Documentation ¶
Index ¶
- func CopyKeys(from signed.CryptoService, roles ...data.RoleName) (signed.CryptoService, error)
- func CopyRepoMetadata(from map[data.RoleName][]byte) map[data.RoleName][]byte
- func CreateKey(cs signed.CryptoService, gun data.GUN, role data.RoleName, keyAlgorithm string) (data.PublicKey, error)
- func EmptyRepo(gun data.GUN, delegationRoles ...data.RoleName) (*tuf.Repo, signed.CryptoService, error)
- func NewRepoMetadata(gun data.GUN, delegationRoles ...data.RoleName) (map[data.RoleName][]byte, signed.CryptoService, error)
- func Serialize(sRoot, sTargets, sSnapshot, sTimestamp *data.Signed) (root, targets, snapshot, timestamp []byte, err error)
- func Sign(repo *tuf.Repo) (root, targets, snapshot, timestamp *data.Signed, err error)
- func SignAndSerialize(tufRepo *tuf.Repo) (map[data.RoleName][]byte, error)
- type CorruptingMemoryStore
- type ErrNoKeyForRole
- type LongMemoryStore
- type MetadataSwizzler
- func (m *MetadataSwizzler) AddExtraSpace(role data.RoleName) error
- func (m *MetadataSwizzler) ChangeRootKey() error
- func (m *MetadataSwizzler) ExpireMetadata(role data.RoleName) error
- func (m *MetadataSwizzler) InvalidateMetadataSignatures(role data.RoleName) error
- func (m *MetadataSwizzler) MutateRoot(mutate func(*data.Root)) error
- func (m *MetadataSwizzler) MutateSnapshot(mutate func(*data.Snapshot)) error
- func (m *MetadataSwizzler) MutateTargets(mutate func(*data.Targets)) error
- func (m *MetadataSwizzler) MutateTimestamp(mutate func(*data.Timestamp)) error
- func (m *MetadataSwizzler) OffsetMetadataVersion(role data.RoleName, offset int) error
- func (m *MetadataSwizzler) RemoveMetadata(role data.RoleName) error
- func (m *MetadataSwizzler) RotateKey(role data.RoleName, key data.PublicKey) error
- func (m *MetadataSwizzler) SetInvalidJSON(role data.RoleName) error
- func (m *MetadataSwizzler) SetInvalidMetadataType(role data.RoleName) error
- func (m *MetadataSwizzler) SetInvalidSigned(role data.RoleName) error
- func (m *MetadataSwizzler) SetInvalidSignedMeta(role data.RoleName) error
- func (m *MetadataSwizzler) SetThreshold(role data.RoleName, newThreshold int) error
- func (m *MetadataSwizzler) SignMetadataWithInvalidKey(role data.RoleName) error
- func (m *MetadataSwizzler) UpdateSnapshotHashes(roles ...data.RoleName) error
- func (m *MetadataSwizzler) UpdateTimestampHash() error
- type ShortMemoryStore
- type TestBootstrapper
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CopyKeys ¶ added in v0.3.0
func CopyKeys(from signed.CryptoService, roles ...data.RoleName) (signed.CryptoService, error)
CopyKeys copies keys of a particular role to a new cryptoservice, and returns that cryptoservice
func CopyRepoMetadata ¶
CopyRepoMetadata makes a copy of a metadata->bytes mapping
func CreateKey ¶ added in v0.3.0
func CreateKey(cs signed.CryptoService, gun data.GUN, role data.RoleName, keyAlgorithm string) (data.PublicKey, error)
CreateKey creates a new key inside the cryptoservice for the given role and gun, returning the public key. If the role is a root role, create an x509 key.
func EmptyRepo ¶
func EmptyRepo(gun data.GUN, delegationRoles ...data.RoleName) (*tuf.Repo, signed.CryptoService, error)
EmptyRepo creates an in memory crypto service and initializes a repo with no targets. Delegations are only created if delegation roles are passed in.
