diff options
author | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-11-02 23:28:58 +0100 |
---|---|---|
committer | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-11-02 23:28:58 +0100 |
commit | c210c80e80231143f6eaa0f39e8e1d3303983791 (patch) | |
tree | 83b3bb9cbe4947bfd3ddbebb7694f9442834a22c /verify.go | |
parent | 801afaa9147c4f70fc00fde1993f6ce0c91bd450 (diff) |
added start on stfe client
ChecksumV1 entries can be submitted using client-side ed25519
signatures. The resulting SignedDebugInfoV1 is then verified using the
log's announced signature scheme and public key (currently only ed25519).
Diffstat (limited to 'verify.go')
-rw-r--r-- | verify.go | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/verify.go b/verify.go new file mode 100644 index 0000000..fbcf6df --- /dev/null +++ b/verify.go @@ -0,0 +1,32 @@ +package stfe + +import ( + "fmt" + + "crypto/ed25519" + "crypto/tls" + "crypto/x509" +) + +func (sdi *SignedDebugInfoV1) Verify(scheme tls.SignatureScheme, publicKey, message []byte) error { + if scheme != tls.Ed25519 { + return fmt.Errorf("unsupported signature scheme: %v", scheme) + } + + // TODO: fix so that publicKey is already passed as crypto.PublicKey + k, err := x509.ParsePKIXPublicKey(publicKey) + if err != nil { + return fmt.Errorf("failed parsing public key: %v", err) + } + + switch t := k.(type) { + case ed25519.PublicKey: + vk := k.(ed25519.PublicKey) + if !ed25519.Verify(vk, message, sdi.Signature) { + return fmt.Errorf("invalid signature: PublicKey(%v) Message(%v) Signature(%v)", vk, message, sdi.Signature) + } + return nil + default: + return fmt.Errorf("Unsupported public key: %s", t) + } +} |