aboutsummaryrefslogtreecommitdiff
path: root/verify.go
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-02 23:28:58 +0100
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-02 23:28:58 +0100
commitc210c80e80231143f6eaa0f39e8e1d3303983791 (patch)
tree83b3bb9cbe4947bfd3ddbebb7694f9442834a22c /verify.go
parent801afaa9147c4f70fc00fde1993f6ce0c91bd450 (diff)
added start on stfe client
ChecksumV1 entries can be submitted using client-side ed25519 signatures. The resulting SignedDebugInfoV1 is then verified using the log's announced signature scheme and public key (currently only ed25519).
Diffstat (limited to 'verify.go')
-rw-r--r--verify.go32
1 files changed, 32 insertions, 0 deletions
diff --git a/verify.go b/verify.go
new file mode 100644
index 0000000..fbcf6df
--- /dev/null
+++ b/verify.go
@@ -0,0 +1,32 @@
+package stfe
+
+import (
+ "fmt"
+
+ "crypto/ed25519"
+ "crypto/tls"
+ "crypto/x509"
+)
+
+func (sdi *SignedDebugInfoV1) Verify(scheme tls.SignatureScheme, publicKey, message []byte) error {
+ if scheme != tls.Ed25519 {
+ return fmt.Errorf("unsupported signature scheme: %v", scheme)
+ }
+
+ // TODO: fix so that publicKey is already passed as crypto.PublicKey
+ k, err := x509.ParsePKIXPublicKey(publicKey)
+ if err != nil {
+ return fmt.Errorf("failed parsing public key: %v", err)
+ }
+
+ switch t := k.(type) {
+ case ed25519.PublicKey:
+ vk := k.(ed25519.PublicKey)
+ if !ed25519.Verify(vk, message, sdi.Signature) {
+ return fmt.Errorf("invalid signature: PublicKey(%v) Message(%v) Signature(%v)", vk, message, sdi.Signature)
+ }
+ return nil
+ default:
+ return fmt.Errorf("Unsupported public key: %s", t)
+ }
+}