aboutsummaryrefslogtreecommitdiff
path: root/client
diff options
context:
space:
mode:
Diffstat (limited to 'client')
-rw-r--r--client/client.go242
-rw-r--r--client/cmd/add-entry/main.go52
-rwxr-xr-xclient/cmd/example.sh49
-rw-r--r--client/cmd/get-consistency-proof/main.go70
-rw-r--r--client/cmd/get-entries/main.go83
-rw-r--r--client/cmd/get-proof-by-hash/main.go66
-rw-r--r--client/cmd/get-sth/main.go35
-rw-r--r--client/flag.go55
-rw-r--r--client/verify.go52
9 files changed, 0 insertions, 704 deletions
diff --git a/client/client.go b/client/client.go
deleted file mode 100644
index ba81f4d..0000000
--- a/client/client.go
+++ /dev/null
@@ -1,242 +0,0 @@
-package client
-
-import (
- "bytes"
- "context"
- "crypto"
- "fmt"
-
- "io/ioutil"
- "net/http"
-
- "github.com/golang/glog"
- "github.com/google/trillian/merkle/rfc6962"
- "github.com/system-transparency/stfe"
- "github.com/system-transparency/stfe/types"
- "golang.org/x/net/context/ctxhttp"
-)
-
-// Descriptor is a log descriptor
-type Descriptor struct {
- Namespace *types.Namespace // log identifier is a namespace
- Url string // log url, e.g., http://example.com/st/v1
-}
-
-// Client is a log client
-type Client struct {
- HttpClient *http.Client
- Signer crypto.Signer // client's private identity
- Namespace *types.Namespace // client's public identity
- Log *Descriptor // log's public identity
-}
-
-// GetLatestSth fetches and verifies the signature of the most recent STH.
-// Outputs the resulting STH.
-func (c *Client) GetLatestSth(ctx context.Context) (*types.StItem, error) {
- url := stfe.EndpointGetLatestSth.Path(c.Log.Url)
- req, err := http.NewRequest("GET", url, nil)
- if err != nil {
- return nil, fmt.Errorf("failed creating http request: %v", err)
- }
- glog.V(3).Infof("created http request: %s %s", req.Method, req.URL)
-
- item, err := c.doRequestWithStItemResponse(ctx, req)
- if err != nil {
- return nil, err
- }
- if got, want := item.Format, types.StFormatSignedTreeHeadV1; got != want {
- return nil, fmt.Errorf("unexpected StItem format: %v", got)
- }
- if err := VerifySignedTreeHeadV1(c.Log.Namespace, item); err != nil {
- return nil, fmt.Errorf("signature verification failed: %v", err)
- }
- glog.V(3).Infof("verified sth")
- return item, nil
-}
-
-// GetProofByHash fetches and verifies an inclusion proof for a leaf hash
-// against an STH. Outputs the resulting proof.
-func (c *Client) GetProofByHash(ctx context.Context, leafHash []byte, sth *types.StItem) (*types.StItem, error) {
- if err := VerifySignedTreeHeadV1(c.Log.Namespace, sth); err != nil {
- return nil, fmt.Errorf("invalid sth: %v", err)
- }
- glog.V(3).Infof("verified sth")
- params := types.GetProofByHashV1{
- TreeSize: sth.SignedTreeHeadV1.TreeHead.TreeSize,
- }
- copy(params.Hash[:], leafHash)
- buf, err := types.Marshal(params)
- if err != nil {
- return nil, fmt.Errorf("req: Marshal: %v", err)
- }
-
- url := stfe.EndpointGetProofByHash.Path(c.Log.Url)
- req, err := http.NewRequest("POST", url, bytes.NewBuffer(buf))
- if err != nil {
- return nil, fmt.Errorf("failed creating http request: %v", err)
- }
- req.Header.Set("Content-Type", "application/octet-stream")
- glog.V(3).Infof("created http request: %s %s", req.Method, req.URL)
-
- item, err := c.doRequestWithStItemResponse(ctx, req)
- if err != nil {
- return nil, fmt.Errorf("doRequestWithStItemResponse: %v", err)
- }
- if got, want := item.Format, types.StFormatInclusionProofV1; got != want {
- return nil, fmt.Errorf("unexpected StItem format: %v", item.Format)
- }
- if err := VerifyInclusionProofV1(item, sth, params.Hash[:]); err != nil {
- return nil, fmt.Errorf("invalid inclusion proof: %v", err)
- }
- glog.V(3).Infof("verified inclusion proof")
- return item, nil
-}
-
-// GetConsistencyProof fetches and verifies a consistency proof betweeen two
-// STHs. Outputs the resulting proof.
