github.com/openshift/installer@v1.4.17/pkg/hostcrypt/hostcrypt.go

github.com/openshift/installer@v1.4.17/pkg/hostcrypt/hostcrypt.go (about)

     1  package hostcrypt
     2  
     3  import (
     4  	"fmt"
     5  	"os"
     6  	"runtime"
     7  	"strconv"
     8  	"strings"
     9  )
    10  
    11  const (
    12  	fipsFile = "/proc/sys/crypto/fips_enabled"
    13  )
    14  
    15  // VerifyHostTargetState checks that the current binary matches the expected cryptographic state
    16  // for the target cluster.
    17  func VerifyHostTargetState(fips bool) error {
    18  	if !fips {
    19  		return nil
    20  	}
    21  
    22  	if err := allowFIPSCluster(); err != nil {
    23  		return fmt.Errorf("target cluster is in FIPS mode, %w", err)
    24  	}
    25  	return nil
    26  }
    27  
    28  func hostFIPSEnabled() (bool, error) {
    29  	if runtime.GOOS != "linux" {
    30  		return false, fmt.Errorf("operation requires a Linux client")
    31  	}
    32  
    33  	hostFIPSData, err := os.ReadFile(fipsFile)
    34  	if err != nil {
    35  		return false, fmt.Errorf("failed to read client FIPS state %s: %w", fipsFile, err)
    36  	}
    37  
    38  	hostFIPS, err := strconv.ParseBool(strings.TrimSuffix(string(hostFIPSData), "\n"))
    39  	if err != nil {
    40  		return false, fmt.Errorf("failed to parse client FIPS state %s: %w", fipsFile, err)
    41  	}
    42  
    43  	return hostFIPS, nil
    44  }