash(bs)
    75  		if err := logRange.Append(h[:], nil); err != nil {
    76  			return nil, err
    77  		}
    78  	}
    79  	logRoot, err := logRange.GetRootHash(nil)
    80  	if err != nil {
    81  		return nil, fmt.Errorf("failed to create log for %q: %v", log.DeviceID, err)
    82  	}
    83  	h := crypto.SHA512_256.New()
    84  	h.Write([]byte(log.DeviceID))
    85  	logKey := h.Sum(nil)
    86  
    87  	leafID := node.NewID(string(logKey), uint(len(logKey)*8))
    88  	return &batchmap.Entry{
    89  		HashKey:   logKey,
    90  		HashValue: coniks.Default.HashLeaf(fn.TreeID, leafID, logRoot),
    91  	}, nil
    92  }
    93  
    94  func makeDeviceReleaseLogFn(deviceID string, lit func(**firmwareLogEntry) bool) (*api.DeviceReleaseLog, error) {
    95  	// We need to ensure ordering by sequence ID in the original log for stability.
    96  
    97  	// First consume the iterator into an in-memory list.
    98  	// This puts the whole record in the list for now, but this can be optimized to only store
    99  	// the revision ID.
   100  	entries := make([]*firmwareLogEntry, 0)
   101  	var e *firmwareLogEntry
   102  	for lit(&e) {
   103  		entries = append(entries, e)
   104  	}
   105  	sort.Slice(entries, func(i, j int) bool { return entries[i].Index < entries[j].Index })
   106  
   107  	revisions := make([]uint64, len(entries))
   108  	for i := range entries {
   109  		revisions[i] = entries[i].Firmware.FirmwareRevision
   110  	}
   111  
   112  	return &api.DeviceReleaseLog{
   113  		DeviceID:  deviceID,
   114  		Revisions: revisions,
   115  	}, nil
   116  }
   117  
   118  var zeroPrefix = []byte{0x00}
   119  var onePrefix = []byte{0x01}
   120  
   121  // RecordHash returns the content hash for the given record data.
   122  func RecordHash(data []byte) []byte {
   123  	// SHA256(0x00 || data)
   124  	h := sha256.New()
   125  	h.Write(zeroPrefix)
   126  	h.Write(data)
   127  	return h.Sum(nil)
   128  }
   129  
   130  // NodeHash returns the hash for an interior tree node with the given left and right hashes.
   131  func NodeHash(left, right []byte) []byte {
   132  	// SHA256(0x01 || left || right)
   133  	h := sha256.New()
   134  	h.Write(onePrefix)
   135  	h.Write(left)
   136  	h.Write(right)
   137  	return h.Sum(nil)
   138  }