diff options
author | Linus Nordberg <linus@nordberg.se> | 2022-03-28 13:18:52 +0200 |
---|---|---|
committer | Rasmus Dahlberg <rasmus@mullvad.net> | 2022-03-28 19:18:11 +0200 |
commit | 3f8010612c376ba9775101a3c823125ce9c82304 (patch) | |
tree | 4a806b3e4b452a28cbfab97e7412ed9182f4588d | |
parent | 4e1b2586576012a1be561a2337192ee517f13fbb (diff) |
follow SSHSIG changes in lib
-rw-r--r-- | cmd/tmp/submit/main.go | 18 | ||||
-rw-r--r-- | go.mod | 2 | ||||
-rw-r--r-- | go.sum | 2 | ||||
-rw-r--r-- | pkg/db/trillian.go | 2 | ||||
-rw-r--r-- | pkg/db/trillian_test.go | 6 | ||||
-rw-r--r-- | pkg/instance/handler_test.go | 6 | ||||
-rw-r--r-- | pkg/instance/instance.go | 7 |
7 files changed, 23 insertions, 20 deletions
diff --git a/cmd/tmp/submit/main.go b/cmd/tmp/submit/main.go index f29b168..a1f0fff 100644 --- a/cmd/tmp/submit/main.go +++ b/cmd/tmp/submit/main.go @@ -15,7 +15,7 @@ import ( var ( shardHint = flag.Uint64("shard_hint", 0, "shard hint (decimal)") - checksum = flag.String("checksum", "", "checksum (hex)") + preimage = flag.String("preimage", "", "preimage (hex)") sk = flag.String("sk", "", "secret key (hex)") domainHint = flag.String("domain_hint", "example.com", "domain hint (string)") base_url = flag.String("base_url", "localhost:6965/testonly", "base url (string)") @@ -28,22 +28,22 @@ func main() { var priv ed25519.PrivateKey = ed25519.PrivateKey(privBuf[:]) mustDecodeHex(*sk, priv[:]) - var c types.Hash - if *checksum != "" { - mustDecodeHex(*checksum, c[:]) + var p types.Hash + if *preimage != "" { + mustDecodeHex(*preimage, p[:]) } else { - mustPutRandom(c[:]) + mustPutRandom(p[:]) } msg := types.Statement{ ShardHint: *shardHint, - Checksum: c, + Checksum: *types.HashFn(p[:]), } sig := ed25519.Sign(priv, msg.ToBinary()) - fmt.Printf("echo \"shard_hint=%d\nchecksum=%x\nsignature=%x\nverification_key=%x\ndomain_hint=%s\" | curl --data-binary @- %s/sigsum/v0/add-leaf\n", - msg.ShardHint, - msg.Checksum[:], + fmt.Printf("echo \"shard_hint=%d\npreimage=%x\nsignature=%x\nverification_key=%x\ndomain_hint=%s\" | curl --data-binary @- %s/sigsum/v0/add-leaf\n", + *shardHint, + p[:], sig, priv.Public().(ed25519.PublicKey)[:], *domainHint, @@ -3,7 +3,7 @@ module git.sigsum.org/sigsum-log-go go 1.15 require ( - git.sigsum.org/sigsum-lib-go v0.0.2 + git.sigsum.org/sigsum-lib-go v0.0.3 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b github.com/golang/mock v1.4.4 github.com/google/certificate-transparency-go v1.1.1 // indirect @@ -35,6 +35,8 @@ contrib.go.opencensus.io/exporter/stackdriver v0.13.4/go.mod h1:aXENhDJ1Y4lIg4EU dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= git.sigsum.org/sigsum-lib-go v0.0.2 h1:1FwdnraPaasw1D1Lb+flRMJRGLTuZrp17AZ6tx+iT/0= git.sigsum.org/sigsum-lib-go v0.0.2/go.mod h1:DVmlcf0MBHy4IZdnZ5DcbsKkGEd0EkOAoLINhLgcndY= +git.sigsum.org/sigsum-lib-go v0.0.3 