verify

package
v0.0.0-...-e10fca2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 11, 2023 License: Apache-2.0 Imports: 7 Imported by: 1

Documentation

Overview

Package verify provides verification functions for armory drive transparency.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Bundle 

func Bundle(pb api.ProofBundle, oldCP api.Checkpoint, logSigV note.Verifier, frSigV note.Verifier, artifactHashes map[string][]byte, origin string) error

Bundle verifies that the Bundle is self-consistent, and consistent with the provided smaller checkpoint from the device.

For a ProofBundle to be considered good, we need to:

  1. check the signature on the new Checkpoint contained within
  2. verify that the first oldCP.Size leaf hashes provided can reconstruct oldCP.Hash
  3. verify that the first newCP.Size leaf hashes provided can reconstruct pb.NewCheckpoint.Hash
  4. verify that the hash of pb.FirmwareRelease is among the list of leaf hashes provided
  5. check that the signature on the FirmwareRelease manifest is valid
  6. check that all provided artifact hashes are present in the FirmwareRelease manifist, and are identical to the values the manifest claims they should be.

If all of these checks hold, then we are sufficiently convinced that the firmware update is discoverable by others.

TODO(al): Extend to support witnesses.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.