-func (c *Client) GetConsistencyProof(ctx context.Context, sth1, sth2 *types.StItem) (*types.StItem, error) {
- if err := VerifySignedTreeHeadV1(c.Log.Namespace, sth1); err != nil {
- return nil, fmt.Errorf("invalid first sth: %v", err)
- }
- if err := VerifySignedTreeHeadV1(c.Log.Namespace, sth2); err != nil {
- return nil, fmt.Errorf("invalid second sth: %v", err)
- }
- glog.V(3).Infof("verified sths")
- buf, err := types.Marshal(types.GetConsistencyProofV1{
- First: sth1.SignedTreeHeadV1.TreeHead.TreeSize,
- Second: sth2.SignedTreeHeadV1.TreeHead.TreeSize,
- })
- if err != nil {
- return nil, fmt.Errorf("req: Marshal: %v", err)
- }
-
- url := stfe.EndpointGetConsistencyProof.Path(c.Log.Url)
- req, err := http.NewRequest("POST", url, bytes.NewBuffer(buf))
- if err != nil {
- return nil, fmt.Errorf("failed creating http request: %v", err)
- }
- req.Header.Set("Content-Type", "application/octet-stream")
- glog.V(3).Infof("created http request: %s %s", req.Method, req.URL)
-
- item, err := c.doRequestWithStItemResponse(ctx, req)
- if err != nil {
- return nil, fmt.Errorf("doRequestWithStItemResponse: %v", err)
- }
- if got, want := item.Format, types.StFormatConsistencyProofV1; got != want {
- return nil, fmt.Errorf("unexpected StItem format: %v", item.Format)
- }
- if err := VerifyConsistencyProofV1(item, sth1, sth2); err != nil {
- return nil, fmt.Errorf("invalid inclusion proof: %v", err)
- }
- glog.V(3).Infof("verified inclusion proof")
- return item, nil
-}
-
-// AddEntry signs and submits a checksum_v1 entry to the log. Outputs the
-// resulting leaf-hash on success.
-func (c *Client) AddEntry(ctx context.Context, data *types.ChecksumV1) ([]byte, error) {
- msg, err := types.Marshal(*data)
- if err != nil {
- return nil, fmt.Errorf("failed marshaling ChecksumV1: %v", err)
- }
- sig, err := c.Signer.Sign(nil, msg, crypto.Hash(0))
- if err != nil {
- return nil, fmt.Errorf("failed signing ChecksumV1: %v", err)
- }
- leaf, err := types.Marshal(*types.NewSignedChecksumV1(data, &types.SignatureV1{
- Namespace: *c.Namespace,
- Signature: sig,
- }))
- if err != nil {
- return nil, fmt.Errorf("failed marshaling SignedChecksumV1: %v", err)
- }
- glog.V(3).Infof("signed checksum entry for identifier %q", string(data.Identifier))
-
- url := stfe.EndpointAddEntry.Path(c.Log.Url)
- req, err := http.NewRequest("POST", url, bytes.NewBuffer(leaf))
- if err != nil {
- return nil, fmt.Errorf("failed creating http request: %v", err)
- }
- req.Header.Set("Content-Type", "application/octet-stream")
- glog.V(3).Infof("created http request: %s %s", req.Method, req.URL)
-
- if rsp, err := c.doRequest(ctx, req); err != nil {
- return nil, fmt.Errorf("doRequest: %v", err)
- } else if len(rsp) != 0 {
- return nil, fmt.Errorf("extra data: %v", err)
- }
- glog.V(3).Infof("add-entry succeded")
- return rfc6962.DefaultHasher.HashLeaf(leaf), nil
-}
-
-// GetEntries fetches a range of entries from the log, verifying that they are
-// of type signed_checksum_v1 but nothing more than that. Outputs the resulting
-// range that may be truncated by the log if [start,end] is too large.
