added client-side inclusion proof verification

author: Rasmus Dahlberg <rasmus.dahlberg@kau.se> 2020-11-03 16:11:38 +0100
committer: Rasmus Dahlberg <rasmus.dahlberg@kau.se> 2020-11-03 16:11:38 +0100
commit: 14dd503f7612e18091e82b3b0a3ec381604d60df (patch)
tree: 6f25b53df29e60d5fb21cb8a41916e66e9f6c7ed /client/verify.go
parent: 9ab61d6884a9ac26592723523ed2521c79c47a1a (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/client/verify.go b/client/verify.go
index cd2023b..3668bf2 100644
--- a/client/verify.go
+++ b/client/verify.go
@@ -7,6 +7,8 @@ import (
 	"crypto/ed25519"
 	"crypto/tls"
 
+	"github.com/google/trillian/merkle"
+	"github.com/google/trillian/merkle/rfc6962"
 	"github.com/system-transparency/stfe"
 )
 
@@ -42,6 +44,15 @@ func VerifySignedTreeHeadV1(sth *stfe.StItem, scheme tls.SignatureScheme, key cr
 	return nil
 }
 
+// VerifyInclusionProofV1 verifies that an inclusion proof is valid
+func VerifyInclusionProofV1(proof *stfe.StItem, rootHash, leafHash []byte) error {
+	path := make([][]byte, 0, len(proof.InclusionProofV1.InclusionPath))
+	for _, nh := range proof.InclusionProofV1.InclusionPath {
+		path = append(path, nh.Data)
+	}
+	return merkle.NewLogVerifier(rfc6962.DefaultHasher).VerifyInclusionProof(int64(proof.InclusionProofV1.LeafIndex), int64(proof.InclusionProofV1.TreeSize), path, rootHash, leafHash)
+}
+
 // supportedScheme checks whether the client library supports the log's
 // signature scheme and public key type
 func supportedScheme(scheme tls.SignatureScheme, key crypto.PublicKey) error {
author	Rasmus Dahlberg <rasmus.dahlberg@kau.se>	2020-11-03 16:11:38 +0100
committer	Rasmus Dahlberg <rasmus.dahlberg@kau.se>	2020-11-03 16:11:38 +0100
commit	14dd503f7612e18091e82b3b0a3ec381604d60df (patch)
tree	6f25b53df29e60d5fb21cb8a41916e66e9f6c7ed /client/verify.go
parent	9ab61d6884a9ac26592723523ed2521c79c47a1a (diff)