From c210c80e80231143f6eaa0f39e8e1d3303983791 Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Mon, 2 Nov 2020 23:28:58 +0100
Subject: added start on stfe client

ChecksumV1 entries can be submitted using client-side ed25519
signatures.  The resulting SignedDebugInfoV1 is then verified using the
log's announced signature scheme and public key (currently only ed25519).
---
 verify.go | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 verify.go

(limited to 'verify.go')

diff --git a/verify.go b/verify.go
new file mode 100644
index 0000000..fbcf6df
--- /dev/null
+++ b/verify.go
@@ -0,0 +1,32 @@
+package stfe
+
+import (
+	"fmt"
+
+	"crypto/ed25519"
+	"crypto/tls"
+	"crypto/x509"
+)
+
+func (sdi *SignedDebugInfoV1) Verify(scheme tls.SignatureScheme, publicKey, message []byte) error {
+	if scheme != tls.Ed25519 {
+		return fmt.Errorf("unsupported signature scheme: %v", scheme)
+	}
+
+	// TODO: fix so that publicKey is already passed as crypto.PublicKey
+	k, err := x509.ParsePKIXPublicKey(publicKey)
+	if err != nil {
+		return fmt.Errorf("failed parsing public key: %v", err)
+	}
+
+	switch t := k.(type) {
+	case ed25519.PublicKey:
+		vk := k.(ed25519.PublicKey)
+		if !ed25519.Verify(vk, message, sdi.Signature) {
+			return fmt.Errorf("invalid signature: PublicKey(%v) Message(%v) Signature(%v)", vk, message, sdi.Signature)
+		}
+		return nil
+	default:
+		return fmt.Errorf("Unsupported public key: %s", t)
+	}
+}
-- 
cgit v1.2.3