-func (c *Client) GetEntries(ctx context.Context, start, end uint64) ([]*types.StItem, error) {
- buf, err := types.Marshal(types.GetEntriesV1{
- Start: start,
- End: end,
- })
- if err != nil {
- return nil, fmt.Errorf("Marshal: %v", err)
- }
- url := stfe.EndpointGetEntries.Path(c.Log.Url)
- req, err := http.NewRequest("POST", url, bytes.NewBuffer(buf))
- if err != nil {
- return nil, fmt.Errorf("failed creating http request: %v", err)
- }
- req.Header.Set("Content-Type", "application/octet-stream")
- glog.V(3).Infof("created http request: %s %s", req.Method, req.URL)
- glog.V(3).Infof("request data: start(%d), end(%d)", start, end)
-
- body, err := c.doRequest(ctx, req)
- if err != nil {
- return nil, fmt.Errorf("doRequest: %v", err)
- }
- var list types.StItemList
- if err := types.Unmarshal(body, &list); err != nil {
- return nil, fmt.Errorf("Unmarshal: %v", err)
- }
- ret := make([]*types.StItem, 0, len(list.Items))
- for i, _ := range list.Items {
- item := list.Items[i]
- if got, want := item.Format, types.StFormatSignedChecksumV1; got != want {
- return nil, fmt.Errorf("unexpected StItem format: %v", got)
- }
- ret = append(ret, &item)
- }
- return ret, nil
-}
-
-// doRequest sends an HTTP request and outputs the raw body
-func (c *Client) doRequest(ctx context.Context, req *http.Request) ([]byte, error) {
- rsp, err := ctxhttp.Do(ctx, c.HttpClient, req)
- if err != nil {
- return nil, fmt.Errorf("no response: %v", err)
- }
- defer rsp.Body.Close()
- if got, want := rsp.StatusCode, http.StatusOK; got != want {
- return nil, fmt.Errorf("bad http status: %v", got)
- }
- body, err := ioutil.ReadAll(rsp.Body)
- if err != nil {
- return nil, fmt.Errorf("cannot read body: %v", err)
- }
- return body, nil
-}
-
-//
-// doRequestWithStItemResponse sends an HTTP request and returns a decoded
-// StItem that the resulting HTTP response contained json:ed and marshaled
-func (c *Client) doRequestWithStItemResponse(ctx context.Context, req *http.Request) (*types.StItem, error) {
- body, err := c.doRequest(ctx, req)
- if err != nil {
- return nil, err
- }
- var item types.StItem
- if err := types.Unmarshal(body, &item); err != nil {
- return nil, fmt.Errorf("failed decoding StItem: %v", err)
- }
- glog.V(9).Infof("got StItem: %v", item)
- return &item, nil
-}
diff --git a/client/cmd/add-entry/main.go b/client/cmd/add-entry/main.go
deleted file mode 100644
index a29d01f..0000000
--- a/client/cmd/add-entry/main.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package main
-
-import (
- "context"
- "flag"
- "fmt"
-
- "encoding/base64"
-
- "github.com/golang/glog"
- "github.com/system-transparency/stfe/client"
- "github.com/system-transparency/stfe/types"
-)
-
-var (
- identifier = flag.String("identifier", "", "checksum identifier")
- checksum = flag.String("checksum", "", "base64-encoded checksum")
-)
-
-func main() {
- flag.Parse()
- defer glog.Flush()
-
- client, err := client.NewClientFromFlags()
- if err != nil {
- glog.Errorf("NewClientFromFlags: %v", err)
- return
- }
- data, err := NewChecksumV1FromFlags()
- if err != nil {
- glog.Errorf("NewChecksumV1FromFlags: %v", err)
- return
- }
- leafHash, err := client.AddEntry(context.Background(), data)
- if err != nil {
- glog.Errorf("AddEntry: %v", err)
- return
