▽

Package verify

Variables

var (
    ErrMissingKey           = errors.New("tuf: missing key")
    ErrNoSignatures         = errors.New("tuf: data has no signatures")
    ErrInvalid              = errors.New("tuf: signature verification failed")
    ErrWrongMethod          = errors.New("tuf: invalid signature type")
    ErrWrongMetaType        = errors.New("tuf: meta file has wrong type")
    ErrExists               = errors.New("tuf: key already in db")
    ErrInvalidKey           = errors.New("tuf: invalid key")
    ErrInvalidRole          = errors.New("tuf: invalid role")
    ErrInvalidDelegatedRole = errors.New("tuf: invalid delegated role")
    ErrInvalidKeyID         = errors.New("tuf: invalid key id")
    ErrInvalidThreshold     = errors.New("tuf: invalid role threshold")
    ErrMissingTargetFile    = errors.New("tuf: missing previously listed targets metadata file")
)

var IsExpired = func(t time.Time) bool {
    return time.Until(t) <= 0
}

func VerifySignature ¶

func VerifySignature(signed json.RawMessage, sig data.HexBytes,
    verifier keys.Verifier) error

VerifySignature takes a signed JSON message, a signature, and a verifier and verifies the given signature on the JSON message using the verifier. It returns an error if verification fails.

type DB ¶

type DB struct {
    // contains filtered or unexported fields
}

func NewDB ¶

func NewDB() *DB

func NewDBFromDelegations ¶

func NewDBFromDelegations(d *data.Delegations) (*DB, error)

NewDBFromDelegations returns a DB that verifies delegations of a given Targets.

func (*DB) AddKey ¶

func (db *DB) AddKey(id string, k *data.PublicKey) error

func (*DB) AddRole ¶

func (db *DB) AddRole(name string, r *data.Role) error

func (*DB) GetRole ¶

func (db *DB) GetRole(name string) *Role

func (*DB) GetVerifier ¶

func (db *DB) GetVerifier(id string) (keys.Verifier, error)

func (*DB) Unmarshal ¶

func (db *DB) Unmarshal(b []byte, v interface{}, role string, minVersion int64) error

func (*DB) UnmarshalIgnoreExpired ¶

func (db *DB) UnmarshalIgnoreExpired(b []byte, v interface{}, role string, minVersion int64) error

UnmarshalExpired is exactly like Unmarshal except ignores expired timestamp error.

func (*DB) UnmarshalTrusted ¶

func (db *DB) UnmarshalTrusted(b []byte, v interface{}, role string) error

func (*DB) Verify ¶

func (db *DB) Verify(s *data.Signed, role string, minVersion int64) error

func (*DB) VerifyIgnoreExpiredCheck ¶

func (db *DB) VerifyIgnoreExpiredCheck(s *data.Signed, role string, minVersion int64) error

func (*DB) VerifySignatures ¶

func (db *DB) VerifySignatures(s *data.Signed, role string) error

type ErrExpired ¶

type ErrExpired struct {
    Expired time.Time
}

func (ErrExpired) Error ¶

func (e ErrExpired) Error() string

type ErrLowVersion ¶

type ErrLowVersion struct {
    Actual  int64
    Current int64
}

func (ErrLowVersion) Error ¶

func (e ErrLowVersion) Error() string

type ErrRepeatID ¶

type ErrRepeatID struct {
    KeyID string
}

func (ErrRepeatID) Error ¶

func (e ErrRepeatID) Error() string

type ErrRoleThreshold ¶

type ErrRoleThreshold struct {
    Expected int
    Actual   int
}

func (ErrRoleThreshold) Error ¶

func (e ErrRoleThreshold) Error() string

type ErrUnknownRole ¶

type ErrUnknownRole struct {
    Role string
}

func (ErrUnknownRole) Error ¶

func (e ErrUnknownRole) Error() string

type ErrWrongVersion ¶

type ErrWrongVersion struct {
    Given    int64
    Expected int64
}

func (ErrWrongVersion) Error ¶

func (e ErrWrongVersion) Error() string

type Role ¶

type Role struct {
    KeyIDs    map[string]struct{}
    Threshold int
}

func (*Role) ValidKey ¶

func (r *Role) ValidKey(id string) bool