diff options
author | Linus Nordberg <linus@nordberg.se> | 2022-03-25 16:36:27 +0100 |
---|---|---|
committer | Rasmus Dahlberg <rasmus@mullvad.net> | 2022-03-28 19:10:49 +0200 |
commit | 8634892aa6d5d59f73e50652dbe750df263853a3 (patch) | |
tree | b979039d1c63107969f21ef5ce20dc9e827f2ab4 /pkg/types/tree_head.go | |
parent | ace5e7c406dee2ca533d41f5271de0be7403a139 (diff) |
sign tree heads and leaves with SSHSIG
Diffstat (limited to 'pkg/types/tree_head.go')
-rw-r--r-- | pkg/types/tree_head.go | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/pkg/types/tree_head.go b/pkg/types/tree_head.go index 0f1efee..b0214ca 100644 --- a/pkg/types/tree_head.go +++ b/pkg/types/tree_head.go @@ -8,6 +8,7 @@ import ( "io" "git.sigsum.org/sigsum-lib-go/pkg/ascii" + "git.sigsum.org/sigsum-lib-go/pkg/hex" ) type TreeHead struct { @@ -27,17 +28,30 @@ type CosignedTreeHead struct { KeyHash []Hash `ascii:"key_hash"` } -func (th *TreeHead) ToBinary(keyHash *Hash) []byte { - b := make([]byte, 80) +func (th *TreeHead) toBinary() []byte { + b := make([]byte, 48) binary.BigEndian.PutUint64(b[0:8], th.Timestamp) binary.BigEndian.PutUint64(b[8:16], th.TreeSize) copy(b[16:48], th.RootHash[:]) - copy(b[48:80], keyHash[:]) return b } -func (th *TreeHead) Sign(s crypto.Signer, ctx *Hash) (*SignedTreeHead, error) { - sig, err := s.Sign(nil, th.ToBinary(ctx), crypto.Hash(0)) +func (th *TreeHead) ToBinary(keyHash *Hash) []byte { + namespace := fmt.Sprintf("tree_head:v0:%s@sigsum.org", hex.Serialize((*keyHash)[:])) // length 88 + b := make([]byte, 6+4+88+4+0+4+6+4+HashSize) + + copy(b[0:6], "SSHSIG") + i := 6 + i += putSSHString(b[i:], namespace) + i += putSSHString(b[i:], "") + i += putSSHString(b[i:], "sha256") + i += putSSHString(b[i:], string((*HashFn(th.toBinary()))[:])) + + return b +} + +func (th *TreeHead) Sign(s crypto.Signer, kh *Hash) (*SignedTreeHead, error) { + sig, err := s.Sign(nil, th.ToBinary(kh), crypto.Hash(0)) if err != nil { return nil, fmt.Errorf("types: failed signing tree head") } @@ -57,8 +71,8 @@ func (sth *SignedTreeHead) FromASCII(r io.Reader) error { return ascii.StdEncoding.Deserialize(r, sth) } -func (sth *SignedTreeHead) Verify(key *PublicKey, ctx *Hash) bool { - return ed25519.Verify(ed25519.PublicKey(key[:]), sth.TreeHead.ToBinary(ctx), sth.Signature[:]) +func (sth *SignedTreeHead) Verify(key *PublicKey, kh *Hash) bool { + return ed25519.Verify(ed25519.PublicKey(key[:]), sth.TreeHead.ToBinary(kh), sth.Signature[:]) } func (cth *CosignedTreeHead) ToASCII(w io.Writer) error { |