Documentation
¶
Overview ¶
Package verify provides verification functions for armory drive transparency.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Bundle ¶
func Bundle(pb api.ProofBundle, oldCP api.Checkpoint, logSigV note.Verifier, frSigV note.Verifier, artifactHashes map[string][]byte, origin string) error
Bundle verifies that the Bundle is self-consistent, and consistent with the provided smaller checkpoint from the device.
For a ProofBundle to be considered good, we need to:
- check the signature on the new Checkpoint contained within
- verify that the first oldCP.Size leaf hashes provided can reconstruct oldCP.Hash
- verify that the first newCP.Size leaf hashes provided can reconstruct pb.NewCheckpoint.Hash
- verify that the hash of pb.FirmwareRelease is among the list of leaf hashes provided
- check that the signature on the FirmwareRelease manifest is valid
- check that all provided artifact hashes are present in the FirmwareRelease manifist, and are identical to the values the manifest claims they should be.
If all of these checks hold, then we are sufficiently convinced that the firmware update is discoverable by others.
TODO(al): Extend to support witnesses.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.