diff options
| author | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-11-02 23:28:58 +0100 |
|---|---|---|
| committer | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-11-02 23:28:58 +0100 |
| commit | c210c80e80231143f6eaa0f39e8e1d3303983791 (patch) | |
| tree | 83b3bb9cbe4947bfd3ddbebb7694f9442834a22c /x509.go | |
| parent | 801afaa9147c4f70fc00fde1993f6ce0c91bd450 (diff) | |
added start on stfe client
ChecksumV1 entries can be submitted using client-side ed25519
signatures. The resulting SignedDebugInfoV1 is then verified using the
log's announced signature scheme and public key (currently only ed25519).
Diffstat (limited to 'x509.go')
| -rw-r--r-- | x509.go | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -156,12 +156,12 @@ func buildChainFromB64List(lp *LogParameters, b64chain []string) ([]*x509.Certif // verifySignature checks if signature is valid for some serialized data. The // only supported signature scheme is ecdsa_secp256r1_sha256(0x0403), see ยง4.3.2 -// in RFC 8446. TODO: replace ECDSA with ed25519(0x0807) +// in RFC 8446. func verifySignature(_ *LogParameters, certificate *x509.Certificate, scheme tls.SignatureScheme, serialized, signature []byte) error { - if scheme != tls.ECDSAWithP256AndSHA256 { + if scheme != tls.Ed25519 { return fmt.Errorf("unsupported signature scheme: %v", scheme) } - if err := certificate.CheckSignature(x509.ECDSAWithSHA256, serialized, signature); err != nil { + if err := certificate.CheckSignature(x509.PureEd25519, serialized, signature); err != nil { return fmt.Errorf("invalid signature: %v", err) } return nil |