ctclient-async 0.5.2

Certificate Transparency Log client suitable for monitoring, quick SCT validation, gossiping, etc.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

use openssl::pkey::PKey;

use crate::{Error, internal};

/// An unverified *signed tree head* (STH), as returned from the server. This encapsulate the state of the tree at
/// some point in time.
///
/// This struct stores the signature but does not store the public key or log id.
#[derive(Clone, Debug, PartialEq, Eq)]
pub struct SignedTreeHead {
    pub tree_size: u64,
    pub timestamp: u64,
    pub root_hash: [u8; 32],
    /// Digitally signed struct
    pub signature: Vec<u8>,
}

impl SignedTreeHead {
    /// Verify the contained signature against the log's public key.
    pub fn verify(&self, pub_key: &PKey<openssl::pkey::Public>) -> Result<(), Error> {
        let mut verify_body: Vec<u8> = Vec::new();
        /*
          From go source:
          type TreeHeadSignature struct {
            Version        Version       `tls:"maxval:255"`
            SignatureType  SignatureType `tls:"maxval:255"` // == TreeHashSignatureType
            Timestamp      uint64
            TreeSize       uint64
            SHA256RootHash SHA256Hash
          }
        */
        verify_body.push(0); // Version = 0
        verify_body.push(1); // SignatureType = TreeHashSignatureType
        verify_body.extend_from_slice(&self.timestamp.to_be_bytes()); // Timestamp
        verify_body.extend_from_slice(&self.tree_size.to_be_bytes()); // TreeSize
        verify_body.extend_from_slice(&self.root_hash);
        internal::verify_dss(&self.signature, pub_key, &verify_body).map_err(|e| match e {
            Error::InvalidSignature(desc) => {
                Error::InvalidSignature(format!("When checking STH signature: {}", &desc))
            }
            other => other,
        })
    }
}