1*e7b1675dSTing-Kang Chang// Copyright 2020 Google LLC 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changpackage subtle 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changimport ( 20*e7b1675dSTing-Kang Chang "crypto/ed25519" 21*e7b1675dSTing-Kang Chang "errors" 22*e7b1675dSTing-Kang Chang "fmt" 23*e7b1675dSTing-Kang Chang) 24*e7b1675dSTing-Kang Chang 25*e7b1675dSTing-Kang Changvar errInvalidED25519Signature = errors.New("ed25519: invalid signature") 26*e7b1675dSTing-Kang Chang 27*e7b1675dSTing-Kang Chang// ED25519Verifier is an implementation of Verifier for ED25519. 28*e7b1675dSTing-Kang Chang// At the moment, the implementation only accepts signatures with strict DER encoding. 29*e7b1675dSTing-Kang Changtype ED25519Verifier struct { 30*e7b1675dSTing-Kang Chang publicKey *ed25519.PublicKey 31*e7b1675dSTing-Kang Chang} 32*e7b1675dSTing-Kang Chang 33*e7b1675dSTing-Kang Chang// NewED25519Verifier creates a new instance of ED25519Verifier. 34*e7b1675dSTing-Kang Changfunc NewED25519Verifier(pub []byte) (*ED25519Verifier, error) { 35*e7b1675dSTing-Kang Chang publicKey := ed25519.PublicKey(pub) 36*e7b1675dSTing-Kang Chang return NewED25519VerifierFromPublicKey(&publicKey) 37*e7b1675dSTing-Kang Chang} 38*e7b1675dSTing-Kang Chang 39*e7b1675dSTing-Kang Chang// NewED25519VerifierFromPublicKey creates a new instance of ED25519Verifier. 40*e7b1675dSTing-Kang Changfunc NewED25519VerifierFromPublicKey(publicKey *ed25519.PublicKey) (*ED25519Verifier, error) { 41*e7b1675dSTing-Kang Chang return &ED25519Verifier{ 42*e7b1675dSTing-Kang Chang publicKey: publicKey, 43*e7b1675dSTing-Kang Chang }, nil 44*e7b1675dSTing-Kang Chang} 45*e7b1675dSTing-Kang Chang 46*e7b1675dSTing-Kang Chang// Verify verifies whether the given signature is valid for the given data. 47*e7b1675dSTing-Kang Chang// It returns an error if the signature is not valid; nil otherwise. 48*e7b1675dSTing-Kang Changfunc (e *ED25519Verifier) Verify(signature, data []byte) error { 49*e7b1675dSTing-Kang Chang if len(signature) != ed25519.SignatureSize { 50*e7b1675dSTing-Kang Chang return fmt.Errorf("the length of the signature is not %d", ed25519.SignatureSize) 51*e7b1675dSTing-Kang Chang } 52*e7b1675dSTing-Kang Chang if !ed25519.Verify(*e.publicKey, data, signature) { 53*e7b1675dSTing-Kang Chang return errInvalidED25519Signature 54*e7b1675dSTing-Kang Chang } 55*e7b1675dSTing-Kang Chang return nil 56*e7b1675dSTing-Kang Chang} 57