Documentation ¶
Overview ¶
Package checkpoint implements methods to interact with checkpoints as described below.
Root is the internal representation of the information needed to commit to the contents of the tree, and contains the root hash and size.
When a commitment needs to be sent to other processes (such as a witness or other log clients), it is put in the form of a checkpoint, which also includes an "origin" string. The origin should is a unique identifier for the log identity which issues the checkpoint. This package deals only with the origin for the Pixel Binary Transparency Log.
This checkpoint is signed in a note format (golang.org/x/mod/sumdb/note) before sending out. An unsigned checkpoint is not a valid commitment and must not be used.
There is only a single signature. Support for multiple signing identities will be added as needed.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EcdsaVerifier ¶
EcdsaVerifier verifies a message signature that was signed using ECDSA.
func NewVerifier ¶
func NewVerifier(pemKey []byte, name string) (EcdsaVerifier, error)
NewVerifier expects an ECDSA public key in PEM format in a file with the provided path and key name.
func (EcdsaVerifier) KeyHash ¶
func (v EcdsaVerifier) KeyHash() uint32
KeyHash returns a 4 byte hash of the public key to be used as a hint to the verifier.
func (EcdsaVerifier) Verify ¶
func (v EcdsaVerifier) Verify(msg, sig []byte) bool
Verify returns whether the signature of the message is valid using its pubKey.
type Root ¶
type Root struct { // Size is the number of entries in the log at this point. Size uint64 // Hash commits to the contents of the entire log. Hash []byte }
Root contains the checkpoint data.
func FromURL ¶
FromURL verifies the signature and unpacks and returns a Root.
Validates signature before reading data, using a provided verifier. Data at `logURL` is the checkpoint and must be in the note format (golang.org/x/mod/sumdb/note).
The checkpoint must be for the Pixel Binary Transparency Log origin.
Returns error if the signature fails to verify or if the checkpoint does not conform to the following format:
[]byte("[origin]\n[size]\n[hash]").