github.com/google/trillian-examples@v0.0.0-20240520080811-0d40d35cef0e/binary_transparency/firmware/devices/usbarmory/bootloader/crypto.go (about)

     1  // https://github.com/usbarmory/armory-boot
     2  //
     3  // Copyright (c) F-Secure Corporation
     4  // https://foundry.f-secure.com
     5  //
     6  // Use of this source code is governed by the license
     7  // that can be found in the LICENSE file.
     8  
     9  //go:build armory
    10  // +build armory
    11  
    12  package main
    13  
    14  import (
    15  	"bytes"
    16  	"crypto/sha256"
    17  	"encoding/hex"
    18  	"errors"
    19  	"fmt"
    20  )
    21  
    22  func verifySignature(bin []byte, sig []byte, pubKey string) (err error) {
    23  	s, err := DecodeSignature(string(sig))
    24  
    25  	if err != nil {
    26  		return fmt.Errorf("invalid signature, %v", err)
    27  	}
    28  
    29  	pub, err := NewPublicKey(pubKey)
    30  
    31  	if err != nil {
    32  		return fmt.Errorf("invalid public key, %v", err)
    33  	}
    34  
    35  	valid, err := pub.Verify(bin, s)
    36  
    37  	if err != nil {
    38  		return fmt.Errorf("invalid signature, %v", err)
    39  	}
    40  
    41  	if !valid {
    42  		return errors.New("invalid signature")
    43  	}
    44  
    45  	return
    46  }
    47  
    48  func verifyHash(bin []byte, s string) bool {
    49  	h := sha256.New()
    50  	h.Write(bin)
    51  
    52  	hash, err := hex.DecodeString(s)
    53  
    54  	if err != nil {
    55  		return false
    56  	}
    57  
    58  	return bytes.Equal(h.Sum(nil), hash)
    59  }