From 4969540585698215c5cfa70124edf24cffe32a80 Mon Sep 17 00:00:00 2001 From: Christian Rebischke Date: Tue, 23 Jun 2020 12:45:49 +0200 Subject: [PATCH] implement VerifyEd25519Signature func --- in_toto/keylib.go | 21 +++++++++++++++++++++ in_toto/keylib_test.go | 8 +++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/in_toto/keylib.go b/in_toto/keylib.go index 378c24f3..bcf034c7 100644 --- a/in_toto/keylib.go +++ b/in_toto/keylib.go @@ -8,6 +8,7 @@ import ( "encoding/hex" "encoding/json" "encoding/pem" + "errors" "fmt" "golang.org/x/crypto/ed25519" "io/ioutil" @@ -219,3 +220,23 @@ func GenerateEd25519Signature(signable []byte, key Key) (Signature, error) { return signature, nil } + +/* +VerifyEd25519Signature uses the passed Key to verify the passed Signature over the +passed data. It returns an error if the key is not a valid ed25519 public key or +if the signature is not valid for the data. +*/ +func VerifyEd25519Signature(key Key, sig Signature, data []byte) error { + pubHex, err := hex.DecodeString(key.KeyVal.Public) + if err != nil { + return err + } + sigHex, err := hex.DecodeString(sig.Sig) + if err != nil { + return err + } + if ok := ed25519.Verify(pubHex, data, sigHex); !ok { + return errors.New("invalid ed25519 signature") + } + return nil +} diff --git a/in_toto/keylib_test.go b/in_toto/keylib_test.go index f6ec0b35..e4724030 100644 --- a/in_toto/keylib_test.go +++ b/in_toto/keylib_test.go @@ -204,10 +204,16 @@ func TestGenerateEd25519Signature(t *testing.T) { signature, err := GenerateEd25519Signature([]uint8("ohmywhatatest"), key) if err != nil { - t.Errorf("GenerateEd25519Signature shouldn't have returned error (%s)", + t.Errorf("GenerateEd25519Signature shouldn't have returned an error (%s)", err) } + // validate signature + err = VerifyEd25519Signature(key, signature, []uint8("ohmywhatatest")) + if err != nil { + t.Errorf("VerifyEd25519Signature shouldn't have returned an error (%s)", err) + } + if signature.KeyId != key.KeyId { t.Errorf("GenerateEd25519Signature should've returned matching keyids!") }