diff options
| author | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-10-30 20:40:17 +0100 |
|---|---|---|
| committer | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-10-30 20:40:17 +0100 |
| commit | f367d220ff99eaee7debb234c3234de6c781359c (patch) | |
| tree | 49fda266aaf121e725780d2b7e2d6eb70710c74c /x509.go | |
| parent | 5426f3bcd1a5ae4fc4b3b831b41c0d667a17e525 (diff) | |
refactor types and documentation
Structured files a bit better, added more documentation, switched to
pointers as default (unless specifically motivated not to do so), and
encapsulated TLS (un)marshaling for the respective types that use it.
Diffstat (limited to 'x509.go')
| -rw-r--r-- | x509.go | 20 |
1 files changed, 9 insertions, 11 deletions
@@ -8,13 +8,11 @@ import ( "crypto/ed25519" "crypto/rand" "crypto/rsa" - stdtls "crypto/tls" + "crypto/tls" "crypto/x509" "encoding/base64" "encoding/pem" "io/ioutil" - - "github.com/google/certificate-transparency-go/tls" ) // LoadTrustAnchors loads a list of PEM-encoded certificates from file @@ -115,25 +113,25 @@ func VerifySignature(leaf, signature []byte, certificate *x509.Certificate) erro return nil } -func GenV1SDI(ld *LogParameters, leaf []byte) (StItem, error) { +func GenV1SDI(ld *LogParameters, leaf []byte) (*StItem, error) { // Note that ed25519 does not use the passed io.Reader sig, err := ld.Signer.Sign(rand.Reader, leaf, crypto.Hash(0)) if err != nil { - return StItem{}, fmt.Errorf("ed25519 signature failed: %v", err) + return nil, fmt.Errorf("ed25519 signature failed: %v", err) } return NewSignedDebugInfoV1(ld.LogId, []byte("reserved"), sig), nil } -func GenV1STH(ld *LogParameters, th TreeHeadV1) (StItem, error) { - serialized, err := tls.Marshal(th) +func GenV1STH(ld *LogParameters, th *TreeHeadV1) (*StItem, error) { + serialized, err := th.Marshal() if err != nil { - return StItem{}, fmt.Errorf("failed tls marshaling tree head: %v", err) + return nil, fmt.Errorf("failed tls marshaling tree head: %v", err) } // Note that ed25519 does not use the passed io.Reader sig, err := ld.Signer.Sign(rand.Reader, serialized, crypto.Hash(0)) if err != nil { - return StItem{}, fmt.Errorf("ed25519 signature failed: %v", err) + return nil, fmt.Errorf("ed25519 signature failed: %v", err) } return NewSignedTreeHeadV1(th, ld.LogId, sig), nil } @@ -194,8 +192,8 @@ func buildChainFromB64List(lp *LogParameters, b64chain []string) ([]*x509.Certif // verifySignature checks if signature is valid for some serialized data. The // only supported signature scheme is ecdsa_secp256r1_sha256(0x0403), see ยง4.3.2 // in RFC 8446. TODO: replace ECDSA with ed25519(0x0807) -func verifySignature(_ *LogParameters, certificate *x509.Certificate, scheme stdtls.SignatureScheme, serialized, signature []byte) error { - if scheme != stdtls.ECDSAWithP256AndSHA256 { +func verifySignature(_ *LogParameters, certificate *x509.Certificate, scheme tls.SignatureScheme, serialized, signature []byte) error { + if scheme != tls.ECDSAWithP256AndSHA256 { return fmt.Errorf("unsupported signature scheme: %v", scheme) } if err := certificate.CheckSignature(x509.ECDSAWithSHA256, serialized, signature); err != nil { |