- }
- fmt.Println("leaf hash:", base64.StdEncoding.EncodeToString(leafHash))
-}
-
-func NewChecksumV1FromFlags() (*types.ChecksumV1, error) {
- var err error
- data := types.ChecksumV1{
- Identifier: []byte(*identifier),
- }
- data.Checksum, err = base64.StdEncoding.DecodeString(*checksum)
- if err != nil {
- return nil, fmt.Errorf("entry_checksum: DecodeString: %v", err)
- }
- return &data, nil
-}
diff --git a/client/cmd/example.sh b/client/cmd/example.sh
deleted file mode 100755
index d790712..0000000
--- a/client/cmd/example.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/bash
-set -eu
-
-log_url=http://tlog-poc.system-transparency.org:4780/st/v1
-log_id=AAG+ZW+UesWdMFytUGkp28csBcziomSB3U2vvkAW55MVZQ==
-tmpdir=$(mktemp -dt stfe.XXXXXXXX)
-cp $0 $tmpdir/
-cd $tmpdir
-
-commonargs="--log_id $log_id --log_url $log_url" # --logtostderr -v 3
-pause="sleep 1"
-
-echo "arguments used:"
-echo $commonargs
-echo ""
-
-echo "fetching sth..."
-get-sth $commonargs | tee sth1.output
-echo "" && $pause
-
-echo "adding an entry..."
-add-entry $commonargs \
- --identifier "example.sh v0.0.1-$(cat /dev/urandom | base64 | head -c 10)" \
- --checksum $(sha256sum "$0") | tee add-entry.output
-echo "" && $pause
-
-echo "fetching another sth..."
-get-sth $commonargs | tee sth2.output
-echo "" && $pause
-
-echo "verifying inclusion..."
-get-proof-by-hash $commonargs \
- --leaf_hash $(cat add-entry.output | awk '{print $3}') \
- --sth $(cat sth2.output | awk '{print $2}')
-echo "" && $pause
-
-echo "verifying consistency..."
-get-consistency-proof $commonargs \
- --first $(cat sth1.output | awk '{print $2}') \
- --second $(cat sth2.output | awk '{print $2}')
-echo "" && $pause
-
-echo "fetching the log's first entry..."
-get-entries $commonargs --start 0 --end 0
-echo ""
-
-rm *.output $0
-cd
-rmdir $tmpdir
diff --git a/client/cmd/get-consistency-proof/main.go b/client/cmd/get-consistency-proof/main.go
deleted file mode 100644
index bb8a7a6..0000000
--- a/client/cmd/get-consistency-proof/main.go
+++ /dev/null
@@ -1,70 +0,0 @@
-package main
-
-import (
- "context"
- "flag"
- "fmt"
-
- "encoding/base64"
-
- "github.com/golang/glog"
- "github.com/system-transparency/stfe/client"
- "github.com/system-transparency/stfe/types"
-)
-
-var (
- first = flag.String("first", "", "base64-encoded sth")
- second = flag.String("second", "", "base64-encoded sth")
-)
-
-func main() {
- flag.Parse()
- defer glog.Flush()
-
- client, err := client.NewClientFromFlags()
- if err != nil {
- glog.Errorf("NewClientFromFlags: %v", err)
- return
- }
- sth1, sth2, err := newParamsFromFlags()
- if err != nil {
- glog.Errorf("NewRequestFromFlags: %v", err)
- return
- }
-
- proof, err := client.GetConsistencyProof(context.Background(), sth1, sth2)
- if err != nil {
- glog.Errorf("GetConsistencyProof: %v", err)
- return
- }
- serialized, err := types.Marshal(*proof)
- if err != nil {
- glog.Errorf("Marshal: %v", err)
- return
- }
- fmt.Println("proof:", base64.StdEncoding.EncodeToString(serialized))
-}
-
-func newParamsFromFlags() (*types.StItem, *types.StItem, error) {
- sth1, err := decodeSthStr(*first)
- if err != nil {
- return nil, nil, fmt.Errorf("first: decodeSthStr: %v", err)
- }
- sth2, err := decodeSthStr(*second)
- if err != nil {
