image/verify.go - mynewt-artifact - Git at Google

 package image

 import (
 	"bytes"
 	"encoding/hex"

 	"github.com/apache/mynewt-artifact/errors"
 	"github.com/apache/mynewt-artifact/manifest"
 )

 // VerifyManifest compares an image's structure to its manifest.  It returns
 // an error if the image doesn't match the manifest.
 func (img *Image) VerifyManifest(man manifest.Manifest) error {
 	ver, err := ParseVersion(man.Version)
 	if err != nil {
 		return errors.Wrapf(err, "manifest contains invalid `version` field")
 	}

 	if ver.Major != img.Header.Vers.Major ||
 		ver.Minor != img.Header.Vers.Minor ||
 		ver.Rev != img.Header.Vers.Rev ||
 		ver.BuildNum != img.Header.Vers.BuildNum {

 		return errors.Errorf(
 			"manifest version different from image header: man=%s img=%s",
 			ver.String(), img.Header.Vers.String())
 	}

 	var imgHash string
 	if hash, err := img.Hash(); err == nil {
 		imgHash = hex.EncodeToString(hash)
 	}

 	// A manifest contains two image hashes: `id` and `image_hash`.  Check
 	// both.

 	checkHash := func(manHash string) error {
 		if imgHash != manHash {
 			return errors.Errorf(
 				"manifest image hash different from image TLV: man=%s img=%s",
 				manHash, imgHash)
 		}
 		return nil
 	}

 	if err := checkHash(man.BuildID); err != nil {
 		return err
 	}
 	if err := checkHash(man.ImageHash); err != nil {
 		return err
 	}

 	return nil
 }

 // Verify checks an image's structure and internal consistency.  It returns
 // an error if the image is incorrect.
 func (img *Image) Verify() error {
 	// Verify the hash.

 	haveHash, err := img.Hash()
 	if err != nil {
 		return err
 	}

 	wantHash, err := img.CalcHash()
 	if err != nil {
 		return err
 	}

 	if !bytes.Equal(haveHash, wantHash) {
 		return errors.Errorf(
 			"image manifest contains incorrect hash: have=%x want=%x",
 			haveHash, wantHash)
 	}

 	// Verify that each TLV has a valid "type" field.
 	for _, t := range img.Tlvs {
 		if !ImageTlvTypeIsValid(t.Header.Type) {
 			return errors.Errorf(
 				"image contains TLV with invalid `type` field: %d",
 				t.Header.Type)
 		}
 	}

 	return nil
 }
	package image

	import (
	"bytes"
	"encoding/hex"

	"github.com/apache/mynewt-artifact/errors"
	"github.com/apache/mynewt-artifact/manifest"
	)

	// VerifyManifest compares an image's structure to its manifest. It returns
	// an error if the image doesn't match the manifest.
	func (img *Image) VerifyManifest(man manifest.Manifest) error {
	ver, err := ParseVersion(man.Version)
	if err != nil {
	return errors.Wrapf(err, "manifest contains invalid `version` field")
	}

	if ver.Major != img.Header.Vers.Major \|\|
	ver.Minor != img.Header.Vers.Minor \|\|
	ver.Rev != img.Header.Vers.Rev \|\|
	ver.BuildNum != img.Header.Vers.BuildNum {

	return errors.Errorf(
	"manifest version different from image header: man=%s img=%s",
	ver.String(), img.Header.Vers.String())
	}

	var imgHash string
	if hash, err := img.Hash(); err == nil {
	imgHash = hex.EncodeToString(hash)
	}

	// A manifest contains two image hashes: `id` and `image_hash`. Check
	// both.

	checkHash := func(manHash string) error {
	if imgHash != manHash {
	return errors.Errorf(
	"manifest image hash different from image TLV: man=%s img=%s",
	manHash, imgHash)
	}
	return nil
	}

	if err := checkHash(man.BuildID); err != nil {
	return err
	}
	if err := checkHash(man.ImageHash); err != nil {
	return err
	}

	return nil
	}

	// Verify checks an image's structure and internal consistency. It returns
	// an error if the image is incorrect.
	func (img *Image) Verify() error {
	// Verify the hash.

	haveHash, err := img.Hash()
	if err != nil {
	return err
	}

	wantHash, err := img.CalcHash()
	if err != nil {
	return err
	}

	if !bytes.Equal(haveHash, wantHash) {
	return errors.Errorf(
	"image manifest contains incorrect hash: have=%x want=%x",
	haveHash, wantHash)
	}

	// Verify that each TLV has a valid "type" field.
	for _, t := range img.Tlvs {
	if !ImageTlvTypeIsValid(t.Header.Type) {
	return errors.Errorf(
	"image contains TLV with invalid `type` field: %d",
	t.Header.Type)
	}
	}

	return nil
	}