Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
e66cb84d6e
constellation/internal/sigstore/verify.go

45 lines
1.1 KiB
Go
Raw Normal View History

add license headers sed -i '1i/*\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n*/\n' `grep -rL --include='*.go' 'DO NOT EDIT'` gofumpt -w .
2022-09-05 03:06:08 -04:00
/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
AB#2159 Feat/cli/fetch measurements (#301) Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-01 03:37:05 -04:00
package sigstore
import (
"bytes"
"crypto"
"encoding/base64"
"fmt"
"github.com/sigstore/sigstore/pkg/cryptoutils"
sigsig "github.com/sigstore/sigstore/pkg/signature"
)
// VerifySignature checks if the signature of content can be verified
// using publicKey.
// signature is expected to be base64 encoded.
// publicKey is expected to be PEM encoded.
func VerifySignature(content, signature, publicKey []byte) error {
sigRaw := base64.NewDecoder(base64.StdEncoding, bytes.NewReader(signature))
pubKeyRaw, err := cryptoutils.UnmarshalPEMToPublicKey(publicKey)
if err != nil {
return fmt.Errorf("unable to parse public key: %w", err)
}
if err := cryptoutils.ValidatePubKey(pubKeyRaw); err != nil {
return fmt.Errorf("unable to validate public key: %w", err)
}
verifier, err := sigsig.LoadVerifier(pubKeyRaw, crypto.SHA256)
if err != nil {
return fmt.Errorf("unable to load verifier: %w", err)
}
if err := verifier.VerifySignature(sigRaw, bytes.NewReader(content)); err != nil {
return fmt.Errorf("unable to verify signature: %w", err)
}
return nil
}
Reference in New Issue Copy Permalink