aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2022-03-28 13:18:52 +0200
committerRasmus Dahlberg <rasmus@mullvad.net>2022-03-28 19:18:11 +0200
commit3f8010612c376ba9775101a3c823125ce9c82304 (patch)
tree4a806b3e4b452a28cbfab97e7412ed9182f4588d
parent4e1b2586576012a1be561a2337192ee517f13fbb (diff)
follow SSHSIG changes in lib
-rw-r--r--cmd/tmp/submit/main.go18
-rw-r--r--go.mod2
-rw-r--r--go.sum2
-rw-r--r--pkg/db/trillian.go2
-rw-r--r--pkg/db/trillian_test.go6
-rw-r--r--pkg/instance/handler_test.go6
-rw-r--r--pkg/instance/instance.go7
7 files changed, 23 insertions, 20 deletions
diff --git a/cmd/tmp/submit/main.go b/cmd/tmp/submit/main.go
index f29b168..a1f0fff 100644
--- a/cmd/tmp/submit/main.go
+++ b/cmd/tmp/submit/main.go
@@ -15,7 +15,7 @@ import (
var (
shardHint = flag.Uint64("shard_hint", 0, "shard hint (decimal)")
- checksum = flag.String("checksum", "", "checksum (hex)")
+ preimage = flag.String("preimage", "", "preimage (hex)")
sk = flag.String("sk", "", "secret key (hex)")
domainHint = flag.String("domain_hint", "example.com", "domain hint (string)")
base_url = flag.String("base_url", "localhost:6965/testonly", "base url (string)")
@@ -28,22 +28,22 @@ func main() {
var priv ed25519.PrivateKey = ed25519.PrivateKey(privBuf[:])
mustDecodeHex(*sk, priv[:])
- var c types.Hash
- if *checksum != "" {
- mustDecodeHex(*checksum, c[:])
+ var p types.Hash
+ if *preimage != "" {
+ mustDecodeHex(*preimage, p[:])
} else {
- mustPutRandom(c[:])
+ mustPutRandom(p[:])
}
msg := types.Statement{
ShardHint: *shardHint,
- Checksum: c,
+ Checksum: *types.HashFn(p[:]),
}
sig := ed25519.Sign(priv, msg.ToBinary())
- fmt.Printf("echo \"shard_hint=%d\nchecksum=%x\nsignature=%x\nverification_key=%x\ndomain_hint=%s\" | curl --data-binary @- %s/sigsum/v0/add-leaf\n",
- msg.ShardHint,
- msg.Checksum[:],
+ fmt.Printf("echo \"shard_hint=%d\npreimage=%x\nsignature=%x\nverification_key=%x\ndomain_hint=%s\" | curl --data-binary @- %s/sigsum/v0/add-leaf\n",
+ *shardHint,
+ p[:],
sig,
priv.Public().(ed25519.PublicKey)[:],
*domainHint,
diff --git a/go.mod b/go.mod
index 993ddfd..5efddb0 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module git.sigsum.org/sigsum-log-go
go 1.15
require (
- git.sigsum.org/sigsum-lib-go v0.0.2
+ git.sigsum.org/sigsum-lib-go v0.0.3
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
github.com/golang/mock v1.4.4
github.com/google/certificate-transparency-go v1.1.1 // indirect
diff --git a/go.sum b/go.sum
index c196590..ce98daf 100644
--- a/go.sum
+++ b/go.sum
@@ -35,6 +35,8 @@ contrib.go.opencensus.io/exporter/stackdriver v0.13.4/go.mod h1:aXENhDJ1Y4lIg4EU
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
git.sigsum.org/sigsum-lib-go v0.0.2 h1:1FwdnraPaasw1D1Lb+flRMJRGLTuZrp17AZ6tx+iT/0=
git.sigsum.org/sigsum-lib-go v0.0.2/go.mod h1:DVmlcf0MBHy4IZdnZ5DcbsKkGEd0EkOAoLINhLgcndY=
+git.sigsum.org/sigsum-lib-go v0.0.3 h1:VXtUC/LOPVb990P8dFitQkYx8a1M54hKFcsK7MiZ514=
