aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-10-30 20:48:01 +0100
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-10-30 20:48:01 +0100
commit5ebeccb73f4373875ebf2418df4a9352373ee922 (patch)
treecaa2ab945c8bff96778ada25e8e0dd038cc1f8c1
parentf367d220ff99eaee7debb234c3234de6c781359c (diff)
removed unused code
-rw-r--r--x509.go35
1 files changed, 0 insertions, 35 deletions
diff --git a/x509.go b/x509.go
index 329ce01..be7d150 100644
--- a/x509.go
+++ b/x509.go
@@ -4,10 +4,8 @@ import (
"fmt"
"crypto"
- "crypto/ecdsa"
"crypto/ed25519"
"crypto/rand"
- "crypto/rsa"
"crypto/tls"
"crypto/x509"
"encoding/base64"
@@ -80,39 +78,6 @@ func LoadEd25519SigningKey(path string) (ed25519.PrivateKey, error) {
}
}
-func VerifyChain(ld *LogParameters, certificate *x509.Certificate) ([]*x509.Certificate, error) {
- opts := x509.VerifyOptions{
- Roots: ld.AnchorPool,
- KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny}, // TODO: move to ld
- } // TODO: add intermediates
-
- chains, err := certificate.Verify(opts)
- if err != nil {
- return nil, fmt.Errorf("chain verification failed: %v", err)
- }
- if len(chains) == 0 {
- return nil, fmt.Errorf("chain verification failed: no chain")
- }
- return chains[0], nil // if we found multiple paths just pick the first one
-}
-
-func VerifySignature(leaf, signature []byte, certificate *x509.Certificate) error {
- var algo x509.SignatureAlgorithm
- switch t := certificate.PublicKey.(type) {
- case *rsa.PublicKey:
- algo = x509.SHA256WithRSA
- case *ecdsa.PublicKey:
- algo = x509.ECDSAWithSHA256
- default:
- return fmt.Errorf("unsupported public key algorithm: %v", t)
- }
-
- if err := certificate.CheckSignature(algo, leaf, signature); err != nil {
- return fmt.Errorf("invalid signature: %v", err)
- }
- return nil
-}
-
func GenV1SDI(ld *LogParameters, leaf []byte) (*StItem, error) {
// Note that ed25519 does not use the passed io.Reader
sig, err := ld.Signer.Sign(rand.Reader, leaf, crypto.Hash(0))