Documentation ¶
Index ¶
- Constants
- type AggregatedFirmware
- type ConsistencyProof
- type DeviceReleaseLog
- type FirmwareID
- type FirmwareMetadata
- type GetConsistencyRequest
- type GetFirmwareManifestRequest
- type InclusionProof
- type LogCheckpoint
- type MalwareStatement
- type MapCheckpoint
- type MapInclusionProof
- type MapTile
- type MapTileLeaf
- type ProofBundle
- type RevocationStatement
- type SignedStatement
- type StatementType
- type UpdatePackage
Constants ¶
const ( // HTTPAddFirmware is the path of the URL to publish a firmware entry. HTTPAddFirmware = "ft/v0/add-firmware" // HTTPAddAnnotationMalware is the path of the URL to publish annotations about malware scans. HTTPAddAnnotationMalware = "ft/v0/add-annotation-malware" // HTTPGetConsistency is the path of the URL to get a consistency proof between log roots. HTTPGetConsistency = "ft/v0/get-consistency" // HTTPGetInclusion is the path of the URL to get inclusion proofs for entries in the log. HTTPGetInclusion = "ft/v0/get-inclusion" // HTTPGetManifestEntryAndProof is the path of the URL to get firmware manifest entries with inclusion proofs. HTTPGetManifestEntryAndProof = "ft/v0/get-firmware-manifest-entry-and-proof" // HTTPGetFirmwareImage is the path of the URL for getting firmware images from the CAS. HTTPGetFirmwareImage = "ft/v0/get-firmware-image" // HTTPGetRoot is the path of the URL to get a recent log root. HTTPGetRoot = "ft/v0/get-root" // FTLogOrigin is the identifier of the demo log. // TODO(al): extract this so it's a config option on the log. FTLogOrigin = "Firmware Transparency Log" )
const ( // MapHTTPGetCheckpoint is the path of the URL to get a recent map checkpoint. MapHTTPGetCheckpoint = "ftmap/v0/get-checkpoint" // MapHTTPGetTile is the path of the URL to get a map tile at a revision. MapHTTPGetTile = "ftmap/v0/tile" // MapHTTPGetAggregation is the path of the URL to get aggregated FW info. MapHTTPGetAggregation = "ftmap/v0/aggregation" // MapPrefixStrata is the number of prefix strata in the FT map. MapPrefixStrata = 1 // MapTreeID is the unique tree ID salted into the map's hash functions. MapTreeID = 12345 )
const (
// WitnessGetCheckpoint is the path of the URL to get witness checkpoint.
WitnessGetCheckpoint = "ft/witness/v0/get-checkpoint"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AggregatedFirmware ¶
AggregatedFirmware represents the results of aggregating a single piece of firmware according to the rules described in #Aggregate().
type ConsistencyProof ¶
type ConsistencyProof struct {
Proof [][]byte
}
ConsistencyProof contains the hashes to demonstrate the append-only evolution of the log.
type DeviceReleaseLog ¶
DeviceReleaseLog represents firmware releases found for a single device ID. Entries are ordered by their sequence in the original log.
type FirmwareID ¶
FirmwareID is a pointer to a firmware version. It will be a SignedStatement of type FirmwareMetadataType.
func (FirmwareID) String ¶
func (id FirmwareID) String() string
type FirmwareMetadata ¶
type FirmwareMetadata struct { // DeviceID specifies the target device for this firmware. DeviceID string // FirmwareRevision specifies which version of firmware this is. // TODO(al): consider whether to use a string FirmwareRevision uint64 // FirmwareImageSHA512 is the SHA512 hash over the firmware image as it will // be delivered. FirmwareImageSHA512 []byte // ExpectedFirmwareMeasurement represents the expected measured state of the // device once the firmware is installed. ExpectedFirmwareMeasurement []byte // BuildTimestamp is the time at which this build was published in RFC3339 format. // e.g. "1985-04-12T23:20:50.52Z" BuildTimestamp string }
FirmwareMetadata represents a firmware image and related info.
func (FirmwareMetadata) String ¶
func (m FirmwareMetadata) String() string
String returns a human-readable representation of the firmware metadata info.
type GetConsistencyRequest ¶
GetConsistencyRequest is sent to ask for a proof that the tree at ToSize is append-only from the tree at FromSize. The response is a ConsistencyProof.
type GetFirmwareManifestRequest ¶
GetFirmwareManifestRequest is sent to ask for the value at the given LeafIndex, with an inclusion proof to the root at the given TreeSize.
type InclusionProof ¶
InclusionProof contains the value at the requested index and the proof to the requested tree size.
func (InclusionProof) String ¶
func (l InclusionProof) String() string
String returns a compact printable representation of an InclusionProof.