+git.sigsum.org/sigsum-lib-go v0.0.3/go.mod h1:DVmlcf0MBHy4IZdnZ5DcbsKkGEd0EkOAoLINhLgcndY=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
diff --git a/pkg/db/trillian.go b/pkg/db/trillian.go
index 25b2fb3..453a884 100644
--- a/pkg/db/trillian.go
+++ b/pkg/db/trillian.go
@@ -26,7 +26,7 @@ func (c *TrillianClient) AddLeaf(ctx context.Context, req *requests.Leaf) error
leaf := types.Leaf{
Statement: types.Statement{
ShardHint: req.ShardHint,
- Checksum: req.Checksum,
+ Checksum: *types.HashFn(req.Preimage[:]),
},
Signature: req.Signature,
KeyHash: *types.HashFn(req.VerificationKey[:]),
diff --git a/pkg/db/trillian_test.go b/pkg/db/trillian_test.go
index 955fc46..4dc561d 100644
--- a/pkg/db/trillian_test.go
+++ b/pkg/db/trillian_test.go
@@ -20,10 +20,8 @@ import (
func TestAddLeaf(t *testing.T) {
req := &requests.Leaf{
- Statement: types.Statement{
- ShardHint: 0,
- Checksum: types.Hash{},
- },
+ ShardHint: 0,
+ Preimage: types.Hash{},
Signature: types.Signature{},
VerificationKey: types.PublicKey{},
DomainHint: "example.com",
diff --git a/pkg/instance/handler_test.go b/pkg/instance/handler_test.go
index f8817dc..8a48860 100644
--- a/pkg/instance/handler_test.go
+++ b/pkg/instance/handler_test.go
@@ -658,7 +658,7 @@ func mustHandle(t *testing.T, i Instance, e types.Endpoint) Handler {
return Handler{}
}
-func mustLeafBuffer(t *testing.T, shardHint uint64, checksum types.Hash, wantSig bool) io.Reader {
+func mustLeafBuffer(t *testing.T, shardHint uint64, preimage types.Hash, wantSig bool) io.Reader {
t.Helper()
vk, sk, err := ed25519.GenerateKey(rand.Reader)
@@ -667,7 +667,7 @@ func mustLeafBuffer(t *testing.T, shardHint uint64, checksum types.Hash, wantSig
}
msg := types.Statement{
ShardHint: shardHint,
- Checksum: checksum,
+ Checksum: *types.HashFn(preimage[:]),
}
sig := ed25519.Sign(sk, msg.ToBinary())
if !wantSig {
@@ -676,7 +676,7 @@ func mustLeafBuffer(t *testing.T, shardHint uint64, checksum types.Hash, wantSig
return bytes.NewBufferString(fmt.Sprintf(
"%s=%d\n"+"%s=%x\n"+"%s=%x\n"+"%s=%x\n"+"%s=%s\n",
"shard_hint", shardHint,
- "checksum", checksum[:],
+ "preimage", preimage[:],
"signature", sig,
"verification_key", vk,
"domain_hint", "example.com",
diff --git a/pkg/instance/instance.go b/pkg/instance/instance.go
index bbd6cde..7ade955 100644
--- a/pkg/instance/instance.go
+++ b/pkg/instance/instance.go
@@ -56,8 +56,11 @@ func (i *Instance) leafRequestFromHTTP(ctx context.Context, r *http.Request) (*r
if err := req.FromASCII(r.Body); err != nil {
return nil, fmt.Errorf("FromASCII: %v", err)
}
-
- if !req.Statement.Verify(&req.VerificationKey, &req.Signature) {
+ stmt := types.Statement{
+ ShardHint: req.ShardHint,
+ Checksum: *types.HashFn(req.Preimage[:]),
+ }
+ if !stmt.Verify(&req.VerificationKey, &req.Signature) {
return nil, fmt.Errorf("invalid signature")
}
shardEnd := uint64(time.Now().Unix())