- return nil, nil, fmt.Errorf("second: decodeSthStr: %v", err)
- }
- return sth1, sth2, nil
-}
-
-func decodeSthStr(sthStr string) (*types.StItem, error) {
- serialized, err := base64.StdEncoding.DecodeString(sthStr)
- if err != nil {
- return nil, fmt.Errorf("DecodeString: %v", err)
- }
- var item types.StItem
- if err = types.Unmarshal(serialized, &item); err != nil {
- return nil, fmt.Errorf("Unmarshal: %v", err)
- }
- return &item, nil
-}
diff --git a/client/cmd/get-entries/main.go b/client/cmd/get-entries/main.go
deleted file mode 100644
index f32fdbf..0000000
--- a/client/cmd/get-entries/main.go
+++ /dev/null
@@ -1,83 +0,0 @@
-package main
-
-import (
- "context"
- "flag"
- "fmt"
-
- "encoding/base64"
-
- "github.com/golang/glog"
- "github.com/google/trillian/merkle/rfc6962"
- "github.com/system-transparency/stfe/client"
- "github.com/system-transparency/stfe/types"
-)
-
-var (
- start = flag.Uint64("start", 0, "inclusive start index to download")
- end = flag.Uint64("end", 0, "inclusive stop index to download")
-)
-
-func main() {
- flag.Parse()
- defer glog.Flush()
-
- client, err := client.NewClientFromFlags()
- if err != nil {
- glog.Errorf("NewClientFromFlags: %v", err)
- return
- }
- items, err := getRange(client, *start, *end)
- if err != nil {
- glog.Errorf("getRange: %v", err)
- return
- }
- if err := printRange(items); err != nil {
- glog.Errorf("printRange: %v", err)
- return
- }
-}
-
-func getRange(client *client.Client, start, end uint64) ([]*types.StItem, error) {
- items := make([]*types.StItem, 0, end-start+1)
- for len(items) != cap(items) {
- rsp, err := client.GetEntries(context.Background(), start, end)
- if err != nil {
- return nil, fmt.Errorf("fetching entries failed: %v", err)
- }
- items = append(items, rsp...)
- start += uint64(len(rsp))
- }
- return items, nil
-}
-
-func printRange(items []*types.StItem) error {
- for i, item := range items {
- var status string
- msg, err := types.Marshal(item.SignedChecksumV1.Data)
- if err != nil {
- return fmt.Errorf("Marshal data failed: %v", err)
- }
- sig := item.SignedChecksumV1.Signature.Signature
- namespace := &item.SignedChecksumV1.Signature.Namespace
- if err := namespace.Verify(msg, sig); err != nil {
- status = "unverified signature"
- } else {
- status = "verified signature"
- }
- serializedNamespace, err := types.Marshal(*namespace)
- if err != nil {
- return fmt.Errorf("Marshal namespace failed: %v", err)
- }
- serializedLeaf, err := types.Marshal(*item)
- if err != nil {
- return fmt.Errorf("Marshal item on index %d: %v", *start+uint64(i), err)
- }
- fmt.Printf("Index(%d) - %s\n", *start+uint64(i), status)
- fmt.Printf("-> Namespace: %s\n", base64.StdEncoding.EncodeToString(serializedNamespace))
- fmt.Printf("-> Identifier: %s\n", string(item.SignedChecksumV1.Data.Identifier))
- fmt.Printf("-> Checksum: %s\n", base64.StdEncoding.EncodeToString(item.SignedChecksumV1.Data.Checksum))
- fmt.Printf("-> Leaf hash: %s\n", base64.StdEncoding.EncodeToString(rfc6962.DefaultHasher.HashLeaf(serializedLeaf)))
- }
- return nil
-}
diff --git a/client/cmd/get-proof-by-hash/main.go b/client/cmd/get-proof-by-hash/main.go
deleted file mode 100644
index 1f4f304..0000000
--- a/client/cmd/get-proof-by-hash/main.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package main
