From 14dd503f7612e18091e82b3b0a3ec381604d60df Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Tue, 3 Nov 2020 16:11:38 +0100
Subject: added client-side inclusion proof verification

---
 client/verify.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'client/verify.go')

diff --git a/client/verify.go b/client/verify.go
index cd2023b..3668bf2 100644
--- a/client/verify.go
+++ b/client/verify.go
@@ -7,6 +7,8 @@ import (
 	"crypto/ed25519"
 	"crypto/tls"
 
+	"github.com/google/trillian/merkle"
+	"github.com/google/trillian/merkle/rfc6962"
 	"github.com/system-transparency/stfe"
 )
 
@@ -42,6 +44,15 @@ func VerifySignedTreeHeadV1(sth *stfe.StItem, scheme tls.SignatureScheme, key cr
 	return nil
 }
 
+// VerifyInclusionProofV1 verifies that an inclusion proof is valid
+func VerifyInclusionProofV1(proof *stfe.StItem, rootHash, leafHash []byte) error {
+	path := make([][]byte, 0, len(proof.InclusionProofV1.InclusionPath))
+	for _, nh := range proof.InclusionProofV1.InclusionPath {
+		path = append(path, nh.Data)
+	}
+	return merkle.NewLogVerifier(rfc6962.DefaultHasher).VerifyInclusionProof(int64(proof.InclusionProofV1.LeafIndex), int64(proof.InclusionProofV1.TreeSize), path, rootHash, leafHash)
+}
+
 // supportedScheme checks whether the client library supports the log's
 // signature scheme and public key type
 func supportedScheme(scheme tls.SignatureScheme, key crypto.PublicKey) error {
-- 
cgit v1.2.3