Documentation
¶
Index ¶
- Variables
- func RegisterVerifier(name string, v Verifier)
- func Unmarshal(b []byte, v interface{}, role string, minVersion int, db *keys.KeyDB) error
- func UnmarshalTrusted(b []byte, v interface{}, role string, db *keys.KeyDB) error
- func Verify(s *data.Signed, role string, minVersion int, db *keys.KeyDB) error
- func VerifyRoot(s *data.Signed, minVersion int, keys map[string]*data.PublicKey, threshold int) ([]*data.PublicKey, error)
- func VerifySignatures(s *data.Signed, role string, db *keys.KeyDB) error
- type CryptoService
- type Ed25519
- type Ed25519Verifier
- type ErrExpired
- type ErrLowVersion
- type KeyService
- type RSAPSSVerifier
- type RSAPemVerifier
- type RSAVerifier
- type Signer
- type SigningService
- type Verifier
Constants ¶
This section is empty.
Variables ¶
var ( ErrMissingKey = errors.New("tuf: missing key") ErrNoSignatures = errors.New("tuf: data has no signatures") ErrInvalid = errors.New("tuf: signature verification failed") ErrWrongMethod = errors.New("tuf: invalid signature type") ErrUnknownRole = errors.New("tuf: unknown role") ErrRoleThreshold = errors.New("tuf: valid signatures did not meet threshold") ErrWrongType = errors.New("tuf: meta file has wrong type") )
var IsExpired = func(t string) bool { ts, err := time.Parse(time.RFC3339, t) if err != nil { ts, err = time.Parse("2006-01-02 15:04:05 MST", t) if err != nil { return false } } return ts.Sub(time.Now()) <= 0 }
var Verifiers = map[string]Verifier{ "ed25519": Ed25519Verifier{}, "rsa": RSAVerifier{}, "rsassa-pkcs1-v1_5-sign": RSAPemVerifier{}, "pycrypto-pkcs#1 pss": RSAPSSVerifier{}, }
Verifiers serves as a map of all verifiers available on the system and can be injected into a verificationService. For testing and configuration purposes, it will not be used by default.
Functions ¶
func RegisterVerifier ¶
RegisterVerifier provides a convenience function for init() functions to register additional verifiers or replace existing ones.
func UnmarshalTrusted ¶
Types ¶
type CryptoService ¶
type CryptoService interface {
SigningService
KeyService
}
CryptoService defines a unified Signing and Key Service as this will be most useful for most applications.
type Ed25519 ¶
type Ed25519 struct {
// contains filtered or unexported fields
}
Ed25519 implements a simple in memory keystore and trust service
func NewEd25519 ¶
func NewEd25519() *Ed25519
func (*Ed25519) PublicKeys ¶
type Ed25519Verifier ¶
type Ed25519Verifier struct{}
type ErrExpired ¶
type ErrExpired struct {
Expired string
}
func (ErrExpired) Error ¶
func (e ErrExpired) Error() string
type ErrLowVersion ¶
func (ErrLowVersion) Error ¶
func (e ErrLowVersion) Error() string
type KeyService ¶
type KeyService interface {
// Create issues a new key pair and is responsible for loading
// the private key into the appropriate signing service.
Create(role string) (*data.PublicKey, error)
}
KeyService provides management of keys locally. It will never accept or provide private keys. Communication between the KeyService and a SigningService happen behind the Create function.
type RSAPemVerifier ¶
type RSAPemVerifier struct{}
type RSAVerifier ¶
type RSAVerifier struct{}
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
Signer encapsulates a signing service with some convenience methods to interface between TUF keys and the generic service interface
func NewSigner ¶
func NewSigner(service CryptoService) *Signer
type SigningService ¶
type SigningService interface {
// Sign takes a slice of keyIDs and a piece of data to sign
// and returns a slice of signatures and an error
Sign(keyIDs []string, data []byte) ([]data.Signature, error)
}
SigningService defines the necessary functions to determine if a user is able to sign with a key, and to perform signing.
Source Files