sigstore · jku · Mar 25, 2025 · Mar 19, 2025 · Mar 21, 2025 · Mar 21, 2025
@@ -21,6 +21,7 @@
 import (
 	"bytes"
 	"context"
+	"crypto"
 	"crypto/ecdsa"
 	"crypto/ed25519"
 	"crypto/rsa"
@@ -67,6 +68,24 @@
 	return n.sign(msg)
 }
 
+type noteVerifier struct {
+	name   string
+	hash   uint32
+	verify func(msg, sig []byte) bool
+}
+
+func (n *noteVerifier) Name() string {
+	return n.name
+}
+
+func (n *noteVerifier) KeyHash() uint32 {
+	return n.hash
+}
+
+func (n *noteVerifier) Verify(msg, sig []byte) bool {
+	return n.verify(msg, sig)
+}
+
 // isValidName reports whether the name conforms to the spec for the origin string of the note text
 // as defined in https://github.com/C2SP/C2SP/blob/main/tlog-checkpoint.md#note-text.
 func isValidName(name string) bool {
@@ -112,32 +131,45 @@
 	return genConformantKeyHash(name, rsaAlg, marshaled), nil
 }
 
-// NewNoteSigner converts a sigstore/sigstore/pkg/signature.Signer into a note.Signer.
-func NewNoteSigner(ctx context.Context, origin string, signer signature.Signer) (note.Signer, error) {
-	if !isValidName(origin) {
-		return &noteSigner{}, fmt.Errorf("invalid name %s", origin)
-	}
-
-	pubKey, err := signer.PublicKey()
-	if err != nil {
-		return &noteSigner{}, fmt.Errorf("getting public key: %w", err)
-	}
+// keyHash generates a 4-byte identifier for a public key/origin
+func keyHash(origin string, key crypto.PublicKey) (uint32, error) {
 	var keyID uint32
-	switch pk := pubKey.(type) {
+	var err error
+
+	switch pk := key.(type) {
 	case *ecdsa.PublicKey:
 		keyID, err = ecdsaKeyHash(pk)
 		if err != nil {
-			return &noteSigner{}, fmt.Errorf("getting ECDSA key hash: %w", err)
+			return 0, fmt.Errorf("getting ECDSA key hash: %w", err)
 		}
 	case ed25519.PublicKey:
 		keyID = ed25519KeyHash(origin, pk)
 	case *rsa.PublicKey:
 		keyID, err = rsaKeyHash(origin, pk)
 		if err != nil {
-			return &noteSigner{}, fmt.Errorf("getting RSA key hash: %w", err)
+			return 0, fmt.Errorf("getting RSA key hash: %w", err)
 		}
 	default:
-		return &noteSigner{}, fmt.Errorf("unsupported key type: %T", pubKey)
+		return 0, fmt.Errorf("unsupported key type: %T", key)
+	}
+
+	return keyID, nil
+}
+
+// NewNoteSigner converts a sigstore/sigstore/pkg/signature.Signer into a note.Signer.
+func NewNoteSigner(ctx context.Context, origin string, signer signature.Signer) (note.Signer, error) {
+	if !isValidName(origin) {
+		return nil, fmt.Errorf("invalid name %s", origin)
+	}
+
+	pubKey, err := signer.PublicKey()
+	if err != nil {
+		return nil, fmt.Errorf("getting public key: %w", err)
+	}
+
+	keyID, err := keyHash(origin, pubKey)
+	if err != nil {
+		return nil, err
 	}
 
 	sign := func(msg []byte) ([]byte, error) {
@@ -150,3 +182,30 @@
 		sign: sign,
 	}, nil
 }
+
+func NewNoteVerifier(origin string, verifier signature.Verifier) (note.Verifier, error) {
+	if !isValidName(origin) {
+		return nil, fmt.Errorf("invalid name %s", origin)
+	}
+
+	pubKey, err := verifier.PublicKey()
+	if err != nil {
+		return nil, fmt.Errorf("getting public key: %w", err)
+	}
+
+	keyID, err := keyHash(origin, pubKey)
+	if err != nil {
+		return nil, err
+	}
+
+	return &noteVerifier{
+		name: origin,
+		hash: keyID,
+		verify: func(msg, sig []byte) bool {
+			if err := verifier.VerifySignature(bytes.NewReader(sig), bytes.NewReader(msg)); err != nil {
+				return false
+			}
+			return true
+		},
+	}, nil
+}
@@ -0,0 +1,59 @@
+//
+// Copyright 2025 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package verify
+
+import (
+	"fmt"
+
+	pbs "github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1"
+	"github.com/sigstore/rekor-tiles/pkg/tessera"
+	f_log "github.com/transparency-dev/formats/log"
+	"github.com/transparency-dev/merkle/proof"
+	"github.com/transparency-dev/merkle/rfc6962"
+	sumdb_note "golang.org/x/mod/sumdb/note"
+)
+
+// VerifyInclusionProof verifies an entry's inclusion proof
+func VerifyInclusionProof(entry *pbs.TransparencyLogEntry, cp *f_log.Checkpoint) error { //nolint: revive
+	leafHash := rfc6962.DefaultHasher.HashLeaf(entry.CanonicalizedBody)
+	index, err := tessera.NewSafeInt64(entry.LogIndex)
+	if err != nil {
+		return fmt.Errorf("invalid index: %w", err)
+	}
+	if err := proof.VerifyInclusion(rfc6962.DefaultHasher, index.U(), cp.Size, leafHash, entry.InclusionProof.Hashes, cp.Hash); err != nil {
+		return fmt.Errorf("verifying inclusion: %w", err)
+	}
+	return nil
+}
+
+// VerifyCheckpoint verifies the signature on the entry's inclusion proof checkpoint
+func VerifyCheckpoint(entry *pbs.TransparencyLogEntry, verifier sumdb_note.Verifier) (*f_log.Checkpoint, error) { //nolint: revive
+	cp, _, _, err := f_log.ParseCheckpoint([]byte(entry.InclusionProof.GetCheckpoint().GetEnvelope()), verifier.Name(), verifier)
+	if err != nil {
+		return nil, fmt.Errorf("unverified checkpoint signature: %v", err)
+	}
+	return cp, nil
+}
+
+// VerifyLogEntry verifies the log entry. This includes verifying the signature on the entry's
+// inclusion proof checkpoint and verifying the entry inclusion proof
+func VerifyLogEntry(entry *pbs.TransparencyLogEntry, verifier sumdb_note.Verifier) error { //nolint: revive
+	cp, err := VerifyCheckpoint(entry, verifier)
+	if err != nil {
+		return err
+	}
+	return VerifyInclusionProof(entry, cp)
+}