h1:VXtUC/LOPVb990P8dFitQkYx8a1M54hKFcsK7MiZ514= +git.sigsum.org/sigsum-lib-go v0.0.3/go.mod h1:DVmlcf0MBHy4IZdnZ5DcbsKkGEd0EkOAoLINhLgcndY= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= diff --git a/pkg/db/trillian.go b/pkg/db/trillian.go index 25b2fb3..453a884 100644 --- a/pkg/db/trillian.go +++ b/pkg/db/trillian.go @@ -26,7 +26,7 @@ func (c *TrillianClient) AddLeaf(ctx context.Context, req *requests.Leaf) error leaf := types.Leaf{ Statement: types.Statement{ ShardHint: req.ShardHint, - Checksum: req.Checksum, + Checksum: *types.HashFn(req.Preimage[:]), }, Signature: req.Signature, KeyHash: *types.HashFn(req.VerificationKey[:]), diff --git a/pkg/db/trillian_test.go b/pkg/db/trillian_test.go index 955fc46..4dc561d 100644 --- a/pkg/db/trillian_test.go +++ b/pkg/db/trillian_test.go @@ -20,10 +20,8 @@ import ( func TestAddLeaf(t *testing.T) { req := &requests.Leaf{ - Statement: types.Statement{ - ShardHint: 0, - Checksum: types.Hash{}, - }, + ShardHint: 0, + Preimage: types.Hash{}, Signature: types.Signature{}, VerificationKey: types.PublicKey{}, DomainHint: "example.com", diff --git a/pkg/instance/handler_test.go b/pkg/instance/handler_test.go index f8817dc..8a48860 100644 --- a/pkg/instance/handler_test.go +++ b/pkg/instance/handler_test.go @@ -658,7 +658,7 @@ func mustHandle(t *testing.T, i Instance, e types.Endpoint) Handler { return Handler{} } -func mustLeafBuffer(t *testing.T, shardHint uint64, checksum types.Hash, wantSig bool) io.Reader { +func mustLeafBuffer(t *testing.T, shardHint uint64, preimage types.Hash, wantSig bool) io.Reader { t.Helper() vk, sk, err := ed25519.GenerateKey(rand.Reader) @@ -667,7 +667,7 @@ func mustLeafBuffer(t *testing.T, shardHint uint64, checksum types.Hash, wantSig } msg := types.Statement{ ShardHint: shardHint, - Checksum: checksum, + Checksum: *types.HashFn(preimage[:]), } sig := ed25519.Sign(sk, msg.ToBinary()) if !wantSig { @@ -676,7 +676,7 @@ func mustLeafBuffer(t *testing.T, shardHint uint64, checksum types.Hash, wantSig return bytes.NewBufferString(fmt.Sprintf( "%s=%d\n"+"%s=%x\n"+"%s=%x\n"+"%s=%x\n"+"%s=%s\n", "shard_hint", shardHint, - "checksum", checksum[:], + "preimage", preimage[:], "signature", sig, "verification_key", vk, "domain_hint", "example.com", diff --git a/pkg/instance/instance.go b/pkg/instance/instance.go index bbd6cde..7ade955 100644 --- a/pkg/instance/instance.go +++ b/pkg/instance/instance.go @@ -56,8 +56,11 @@ func (i *Instance) leafRequestFromHTTP(ctx context.Context, r *http.Request) (*r if err := req.FromASCII(r.Body); err != nil { return nil, fmt.Errorf("FromASCII: %v", err) } - - if !req.Statement.Verify(&req.VerificationKey, &req.Signature) { + stmt := types.Statement{ + ShardHint: req.ShardHint, + Checksum: *types.HashFn(req.Preimage[:]), + } + if !stmt.Verify(&req.VerificationKey, &req.Signature) { return nil, fmt.Errorf("invalid signature") } shardEnd := uint64(time.Now().Unix()) |