checkpoint

package

v0.0.0-...-26eaa0a Latest Latest Go to latest Published: Apr 26, 2024 License: Apache-2.0, BSD-3-Clause, MIT Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

android.googlesource.com/platform/external/avb

Links

Open Source Insights

Documentation ¶

Overview ¶

Package checkpoint implements methods to interact with checkpoints as described below.

Root is the internal representation of the information needed to commit to the contents of the tree, and contains the root hash and size.

When a commitment needs to be sent to other processes (such as a witness or other log clients), it is put in the form of a checkpoint, which also includes an "origin" string. The origin should is a unique identifier for the log identity which issues the checkpoint. This package deals only with the origin for the Pixel Binary Transparency Log.

This checkpoint is signed in a note format (golang.org/x/mod/sumdb/note) before sending out. An unsigned checkpoint is not a valid commitment and must not be used.

There is only a single signature. Support for multiple signing identities will be added as needed.

Index ¶

type EcdsaVerifier
- func NewVerifier(pemKey []byte, name string) (EcdsaVerifier, error)
type Root
- func FromURL(logURL string, v verifier) (Root, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type EcdsaVerifier ¶

type EcdsaVerifier struct {
	PubKey *ecdsa.PublicKey
	// contains filtered or unexported fields
}

EcdsaVerifier verifies a message signature that was signed using ECDSA.

func NewVerifier ¶

func NewVerifier(pemKey []byte, name string) (EcdsaVerifier, error)

NewVerifier expects an ECDSA public key in PEM format in a file with the provided path and key name.

func (EcdsaVerifier) KeyHash ¶

func (v EcdsaVerifier) KeyHash() uint32

KeyHash returns a 4 byte hash of the public key to be used as a hint to the verifier.

func (EcdsaVerifier) Name ¶

func (v EcdsaVerifier) Name() string

Name returns the name of the key.

func (EcdsaVerifier) Verify ¶

func (v EcdsaVerifier) Verify(msg, sig []byte) bool

Verify returns whether the signature of the message is valid using its pubKey.

type Root ¶

type Root struct {
	// Size is the number of entries in the log at this point.
	Size uint64
	// Hash commits to the contents of the entire log.
	Hash []byte
}

Root contains the checkpoint data.

func FromURL ¶

func FromURL(logURL string, v verifier) (Root, error)

FromURL verifies the signature and unpacks and returns a Root.

Validates signature before reading data, using a provided verifier. Data at `logURL` is the checkpoint and must be in the note format (golang.org/x/mod/sumdb/note).

The checkpoint must be for the Pixel Binary Transparency Log origin.

Returns error if the signature fails to verify or if the checkpoint does not conform to the following format:

[]byte("[origin]\n[size]\n[hash]").

Source Files ¶

View all Source files

checkpoint.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL