...
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 package verifier
17
18 import (
19 "crypto"
20 "errors"
21 "fmt"
22
23 ct "github.com/google/certificate-transparency-go"
24 "github.com/google/certificate-transparency-go/internal/witness/api"
25 "github.com/google/certificate-transparency-go/tls"
26 )
27
28
29 type WitnessVerifier struct {
30 SigVerifier *ct.SignatureVerifier
31 }
32
33
34 func NewWitnessVerifier(pk crypto.PublicKey) (*WitnessVerifier, error) {
35 sv, err := ct.NewSignatureVerifier(pk)
36 if err != nil {
37 return nil, fmt.Errorf("failed to create signature verifier: %v", err)
38 }
39 return &WitnessVerifier{SigVerifier: sv}, nil
40 }
41
42
43
44
45
46 func (wv WitnessVerifier) VerifySignature(sth api.CosignedSTH) error {
47 if len(sth.WitnessSigs) == 0 {
48 return errors.New("no witness signature present in the STH")
49 }
50 sigData, err := tls.Marshal(sth.SignedTreeHead)
51 if err != nil {
52 return fmt.Errorf("failed to marshal internal STH: %v", err)
53 }
54 for _, sig := range sth.WitnessSigs {
55
56 if err := wv.SigVerifier.VerifySignature(sigData, tls.DigitallySigned(sig)); err == nil {
57 return nil
58 }
59 }
60 return errors.New("failed to verify any signature for this witness")
61 }
62
View as plain text