github.com/mre-fog/trillianxx@v1.1.2-0.20180615153820-ae375a99d36a/client/map_verifier.go (about) 1 // Copyright 2018 Google Inc. All Rights Reserved. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package client 16 17 import ( 18 "crypto" 19 "fmt" 20 21 "github.com/google/trillian" 22 "github.com/google/trillian/crypto/keys/der" 23 "github.com/google/trillian/merkle" 24 "github.com/google/trillian/merkle/hashers" 25 "github.com/google/trillian/trees" 26 "github.com/google/trillian/types" 27 28 tcrypto "github.com/google/trillian/crypto" 29 ) 30 31 // MapVerifier verifies protos produced by the Trillian Map. 32 type MapVerifier struct { 33 MapID int64 34 // Hasher is the hash strategy used to compute nodes in the Merkle tree. 35 Hasher hashers.MapHasher 36 // PubKey verifies the signature on the digest of MapRoot. 37 PubKey crypto.PublicKey 38 // SigHash computes the digest of MapRoot for signing. 39 SigHash crypto.Hash 40 } 41 42 // NewMapVerifierFromTree creates a new MapVerifier. 43 func NewMapVerifierFromTree(config *trillian.Tree) (*MapVerifier, error) { 44 if got, want := config.TreeType, trillian.TreeType_MAP; got != want { 45 return nil, fmt.Errorf("client: NewFromTree(): TreeType: %v, want %v", got, want) 46 } 47 48 mapHasher, err := hashers.NewMapHasher(config.GetHashStrategy()) 49 if err != nil { 50 return nil, fmt.Errorf("Failed creating MapHasher: %v", err) 51 } 52 53 mapPubKey, err := der.UnmarshalPublicKey(config.GetPublicKey().GetDer()) 54 if err != nil { 55 return nil, fmt.Errorf("Failed parsing Map public key: %v", err) 56 } 57 58 sigHash, err := trees.Hash(config) 59 if err != nil { 60 return nil, fmt.Errorf("client: NewMapVerifierFromTree(): Failed parsing Map signature hash: %v", err) 61 } 62 63 return &MapVerifier{ 64 MapID: config.GetTreeId(), 65 Hasher: mapHasher, 66 PubKey: mapPubKey, 67 SigHash: sigHash, 68 }, nil 69 } 70 71 // VerifyMapLeafInclusion verifies a MapLeafInclusion response against a signed map root. 72 func (m *MapVerifier) VerifyMapLeafInclusion(smr *trillian.SignedMapRoot, leafProof *trillian.MapLeafInclusion) error { 73 root, err := m.VerifySignedMapRoot(smr) 74 if err != nil { 75 return err 76 } 77 return m.VerifyMapLeafInclusionHash(root.RootHash, leafProof) 78 } 79 80 // VerifyMapLeafInclusionHash verifies a MapLeafInclusion response against a root hash. 81 func (m *MapVerifier) VerifyMapLeafInclusionHash(rootHash []byte, leafProof *trillian.MapLeafInclusion) error { 82 index := leafProof.GetLeaf().GetIndex() 83 leaf := leafProof.GetLeaf().GetLeafValue() 84 proof := leafProof.GetInclusion() 85 return merkle.VerifyMapInclusionProof(m.MapID, index, leaf, rootHash, proof, m.Hasher) 86 } 87 88 // VerifySignedMapRoot verifies the signature on the SignedMapRoot. 89 func (m *MapVerifier) VerifySignedMapRoot(smr *trillian.SignedMapRoot) (*types.MapRootV1, error) { 90 return tcrypto.VerifySignedMapRoot(m.PubKey, m.SigHash, smr) 91 }