aboutsummaryrefslogtreecommitdiff
path: root/client/verify.go
blob: d9c18bf2d291c8024a349881979f459ba893da42 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package client

import (
	"fmt"

	"crypto"
	"crypto/ed25519"
	"crypto/tls"

	"github.com/google/trillian/merkle"
	"github.com/google/trillian/merkle/rfc6962"
	"github.com/system-transparency/stfe"
)

// VerifySignedDebugInfoV1 verifies an SDI signature
func VerifySignedDebugInfoV1(sdi *stfe.StItem, scheme tls.SignatureScheme, key crypto.PublicKey, message []byte) error {
	if err := supportedScheme(scheme, key); err != nil {
		return err
	}
	if !ed25519.Verify(key.(ed25519.PublicKey), message, sdi.SignedDebugInfoV1.Signature) {
		return fmt.Errorf("bad signature")
	}
	return nil
}

// VerifySignedTreeHeadV1 verifies an STH signature
func VerifySignedTreeHeadV1(sth *stfe.StItem, scheme tls.SignatureScheme, key crypto.PublicKey) error {
	serialized, err := sth.SignedTreeHeadV1.TreeHead.Marshal()
	if err != nil {
		return fmt.Errorf("failed marshaling tree head: %v", err)
	}
	if err := supportedScheme(scheme, key); err != nil {
		return err
	}
	if !ed25519.Verify(key.(ed25519.PublicKey), serialized, sth.SignedTreeHeadV1.Signature) {
		return fmt.Errorf("bad signature")
	}
	return nil
}

// VerifyChecksumV1 verifies a checksum signature
func VerifyChecksumV1(checksum *stfe.StItem, key crypto.PublicKey, signature []byte, scheme tls.SignatureScheme) error {
	serialized, err := checksum.Marshal()
	if err != nil {
		return fmt.Errorf("failed marshaling StItem: %v", err)
	}
	if err := supportedScheme(scheme, key); err != nil {
		return err
	}
	if !ed25519.Verify(key.(ed25519.PublicKey), serialized, signature) {
		return fmt.Errorf("bad signature")
	}
	return nil
}

// VerifyConsistencyProofV1 verifies that a consistency proof is valid without
// checking any sth signature
func VerifyConsistencyProofV1(proof, first, second *stfe.StItem) error {
	path := make([][]byte, 0, len(proof.ConsistencyProofV1.ConsistencyPath))
	for _, nh := range proof.ConsistencyProofV1.ConsistencyPath {
		path = append(path, nh.Data)
	}
	return merkle.NewLogVerifier(rfc6962.DefaultHasher).VerifyConsistencyProof(
		int64(proof.ConsistencyProofV1.TreeSize1),
		int64(proof.ConsistencyProofV1.TreeSize2),
		first.SignedTreeHeadV1.TreeHead.RootHash.Data,
		second.SignedTreeHeadV1.TreeHead.RootHash.Data,
		path,
	)
}

// VerifyInclusionProofV1 verifies that an inclusion proof is valid without checking
// any sth signature
func VerifyInclusionProofV1(proof *stfe.StItem, rootHash, leafHash []byte) error {
	path := make([][]byte, 0, len(proof.InclusionProofV1.InclusionPath))
	for _, nh := range proof.InclusionProofV1.InclusionPath {
		path = append(path, nh.Data)
	}
	return merkle.NewLogVerifier(rfc6962.DefaultHasher).VerifyInclusionProof(
		int64(proof.InclusionProofV1.LeafIndex),
		int64(proof.InclusionProofV1.TreeSize),
		path,
		rootHash,
		leafHash,
	)
}

// supportedScheme checks whether the client library supports the log's
// signature scheme and public key type
func supportedScheme(scheme tls.SignatureScheme, key crypto.PublicKey) error {
	if _, ok := key.(ed25519.PublicKey); ok && scheme == tls.Ed25519 {
		return nil
	}
	switch t := key.(type) {
	default:
		return fmt.Errorf("unsupported scheme(%v) and key(%v)", scheme, t)
	}
}