func NewRepoMetadata ¶
func NewRepoMetadata(gun data.GUN, delegationRoles ...data.RoleName) (map[data.RoleName][]byte, signed.CryptoService, error)
NewRepoMetadata creates a TUF repo and returns the metadata
func Serialize ¶
func Serialize(sRoot, sTargets, sSnapshot, sTimestamp *data.Signed) (root, targets, snapshot, timestamp []byte, err error)
Serialize takes the Signed objects for the 4 top level roles and serializes them all to JSON
Types ¶
type CorruptingMemoryStore ¶
type CorruptingMemoryStore struct {
store.MemoryStore
}
CorruptingMemoryStore corrupts all data returned by GetMeta
func NewCorruptingMemoryStore ¶
func NewCorruptingMemoryStore(meta map[data.RoleName][]byte) *CorruptingMemoryStore
NewCorruptingMemoryStore returns a new instance of memory store that corrupts all data requested from it.
type ErrNoKeyForRole ¶
ErrNoKeyForRole returns an error when the cryptoservice provided to MetadataSwizzler has no key for a particular role
func (ErrNoKeyForRole) Error ¶
func (e ErrNoKeyForRole) Error() string
type LongMemoryStore ¶
type LongMemoryStore struct {
store.MemoryStore
}
LongMemoryStore corrupts all data returned by GetMeta
func NewLongMemoryStore ¶
func NewLongMemoryStore(meta map[data.RoleName][]byte) *LongMemoryStore
NewLongMemoryStore returns a new instance of memory store that returns one byte too much data on any request to GetMeta
type MetadataSwizzler ¶
type MetadataSwizzler struct { Gun data.GUN MetadataCache store.MetadataStore CryptoService signed.CryptoService Roles []data.RoleName // list of Roles in the metadataStore }
MetadataSwizzler fuzzes the metadata in a MetadataStore
func NewMetadataSwizzler ¶
func NewMetadataSwizzler(gun data.GUN, initialMetadata map[data.RoleName][]byte, cryptoService signed.CryptoService) *MetadataSwizzler
NewMetadataSwizzler returns a new swizzler when given a gun, mapping of roles to initial metadata bytes, and a cryptoservice
func (*MetadataSwizzler) AddExtraSpace ¶
func (m *MetadataSwizzler) AddExtraSpace(role data.RoleName) error
AddExtraSpace adds an extra space to the beginning and end of the serialized JSON bytes, which should not affect serialization, but will change the checksum of the file.
func (*MetadataSwizzler) ChangeRootKey ¶
func (m *MetadataSwizzler) ChangeRootKey() error
ChangeRootKey swaps out the root key with a new key, and re-signs the metadata with the new key
func (*MetadataSwizzler) ExpireMetadata ¶
func (m *MetadataSwizzler) ExpireMetadata(role data.RoleName) error
ExpireMetadata expires the metadata, which would make it invalid - don't do anything if we don't have the timestamp key
func (*MetadataSwizzler) InvalidateMetadataSignatures ¶
func (m *MetadataSwizzler) InvalidateMetadataSignatures(role data.RoleName) error
InvalidateMetadataSignatures signs with the right key(s) but wrong hash
func (*MetadataSwizzler) MutateRoot ¶
func (m *MetadataSwizzler) MutateRoot(mutate func(*data.Root)) error
MutateRoot takes a function that mutates the root metadata - once done, it serializes the root again
func (*MetadataSwizzler) MutateSnapshot ¶
func (m *MetadataSwizzler) MutateSnapshot(mutate func(*data.Snapshot)) error
MutateSnapshot takes a function that mutates the snapshot metadata - once done, it serializes the snapshot again
func (*MetadataSwizzler) MutateTargets ¶
func (m *MetadataSwizzler) MutateTargets(mutate func(*data.Targets)) error
MutateTargets takes a function that mutates the targets metadata - once done, it serializes the targets again
func (*MetadataSwizzler) MutateTimestamp ¶
func (m *MetadataSwizzler) MutateTimestamp(mutate func(*data.Timestamp)) error
MutateTimestamp takes a function that mutates the timestamp metadata - once done, it serializes the timestamp again
func (*MetadataSwizzler) OffsetMetadataVersion ¶
func (m *MetadataSwizzler) OffsetMetadataVersion(role data.RoleName, offset int) error
OffsetMetadataVersion updates the metadata version
func (*MetadataSwizzler) RemoveMetadata ¶
func (m *MetadataSwizzler) RemoveMetadata(role data.RoleName) error
RemoveMetadata deletes the metadata entirely
func (*MetadataSwizzler) RotateKey ¶ added in v0.3.0
RotateKey rotates the key for a role - this can invalidate that role's metadata if it is not signed by that key. Particularly if the key being rotated is the root key, because it is not signed by the new key, only the old key.
