aboutsummaryrefslogtreecommitdiff
path: root/x509.go
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-02 23:28:58 +0100
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-02 23:28:58 +0100
commitc210c80e80231143f6eaa0f39e8e1d3303983791 (patch)
tree83b3bb9cbe4947bfd3ddbebb7694f9442834a22c /x509.go
parent801afaa9147c4f70fc00fde1993f6ce0c91bd450 (diff)
added start on stfe client
ChecksumV1 entries can be submitted using client-side ed25519 signatures. The resulting SignedDebugInfoV1 is then verified using the log's announced signature scheme and public key (currently only ed25519).
Diffstat (limited to 'x509.go')
-rw-r--r--x509.go6
1 files changed, 3 insertions, 3 deletions
diff --git a/x509.go b/x509.go
index be7d150..46728f2 100644
--- a/x509.go
+++ b/x509.go
@@ -156,12 +156,12 @@ func buildChainFromB64List(lp *LogParameters, b64chain []string) ([]*x509.Certif
// verifySignature checks if signature is valid for some serialized data. The
// only supported signature scheme is ecdsa_secp256r1_sha256(0x0403), see ยง4.3.2
-// in RFC 8446. TODO: replace ECDSA with ed25519(0x0807)
+// in RFC 8446.
func verifySignature(_ *LogParameters, certificate *x509.Certificate, scheme tls.SignatureScheme, serialized, signature []byte) error {
- if scheme != tls.ECDSAWithP256AndSHA256 {
+ if scheme != tls.Ed25519 {
return fmt.Errorf("unsupported signature scheme: %v", scheme)
}
- if err := certificate.CheckSignature(x509.ECDSAWithSHA256, serialized, signature); err != nil {
+ if err := certificate.CheckSignature(x509.PureEd25519, serialized, signature); err != nil {
return fmt.Errorf("invalid signature: %v", err)
}
return nil