github.com/mre-fog/trillianxx@v1.1.2-0.20180615153820-ae375a99d36a/client/map_verifier.go (about)

     1  // Copyright 2018 Google Inc. All Rights Reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package client
    16  
    17  import (
    18  	"crypto"
    19  	"fmt"
    20  
    21  	"github.com/google/trillian"
    22  	"github.com/google/trillian/crypto/keys/der"
    23  	"github.com/google/trillian/merkle"
    24  	"github.com/google/trillian/merkle/hashers"
    25  	"github.com/google/trillian/trees"
    26  	"github.com/google/trillian/types"
    27  
    28  	tcrypto "github.com/google/trillian/crypto"
    29  )
    30  
    31  // MapVerifier verifies protos produced by the Trillian Map.
    32  type MapVerifier struct {
    33  	MapID int64
    34  	// Hasher is the hash strategy used to compute nodes in the Merkle tree.
    35  	Hasher hashers.MapHasher
    36  	// PubKey verifies the signature on the digest of MapRoot.
    37  	PubKey crypto.PublicKey
    38  	// SigHash computes the digest of MapRoot for signing.
    39  	SigHash crypto.Hash
    40  }
    41  
    42  // NewMapVerifierFromTree creates a new MapVerifier.
    43  func NewMapVerifierFromTree(config *trillian.Tree) (*MapVerifier, error) {
    44  	if got, want := config.TreeType, trillian.TreeType_MAP; got != want {
    45  		return nil, fmt.Errorf("client: NewFromTree(): TreeType: %v, want %v", got, want)
    46  	}
    47  
    48  	mapHasher, err := hashers.NewMapHasher(config.GetHashStrategy())
    49  	if err != nil {
    50  		return nil, fmt.Errorf("Failed creating MapHasher: %v", err)
    51  	}
    52  
    53  	mapPubKey, err := der.UnmarshalPublicKey(config.GetPublicKey().GetDer())
    54  	if err != nil {
    55  		return nil, fmt.Errorf("Failed parsing Map public key: %v", err)
    56  	}
    57  
    58  	sigHash, err := trees.Hash(config)
    59  	if err != nil {
    60  		return nil, fmt.Errorf("client: NewMapVerifierFromTree(): Failed parsing Map signature hash: %v", err)
    61  	}
    62  
    63  	return &MapVerifier{
    64  		MapID:   config.GetTreeId(),
    65  		Hasher:  mapHasher,
    66  		PubKey:  mapPubKey,
    67  		SigHash: sigHash,
    68  	}, nil
    69  }
    70  
    71  // VerifyMapLeafInclusion verifies a MapLeafInclusion response against a signed map root.
    72  func (m *MapVerifier) VerifyMapLeafInclusion(smr *trillian.SignedMapRoot, leafProof *trillian.MapLeafInclusion) error {
    73  	root, err := m.VerifySignedMapRoot(smr)
    74  	if err != nil {
    75  		return err
    76  	}
    77  	return m.VerifyMapLeafInclusionHash(root.RootHash, leafProof)
    78  }
    79  
    80  // VerifyMapLeafInclusionHash verifies a MapLeafInclusion response against a root hash.
    81  func (m *MapVerifier) VerifyMapLeafInclusionHash(rootHash []byte, leafProof *trillian.MapLeafInclusion) error {
    82  	index := leafProof.GetLeaf().GetIndex()
    83  	leaf := leafProof.GetLeaf().GetLeafValue()
    84  	proof := leafProof.GetInclusion()
    85  	return merkle.VerifyMapInclusionProof(m.MapID, index, leaf, rootHash, proof, m.Hasher)
    86  }
    87  
    88  // VerifySignedMapRoot verifies the signature on the SignedMapRoot.
    89  func (m *MapVerifier) VerifySignedMapRoot(smr *trillian.SignedMapRoot) (*types.MapRootV1, error) {
    90  	return tcrypto.VerifySignedMapRoot(m.PubKey, m.SigHash, smr)
    91  }