func (*MetadataSwizzler) SetInvalidJSON ¶
func (m *MetadataSwizzler) SetInvalidJSON(role data.RoleName) error
SetInvalidJSON corrupts metadata into something that is no longer valid JSON
func (*MetadataSwizzler) SetInvalidMetadataType ¶
func (m *MetadataSwizzler) SetInvalidMetadataType(role data.RoleName) error
SetInvalidMetadataType unmarshallable, but has the wrong metadata type (not actually a metadata type)
func (*MetadataSwizzler) SetInvalidSigned ¶
func (m *MetadataSwizzler) SetInvalidSigned(role data.RoleName) error
SetInvalidSigned corrupts the metadata into something that is valid JSON, but not unmarshallable into signed JSON
func (*MetadataSwizzler) SetInvalidSignedMeta ¶
func (m *MetadataSwizzler) SetInvalidSignedMeta(role data.RoleName) error
SetInvalidSignedMeta corrupts the metadata into something that is unmarshallable as a Signed object, but not unmarshallable into a SignedMeta object
func (*MetadataSwizzler) SetThreshold ¶
func (m *MetadataSwizzler) SetThreshold(role data.RoleName, newThreshold int) error
SetThreshold sets a threshold for a metadata role - can invalidate metadata for which the threshold is increased, if there aren't enough signatures or can be invalid because the threshold is 0
func (*MetadataSwizzler) SignMetadataWithInvalidKey ¶
func (m *MetadataSwizzler) SignMetadataWithInvalidKey(role data.RoleName) error
SignMetadataWithInvalidKey signs the metadata with the wrong key
func (*MetadataSwizzler) UpdateSnapshotHashes ¶
func (m *MetadataSwizzler) UpdateSnapshotHashes(roles ...data.RoleName) error
UpdateSnapshotHashes updates the snapshot to reflect the latest hash changes, to ensure that failure isn't because the snapshot has the wrong hash.
func (*MetadataSwizzler) UpdateTimestampHash ¶
func (m *MetadataSwizzler) UpdateTimestampHash() error
UpdateTimestampHash updates the timestamp to reflect the latest snapshot changes, to ensure that failure isn't because the timestamp has the wrong hash.
type ShortMemoryStore ¶
type ShortMemoryStore struct {
store.MemoryStore
}
ShortMemoryStore corrupts all data returned by GetMeta
func NewShortMemoryStore ¶
func NewShortMemoryStore(meta map[data.RoleName][]byte) *ShortMemoryStore
NewShortMemoryStore returns a new instance of memory store that returns one byte too little data on any request to GetMeta
type TestBootstrapper ¶ added in v0.3.0
type TestBootstrapper struct {
Booted bool
}
TestBootstrapper is a simple implemented of the Bootstrapper interface to be used for tests
func (*TestBootstrapper) Bootstrap ¶ added in v0.3.0
func (tb *TestBootstrapper) Bootstrap() error
Bootstrap sets Booted to true so tests can confirm it was called