-
-import (
- "context"
- "flag"
- "fmt"
-
- "encoding/base64"
-
- "github.com/golang/glog"
- "github.com/system-transparency/stfe/client"
- "github.com/system-transparency/stfe/types"
-)
-
-var (
- sthStr = flag.String("sth", "", "base64-encoded StItem of type StFormatSignedTreeHeadV1 (default: fetch new sth)")
- leafHashStr = flag.String("leaf_hash", "", "base64-encoded leaf hash")
-)
-
-func main() {
- flag.Parse()
- defer glog.Flush()
-
- client, err := client.NewClientFromFlags()
- if err != nil {
- glog.Errorf("NewClientFromFlags: %v", err)
- return
- }
- leafHash, sth, err := newParamsFromFlags(client)
- if err != nil {
- glog.Errorf("NewRequestFromFlags: %v", err)
- return
- }
-
- proof, err := client.GetProofByHash(context.Background(), leafHash, sth)
- if err != nil {
- glog.Errorf("GetProofByHash: %v", err)
- return
- }
- serialized, err := types.Marshal(*proof)
- if err != nil {
- glog.Errorf("Marshal: %v", err)
- }
- fmt.Println("proof:", base64.StdEncoding.EncodeToString(serialized))
-}
-
-func newParamsFromFlags(client *client.Client) ([]byte, *types.StItem, error) {
- serialized, err := base64.StdEncoding.DecodeString(*sthStr)
- if err != nil {
- return nil, nil, fmt.Errorf("sth: DecodeString: %v", err)
- }
- var item types.StItem
- if err = types.Unmarshal(serialized, &item); err != nil {
- return nil, nil, fmt.Errorf("sth: Unmarshal: %v", err)
- } else if got, want := item.Format, types.StFormatSignedTreeHeadV1; got != want {
- return nil, nil, fmt.Errorf("unexpected StItem format: %v", got)
- }
- leafHash, err := base64.StdEncoding.DecodeString(*leafHashStr)
- if err != nil {
- return nil, nil, fmt.Errorf("leaf_hash: DecodeString: %v", err)
- } else if got, want := len(leafHash), 32; got != want {
- return nil, nil, fmt.Errorf("leaf_hash: unexpected size: %v", got)
- }
- glog.V(3).Infof("created request parameters TreeSize(%d) and LeafHash(%s)", item.SignedTreeHeadV1.TreeHead.TreeSize, *leafHashStr)
- return leafHash, &item, nil
-}
diff --git a/client/cmd/get-sth/main.go b/client/cmd/get-sth/main.go
deleted file mode 100644
index 6b23b06..0000000
--- a/client/cmd/get-sth/main.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package main
-
-import (
- "context"
- "flag"
- "fmt"
-
- "encoding/base64"
-
- "github.com/golang/glog"
- "github.com/system-transparency/stfe/client"
- "github.com/system-transparency/stfe/types"
-)
-
-func main() {
- flag.Parse()
- defer glog.Flush()
-
- client, err := client.NewClientFromFlags()
- if err != nil {
- glog.Errorf("NewClientFromFlags: %v", err)
- return
- }
- sth, err := client.GetLatestSth(context.Background())
- if err != nil {
- glog.Errorf("GetLatestSth: %v", err)
- return
- }
- serialized, err := types.Marshal(*sth)
- if err != nil {
- glog.Errorf("Marshal: %v", err)
- return
- }
- fmt.Println("sth:", base64.StdEncoding.EncodeToString(serialized))
-}
diff --git a/client/flag.go b/client/flag.go
deleted file mode 100644
index 8ba7a10..0000000
--- a/client/flag.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package client
-
-import (
- "flag"
- "fmt"
-
- "crypto/ed25519"
- "encoding/base64"
- "net/http"
-
- "github.com/system-transparency/stfe/types"
-)
-
-var (
- logId = flag.String("log_id", "AAG+ZW+UesWdMFytUGkp28csBcziomSB3U2vvkAW55MVZQ==", "base64-encoded log identifier")
