diff options
Diffstat (limited to 'client/verify.go')
-rw-r--r-- | client/verify.go | 59 |
1 files changed, 0 insertions, 59 deletions
diff --git a/client/verify.go b/client/verify.go index d9c18bf..3ce02e7 100644 --- a/client/verify.go +++ b/client/verify.go @@ -1,58 +1,11 @@ package client import ( - "fmt" - - "crypto" - "crypto/ed25519" - "crypto/tls" - "github.com/google/trillian/merkle" "github.com/google/trillian/merkle/rfc6962" "github.com/system-transparency/stfe" ) -// VerifySignedDebugInfoV1 verifies an SDI signature -func VerifySignedDebugInfoV1(sdi *stfe.StItem, scheme tls.SignatureScheme, key crypto.PublicKey, message []byte) error { - if err := supportedScheme(scheme, key); err != nil { - return err - } - if !ed25519.Verify(key.(ed25519.PublicKey), message, sdi.SignedDebugInfoV1.Signature) { - return fmt.Errorf("bad signature") - } - return nil -} - -// VerifySignedTreeHeadV1 verifies an STH signature -func VerifySignedTreeHeadV1(sth *stfe.StItem, scheme tls.SignatureScheme, key crypto.PublicKey) error { - serialized, err := sth.SignedTreeHeadV1.TreeHead.Marshal() - if err != nil { - return fmt.Errorf("failed marshaling tree head: %v", err) - } - if err := supportedScheme(scheme, key); err != nil { - return err - } - if !ed25519.Verify(key.(ed25519.PublicKey), serialized, sth.SignedTreeHeadV1.Signature) { - return fmt.Errorf("bad signature") - } - return nil -} - -// VerifyChecksumV1 verifies a checksum signature -func VerifyChecksumV1(checksum *stfe.StItem, key crypto.PublicKey, signature []byte, scheme tls.SignatureScheme) error { - serialized, err := checksum.Marshal() - if err != nil { - return fmt.Errorf("failed marshaling StItem: %v", err) - } - if err := supportedScheme(scheme, key); err != nil { - return err - } - if !ed25519.Verify(key.(ed25519.PublicKey), serialized, signature) { - return fmt.Errorf("bad signature") - } - return nil -} - // VerifyConsistencyProofV1 verifies that a consistency proof is valid without // checking any sth signature func VerifyConsistencyProofV1(proof, first, second *stfe.StItem) error { @@ -84,15 +37,3 @@ func VerifyInclusionProofV1(proof *stfe.StItem, rootHash, leafHash []byte) error leafHash, ) } - -// supportedScheme checks whether the client library supports the log's -// signature scheme and public key type -func supportedScheme(scheme tls.SignatureScheme, key crypto.PublicKey) error { - if _, ok := key.(ed25519.PublicKey); ok && scheme == tls.Ed25519 { - return nil - } - switch t := key.(type) { - default: - return fmt.Errorf("unsupported scheme(%v) and key(%v)", scheme, t) - } -} |