diff options
Diffstat (limited to 'client/verify.go')
-rw-r--r-- | client/verify.go | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/client/verify.go b/client/verify.go index 8d64211..d9c18bf 100644 --- a/client/verify.go +++ b/client/verify.go @@ -12,6 +12,7 @@ import ( "github.com/system-transparency/stfe" ) +// VerifySignedDebugInfoV1 verifies an SDI signature func VerifySignedDebugInfoV1(sdi *stfe.StItem, scheme tls.SignatureScheme, key crypto.PublicKey, message []byte) error { if err := supportedScheme(scheme, key); err != nil { return err @@ -31,13 +32,27 @@ func VerifySignedTreeHeadV1(sth *stfe.StItem, scheme tls.SignatureScheme, key cr if err := supportedScheme(scheme, key); err != nil { return err } - if !ed25519.Verify(key.(ed25519.PublicKey), serialized, sth.SignedTreeHeadV1.Signature) { return fmt.Errorf("bad signature") } return nil } +// VerifyChecksumV1 verifies a checksum signature +func VerifyChecksumV1(checksum *stfe.StItem, key crypto.PublicKey, signature []byte, scheme tls.SignatureScheme) error { + serialized, err := checksum.Marshal() + if err != nil { + return fmt.Errorf("failed marshaling StItem: %v", err) + } + if err := supportedScheme(scheme, key); err != nil { + return err + } + if !ed25519.Verify(key.(ed25519.PublicKey), serialized, signature) { + return fmt.Errorf("bad signature") + } + return nil +} + // VerifyConsistencyProofV1 verifies that a consistency proof is valid without // checking any sth signature func VerifyConsistencyProofV1(proof, first, second *stfe.StItem) error { |