- logUrl = flag.String("log_url", "http://tlog-poc.system-transparency.org:4780/st/v1", "log url")
- ed25519_sk = flag.String("ed25519_sk", "d8i6nud7PS1vdO0sIk9H+W0nyxbM63Y3/mSeUPRafWaFh8iH8QXvL7NaAYn2RZPrnEey+FdpmTYXE47OFO70eg==", "base64-encoded ed25519 signing key")
-)
-
-func NewClientFromFlags() (*Client, error) {
- var err error
- c := Client{
- HttpClient: &http.Client{},
- }
- if len(*ed25519_sk) != 0 {
- sk, err := base64.StdEncoding.DecodeString(*ed25519_sk)
- if err != nil {
- return nil, fmt.Errorf("ed25519_sk: DecodeString: %v", err)
- }
- c.Signer = ed25519.PrivateKey(sk)
- c.Namespace, err = types.NewNamespaceEd25519V1([]byte(ed25519.PrivateKey(sk).Public().(ed25519.PublicKey)))
- if err != nil {
- return nil, fmt.Errorf("ed25519_vk: NewNamespaceEd25519V1: %v", err)
- }
- }
- if c.Log, err = NewDescriptorFromFlags(); err != nil {
- return nil, fmt.Errorf("NewDescriptorFromFlags: %v", err)
- }
- return &c, nil
-}
-
-func NewDescriptorFromFlags() (*Descriptor, error) {
- b, err := base64.StdEncoding.DecodeString(*logId)
- if err != nil {
- return nil, fmt.Errorf("LogId: DecodeString: %v", err)
- }
- var namespace types.Namespace
- if err := types.Unmarshal(b, &namespace); err != nil {
- return nil, fmt.Errorf("LogId: Unmarshal: %v", err)
- }
- return &Descriptor{
- Namespace: &namespace,
- Url: *logUrl,
- }, nil
-}
diff --git a/client/verify.go b/client/verify.go
deleted file mode 100644
index c95828c..0000000
--- a/client/verify.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package client
-
-import (
- "fmt"
- "reflect"
-
- "github.com/google/trillian/merkle"
- "github.com/google/trillian/merkle/rfc6962"
- "github.com/system-transparency/stfe/types"
-)
-
-func VerifySignedTreeHeadV1(namespace *types.Namespace, sth *types.StItem) error {
- if got, want := &sth.SignedTreeHeadV1.Signature.Namespace, namespace; !reflect.DeepEqual(got, want) {
- return fmt.Errorf("unexpected log id: %v", want)
- }
- th, err := types.Marshal(sth.SignedTreeHeadV1.TreeHead)
- if err != nil {
- return fmt.Errorf("Marshal: %v", err)
- }
- if err := namespace.Verify(th, sth.SignedTreeHeadV1.Signature.Signature); err != nil {
- return fmt.Errorf("Verify: %v", err)
- }
- return nil
-}
-
-func VerifyConsistencyProofV1(proof, first, second *types.StItem) error {
- path := make([][]byte, 0, len(proof.ConsistencyProofV1.ConsistencyPath))
- for _, nh := range proof.ConsistencyProofV1.ConsistencyPath {
- path = append(path, nh.Data)
- }
- return merkle.NewLogVerifier(rfc6962.DefaultHasher).VerifyConsistencyProof(
- int64(proof.ConsistencyProofV1.TreeSize1),
- int64(proof.ConsistencyProofV1.TreeSize2),
- first.SignedTreeHeadV1.TreeHead.RootHash.Data,
- second.SignedTreeHeadV1.TreeHead.RootHash.Data,
- path,
- )
-}
-
-func VerifyInclusionProofV1(proof, sth *types.StItem, leafHash []byte) error {
- path := make([][]byte, 0, len(proof.InclusionProofV1.InclusionPath))
- for _, nh := range proof.InclusionProofV1.InclusionPath {
- path = append(path, nh.Data)
- }
- return merkle.NewLogVerifier(rfc6962.DefaultHasher).VerifyInclusionProof(
- int64(proof.InclusionProofV1.LeafIndex),
- int64(proof.InclusionProofV1.TreeSize),
- path,
- sth.SignedTreeHeadV1.TreeHead.RootHash.Data,
- leafHash,
- )
-}