added start on stfe client

ChecksumV1 entries can be submitted using client-side ed25519 signatures. The resulting SignedDebugInfoV1 is then verified using the log's announced signature scheme and public key (currently only ed25519).
author: Rasmus Dahlberg <rasmus.dahlberg@kau.se> 2020-11-02 23:28:58 +0100
committer: Rasmus Dahlberg <rasmus.dahlberg@kau.se> 2020-11-02 23:28:58 +0100
commit: c210c80e80231143f6eaa0f39e8e1d3303983791 (patch)
tree: 83b3bb9cbe4947bfd3ddbebb7694f9442834a22c /verify.go
parent: 801afaa9147c4f70fc00fde1993f6ce0c91bd450 (diff)
1 files changed, 32 insertions, 0 deletions
diff --git a/verify.go b/verify.go
new file mode 100644
index 0000000..fbcf6df
--- /dev/null
+++ b/verify.go
@@ -0,0 +1,32 @@
+package stfe
+
+import (
+	"fmt"
+
+	"crypto/ed25519"
+	"crypto/tls"
+	"crypto/x509"
+)
+
+func (sdi *SignedDebugInfoV1) Verify(scheme tls.SignatureScheme, publicKey, message []byte) error {
+	if scheme != tls.Ed25519 {
+		return fmt.Errorf("unsupported signature scheme: %v", scheme)
+	}
+
+	// TODO: fix so that publicKey is already passed as crypto.PublicKey
+	k, err := x509.ParsePKIXPublicKey(publicKey)
+	if err != nil {
+		return fmt.Errorf("failed parsing public key: %v", err)
+	}
+
+	switch t := k.(type) {
+	case ed25519.PublicKey:
+		vk := k.(ed25519.PublicKey)
+		if !ed25519.Verify(vk, message, sdi.Signature) {
+			return fmt.Errorf("invalid signature: PublicKey(%v) Message(%v) Signature(%v)", vk, message, sdi.Signature)
+		}
+		return nil
+	default:
+		return fmt.Errorf("Unsupported public key: %s", t)
+	}
+}
author	Rasmus Dahlberg <rasmus.dahlberg@kau.se>	2020-11-02 23:28:58 +0100
committer	Rasmus Dahlberg <rasmus.dahlberg@kau.se>	2020-11-02 23:28:58 +0100
commit	c210c80e80231143f6eaa0f39e8e1d3303983791 (patch)
tree	83b3bb9cbe4947bfd3ddbebb7694f9442834a22c /verify.go
parent	801afaa9147c4f70fc00fde1993f6ce0c91bd450 (diff)