From 2ad1e255d7909376bec16dc874e51be5b2629273 Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Tue, 3 Nov 2020 16:45:51 +0100
Subject: added client-side consistency proof verification

---
 client/verify.go | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

(limited to 'client/verify.go')

diff --git a/client/verify.go b/client/verify.go
index 3668bf2..b5257ac 100644
--- a/client/verify.go
+++ b/client/verify.go
@@ -44,7 +44,24 @@ func VerifySignedTreeHeadV1(sth *stfe.StItem, scheme tls.SignatureScheme, key cr
 	return nil
 }
 
-// VerifyInclusionProofV1 verifies that an inclusion proof is valid
+// VerifyConsistencyProofV1 verifies that a consistency proof is valid without
+// checking any sth signature
+func VerifyConsistencyProofV1(proof, first, second *stfe.StItem) error {
+	path := make([][]byte, 0, len(proof.ConsistencyProofV1.ConsistencyPath))
+	for _, nh := range proof.ConsistencyProofV1.ConsistencyPath {
+		path = append(path, nh.Data)
+	}
+	return merkle.NewLogVerifier(rfc6962.DefaultHasher).VerifyConsistencyProof(
+		int64(proof.ConsistencyProofV1.TreeSize1),
+		int64(proof.ConsistencyProofV1.TreeSize2),
+		first.SignedTreeHeadV1.TreeHead.RootHash.Data,
+		second.SignedTreeHeadV1.TreeHead.RootHash.Data,
+		path,
+	)
+}
+
+// VerifyInclusionProofV1 verifies that an inclusion proof is valid without checking
+// any sth signature
 func VerifyInclusionProofV1(proof *stfe.StItem, rootHash, leafHash []byte) error {
 	path := make([][]byte, 0, len(proof.InclusionProofV1.InclusionPath))
 	for _, nh := range proof.InclusionProofV1.InclusionPath {
-- 
cgit v1.2.3