diff options
Diffstat (limited to 'client/verify.go')
| -rw-r--r-- | client/verify.go | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/client/verify.go b/client/verify.go index cd2023b..3668bf2 100644 --- a/client/verify.go +++ b/client/verify.go @@ -7,6 +7,8 @@ import ( "crypto/ed25519" "crypto/tls" + "github.com/google/trillian/merkle" + "github.com/google/trillian/merkle/rfc6962" "github.com/system-transparency/stfe" ) @@ -42,6 +44,15 @@ func VerifySignedTreeHeadV1(sth *stfe.StItem, scheme tls.SignatureScheme, key cr return nil } +// VerifyInclusionProofV1 verifies that an inclusion proof is valid +func VerifyInclusionProofV1(proof *stfe.StItem, rootHash, leafHash []byte) error { + path := make([][]byte, 0, len(proof.InclusionProofV1.InclusionPath)) + for _, nh := range proof.InclusionProofV1.InclusionPath { + path = append(path, nh.Data) + } + return merkle.NewLogVerifier(rfc6962.DefaultHasher).VerifyInclusionProof(int64(proof.InclusionProofV1.LeafIndex), int64(proof.InclusionProofV1.TreeSize), path, rootHash, leafHash) +} + // supportedScheme checks whether the client library supports the log's // signature scheme and public key type func supportedScheme(scheme tls.SignatureScheme, key crypto.PublicKey) error { |