-
Notifications
You must be signed in to change notification settings - Fork 1
/
verifier.go
69 lines (56 loc) · 1.54 KB
/
verifier.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
package main
import (
"bytes"
"crypto/ed25519"
"fmt"
"math/rand"
)
const (
nonceSize = 12
)
type Verifier struct{}
func CreateVerifier() Verifier {
return Verifier{}
}
func (v Verifier) MakeNonce() (nonce []byte, err error) {
nonce = make([]byte, nonceSize)
_, err = rand.Read(nonce)
return nonce, err
}
func (v Verifier) VerifiesPresentation(presentation Presentation) (err error) {
// A - Checks the Presentation is signed by the Subject of the credential
credential := presentation.Credential
credentialSubjectID := credential.CredentialSubject.ID
presentationProver := presentation.Proof.Creator
if bytes.Compare(credentialSubjectID, presentationProver) != 0 {
return fmt.Errorf("Presentation prover is not the credential subject.")
}
// B - Checks the credential
signedCred, err := credential.Export()
if err != nil {
return fmt.Errorf(
"Couldn't export credential to verify signature: %w", err,
)
}
okCred := verifiesSignature(credential.Proof, signedCred)
if !okCred {
return fmt.Errorf("Invalid credential signature.")
}
// C - Checks the presentation
signedPres, err := presentation.Export()
if err != nil {
return fmt.Errorf(
"Couldn't export presentation to verify signature: %w", err,
)
}
okPres := verifiesSignature(presentation.Proof, signedPres)
if !okPres {
return fmt.Errorf("Invalid presentation signature.")
}
return err
}
func verifiesSignature(proof Proof, signedDoc []byte) bool {
pubKey := proof.Creator
signature := proof.Signature
return ed25519.Verify(pubKey, signedDoc, signature)
}