type LogCheckpoint ¶
type LogCheckpoint struct { log.Checkpoint // The number of nanoseconds since the Unix epoch. TimestampNanos uint64 // If set, Envelope contains the envelope from which this Checkpoint was parsed. Envelope []byte }
LogCheckpoint commits to the state of the log. The serialisation format of this checkpoint is compatible with the format specified at github.com/google/trillian-examples/tree/master/formats/log
func ParseCheckpoint ¶
func ParseCheckpoint(chkpt []byte, logVerifier note.Verifier, otherVerifiers ...note.Verifier) (*LogCheckpoint, error)
ParseCheckpoint wraps `log.ParseCheckpoint` with the additional behaviour of enforcing that a timestamp is included in the `otherdata`, and returning a LogCheckpoint constructed from this data.
func (LogCheckpoint) Marshal ¶
func (l LogCheckpoint) Marshal() []byte
Marshal serialises the checkpoint.
func (LogCheckpoint) String ¶
func (l LogCheckpoint) String() string
String returns a compact printable representation of a LogCheckpoint.
type MalwareStatement ¶
type MalwareStatement struct { // FirmwareID is the SignedStatement in the log being annotated. FirmwareID FirmwareID // Good is a crude signal of goodness. // TODO(mhutchinson): Add more fields as needed for the demo (e.g. Timestamp). Good bool }
MalwareStatement is an annotation about malware checks in a firmware version.
func (MalwareStatement) String ¶
func (s MalwareStatement) String() string
type MapCheckpoint ¶
type MapCheckpoint struct { // LogCheckpoint is the json encoded api.LogCheckpoint. LogCheckpoint []byte LogSize uint64 RootHash []byte Revision uint64 }
MapCheckpoint is a commitment to a map built from the FW Log at a given size. The map checkpoint contains the checkpoint of the log this was built from, with the number of entries consumed from that input log. This allows clients to check they are seeing the same version of the log as the map was built from. This also provides information to allow verifiers of the map to confirm correct construction.
type MapInclusionProof ¶
type MapInclusionProof struct { Key []byte Value []byte // Proof is all of the sibling hashes down the path, keyed by the bit length of the parent node ID. // A nil entry means that this branch is empty. // The parent node ID is used because the root does not have a sibling. Proof [][]byte }
MapInclusionProof contains the value at the requested key and the proof to the requested Checkpoint.
func (MapInclusionProof) String ¶
func (l MapInclusionProof) String() string
String returns a compact printable representation of an InclusionProof.
type MapTile ¶
type MapTile struct { // The path from the root of the map to the root of this tile. Path []byte // All non-empty leaves in this tile, sorted left-to-right. Leaves []MapTileLeaf }
MapTile is a subtree of the whole map.
type MapTileLeaf ¶
type MapTileLeaf struct { // The path from the root of the container MapTile to this leaf. Path []byte // The hash value being committed to. Hash []byte }
MapTileLeaf is a leaf value of a MapTile. If it belongs to a leaf tile then this represents one of the values that the map commits to. Otherwise, this leaf represents the root of the subtree in the stratum below.
type ProofBundle ¶
type ProofBundle struct { // ManifestStatement is the json representation of an `api.SignedStatement` struct. ManifestStatement []byte // Checkpoint must represent a tree which includes the ManifestStatement. Checkpoint []byte // InclusionProof is a proof to Checkpoint for ManifestStatement. InclusionProof InclusionProof }
ProofBundle contains the manifest and associated proofs for a given firmware image.
type RevocationStatement ¶
type RevocationStatement struct { // FirmwareID is the SignedStatement in the log being annotated. FirmwareID FirmwareID }
RevocationStatement is an annotation that marks a build as revoked. This statement simply being present for a build marks it as revoked. There is no way to unrevoke something; this can be done by re-releasing it. TODO(mhutchinson): Wire this up in the personality.
type SignedStatement ¶
type SignedStatement struct { // Type is one of the statement types from above, and indicates what // Statement should be interpreted as. Type StatementType // The serialised Claim in json form. // This is one of MalwareStatement or BuildStatement. Statement []byte // Signature is the bytestream of the signature over (Type || Statement). Signature []byte }
SignedStatement is a Statement signed by the Claimant.
type StatementType ¶
type StatementType byte
StatementType is an enum that describes the type of statement in a SignedStatement.
const ( FirmwareMetadataType StatementType = 'f' MalwareStatementType StatementType = 'm' RevocationStatementType StatementType = 'r' )
Enum values for the different types of statement.
type UpdatePackage ¶
type UpdatePackage struct { // FirmwareImage is the actual firmware image itself. FirmwareImage []byte // ProofBundle holds the various artifacts required to validate the firmware image. // It should be a serialised JSON form of the ProofBundle structure. ProofBundle []byte }
UpdatePackage represents an "OTA" update bundle.