From d752d967335e1418f27e03e0389b01178b28f232 Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Wed, 28 Oct 2020 13:38:39 +0100
Subject: added signed tree head and get-sth code path

---
 x509.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'x509.go')

diff --git a/x509.go b/x509.go
index 1e443a1..841b477 100644
--- a/x509.go
+++ b/x509.go
@@ -11,6 +11,8 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"io/ioutil"
+
+	"github.com/google/certificate-transparency-go/tls"
 )
 
 // LoadTrustAnchors loads a list of PEM-encoded certificates from file
@@ -121,3 +123,17 @@ func GenV1SDI(ld *LogParameters, leaf []byte) (StItem, error) {
 	}
 	return NewSignedDebugInfoV1(ld.LogId, []byte("reserved"), sig), nil
 }
+
+func GenV1STH(ld *LogParameters, th TreeHeadV1) (StItem, error) {
+	serialized, err := tls.Marshal(th)
+	if err != nil {
+		return StItem{}, fmt.Errorf("failed tls marshaling tree head: %v", err)
+	}
+
+	// Note that ed25519 does not use the passed io.Reader
+	sig, err := ld.Signer.Sign(rand.Reader, serialized, crypto.Hash(0))
+	if err != nil {
+		return StItem{}, fmt.Errorf("ed25519 signature failed: %v", err)
+	}
+	return NewSignedTreeHeadV1(th, ld.LogId, sig), nil
+}
-- 
cgit v1.2.3