commit | 23225d42bed1c5df84896dd2f0315ebf3f906d72 | [log] [tgz] |
---|---|---|
author | Christopher Collins <ccollins@apache.org> | Tue Jun 25 17:06:00 2019 -0700 |
committer | ccollins476ad <ccollins476ad@gmail.com> | Wed Jun 26 11:39:37 2019 -0700 |
tree | 491998cf8ed01d094110ce29a45ac6f8c4752d2e | |
parent | 441a611715c43c6995b119d674f72869af829601 [diff] |
Support verification of encrypted images An image's hash cannot be verified while the image is encrypted. To verify the hash of such an image, the image must be decrypted first (without clearing the encrypted flag in the header). This complicates the API, as the caller now needs to pass in a set of encryption keys. The fix is to split the image.Verify() function into several pieces: * VerifyStructure() * VerifyHash() * VerifySigs() * VerifyManifest()