Documentation
¶
Overview ¶
Package vfile verifies files against a hash or signature.
vfile aims to be TOCTTOU-safe by reading files into memory before verifying.
Index ¶
- Variables
- func GetKeyRing(keyPath string) (openpgp.KeyRing, error)
- type ErrHashMismatch
- type ErrInvalidHash
- type ErrUnsigned
- type ErrWrongSigner
- type File
- func OpenHashedFile256(path string, wantSHA256Hash []byte) (*File, error)
- func OpenHashedFile512(path string, wantSHA512Hash []byte) (*File, error)
- func OpenSignedFile(keyring openpgp.KeyRing, path, pathSig string) (*File, error)
- func OpenSignedSigFile(keyring openpgp.KeyRing, path string) (*File, error)
Constants ¶
This section is empty.
Variables ¶
var ErrNoExpectedHash = errors.New("OpenHashedFile: no expected hash given")
ErrNoExpectedHash is given when the caller did not specify a hash.
var ErrNoKeyRing = errors.New("no keyring given")
ErrNoKeyRing is returned when a nil keyring was given.
Functions ¶
Types ¶
type ErrHashMismatch ¶
ErrHashMismatch is returned when the file's hash does not match the expected hash.
func (ErrHashMismatch) Error ¶
func (e ErrHashMismatch) Error() string
type ErrInvalidHash ¶
type ErrInvalidHash struct {
// Path is the path to the file that was supposed to be verified.
Path string
// Err is some underlying error.
Err error
}
ErrInvalidHash is returned when hash verification failed.
func (ErrInvalidHash) Error ¶
func (e ErrInvalidHash) Error() string
func (ErrInvalidHash) Unwrap ¶
func (e ErrInvalidHash) Unwrap() error
type ErrUnsigned ¶
type ErrUnsigned struct {
// Path is the file that failed signature verification.
Path string
// Err is a nested error, if there was one.
Err error
}
ErrUnsigned is returned for a file that failed signature verification.
func (ErrUnsigned) Error ¶
func (e ErrUnsigned) Error() string
func (ErrUnsigned) Unwrap ¶
func (e ErrUnsigned) Unwrap() error
type ErrWrongSigner ¶
ErrWrongSigner represents a file signed by some key, but not the ones in the given key ring.
func (ErrWrongSigner) Error ¶
func (e ErrWrongSigner) Error() string
type File ¶
File encapsulates a bytes.Reader with the file contents and its name.
func OpenHashedFile256 ¶
OpenHashedFile256 opens path and verifies whether its contents match the given sha256 hash.
WARNING! Unlike many Go functions, this may return both the file and an error in case the expected hash does not match the contents.
If the contents match, the contents are returned with no error.
func OpenHashedFile512 ¶
OpenHashedFile512 opens path and verifies whether its contents match the given sha512 hash.
WARNING! Unlike many Go functions, this may return both the file and an error in case the expected hash does not match the contents.
If the contents match, the contents are returned with no error.
func OpenSignedFile ¶
OpenSignedFile opens a file that is expected to be signed.
WARNING! Unlike many Go functions, this may return both the file and an error.
It expects path.sig to be available.
If the signature does not exist or does not match the keyring, both the file and a signature error will be returned.
func OpenSignedSigFile ¶
OpenSignedSigFile calls OpenSignedFile expecting the signature to be in path.sig.
E.g. if path is /foo/bar, the signature is expected to be in /foo/bar.sig.
Source Files