diff options
author | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2021-02-25 14:36:35 +0100 |
---|---|---|
committer | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2021-02-25 14:36:35 +0100 |
commit | c05c22ddbc771e7713849cae40f9d91bfafa0503 (patch) | |
tree | b97d11ab2a914806e6f671f9aff1cab9767b2eab /type.go | |
parent | c9b4b43654f0ff26207cc63449f13298cd3c56e8 (diff) |
major refactor based on README.md and TODOs
Updated types, improved units tests, isolated most test data to have
it in one place, renamed and created new files to improve readability,
and fixed a bunch of minor TODOs.
Diffstat (limited to 'type.go')
-rw-r--r-- | type.go | 306 |
1 files changed, 0 insertions, 306 deletions
diff --git a/type.go b/type.go deleted file mode 100644 index db9ddc6..0000000 --- a/type.go +++ /dev/null @@ -1,306 +0,0 @@ -package stfe - -import ( - "fmt" - "time" - - "encoding/base64" - - "github.com/google/certificate-transparency-go/tls" - "github.com/google/trillian/types" - "github.com/system-transparency/stfe/namespace" -) - -// StFormat defines a particular StItem type that is versioned -type StFormat tls.Enum - -const ( - StFormatReserved StFormat = 0 - StFormatSignedTreeHeadV1 StFormat = 1 - StFormatSignedDebugInfoV1 StFormat = 2 - StFormatConsistencyProofV1 StFormat = 3 - StFormatInclusionProofV1 StFormat = 4 - StFormatChecksumV1 = 5 - StFormatCosignedTreeHeadV1 = 6 -) - -// StItem references a versioned item based on a given format specifier -type StItem struct { - Format StFormat `tls:"maxval:65535"` - SignedTreeHeadV1 *SignedTreeHeadV1 `tls:"selector:Format,val:1"` - SignedDebugInfoV1 *SignedDebugInfoV1 `tls:"selector:Format,val:2"` - ConsistencyProofV1 *ConsistencyProofV1 `tls:"selector:Format,val:3"` - InclusionProofV1 *InclusionProofV1 `tls:"selector:Format,val:4"` - ChecksumV1 *ChecksumV1 `tls:"selector:Format,val:5"` - CosignedTreeHeadV1 *CosignedTreeHeadV1 `tls:"selector:Format,val:6"` -} - -// SignedTreeHeadV1 is a signed tree head as defined by RFC 6962/bis, §4.10 -type SignedTreeHeadV1 struct { - LogId []byte `tls:"minlen:35,maxlen:35"` - TreeHead TreeHeadV1 - Signature []byte `tls:"minlen:1,maxlen:65535"` -} - -// SignedDebugInfoV1 is a signed statement that we intend (but do not promise) -// to insert an entry into the log as defined by markdown/api.md -type SignedDebugInfoV1 struct { - LogId []byte `tls:"minlen:35,maxlen:35"` - Message []byte `tls:"minlen:0,maxlen:65535"` - Signature []byte `tls:"minlen:1,maxlen:65535"` -} - -// ConsistencyProofV1 is a consistency proof as defined by RFC 6962/bis, §4.11 -type ConsistencyProofV1 struct { - LogId []byte `tls:"minlen:35,maxlen:35"` - TreeSize1 uint64 - TreeSize2 uint64 - ConsistencyPath []NodeHash `tls:"minlen:0,maxlen:65535"` -} - -// InclusionProofV1 is an inclusion proof as defined by RFC 6962/bis, §4.12 -type InclusionProofV1 struct { - LogId []byte `tls:"minlen:35,maxlen:35"` - TreeSize uint64 - LeafIndex uint64 - InclusionPath []NodeHash `tls:"minlen:0,maxlen:65535"` -} - -// ChecksumV1 associates a leaf type as defined by markdown/api.md -type ChecksumV1 struct { - Package []byte `tls:"minlen:1,maxlen:255"` - Checksum []byte `tls:"minlen:1,maxlen:64"` - Namespace namespace.Namespace -} - -// TreeHeadV1 is a tree head as defined by RFC 6962/bis, §4.10 -type TreeHeadV1 struct { - Timestamp uint64 - TreeSize uint64 - RootHash NodeHash - Extension []byte `tls:"minlen:0,maxlen:65535"` -} - -// CosignedTreeheadV1 is a cosigned STH -type CosignedTreeHeadV1 struct { - SignedTreeHeadV1 SignedTreeHeadV1 - SignatureV1 []SignatureV1 `tls:"minlen:0,maxlen:4294967295"` -} - -// SignatureV1 is a detached signature that was produced by a namespace -type SignatureV1 struct { - Namespace namespace.Namespace - Signature []byte `tls:"minlen:1,maxlen:65535"` -} - -// NodeHash is a Merkle tree hash as defined by RFC 6962/bis, §4.9 -type NodeHash struct { - Data []byte `tls:"minlen:32,maxlen:255"` -} - -// RawCertificate is a serialized X.509 certificate -type RawCertificate struct { - Data []byte `tls:"minlen:0,maxlen:65535"` -} - -func (f StFormat) String() string { - switch f { - case StFormatReserved: - return "reserved" - case StFormatSignedTreeHeadV1: - return "signed_tree_head_v1" - case StFormatSignedDebugInfoV1: - return "signed_debug_info_v1" - case StFormatConsistencyProofV1: - return "consistency_proof_v1" - case StFormatInclusionProofV1: - return "inclusion_proof_v1" - case StFormatChecksumV1: - return "checksum_v1" - case StFormatCosignedTreeHeadV1: - return "cosigned_tree_head_v1" - default: - return fmt.Sprintf("Unknown StFormat: %d", f) - } -} - -func (i StItem) String() string { - switch i.Format { - case StFormatChecksumV1: - return fmt.Sprintf("Format(%s): %s", i.Format, i.ChecksumV1) - case StFormatConsistencyProofV1: - return fmt.Sprintf("Format(%s): %s", i.Format, i.ConsistencyProofV1) - case StFormatInclusionProofV1: - return fmt.Sprintf("Format(%s): %s", i.Format, i.InclusionProofV1) - case StFormatSignedDebugInfoV1: - return fmt.Sprintf("Format(%s): %s", i.Format, i.SignedDebugInfoV1) - case StFormatSignedTreeHeadV1: - return fmt.Sprintf("Format(%s): %s", i.Format, i.SignedTreeHeadV1) - case StFormatCosignedTreeHeadV1: - return fmt.Sprintf("Format(%s): %s", i.Format, i.CosignedTreeHeadV1) - default: - return fmt.Sprintf("unknown StItem: %s", i.Format) - } -} - -func (i SignedTreeHeadV1) String() string { - return fmt.Sprintf("LogId(%s) TreeHead(%s) Signature(%s)", b64(i.LogId), i.TreeHead, b64(i.Signature)) -} - -func (i SignedDebugInfoV1) String() string { - return fmt.Sprintf("LogId(%s) Message(%s) Signature(%s)", b64(i.LogId), string(i.Message), b64(i.Signature)) -} - -func (i ConsistencyProofV1) String() string { - return fmt.Sprintf("LogID(%s) TreeSize1(%d) TreeSize2(%d) ConsistencyPath(%v)", b64(i.LogId), i.TreeSize1, i.TreeSize2, B64EncodePath(i.ConsistencyPath)) -} - -func (i InclusionProofV1) String() string { - return fmt.Sprintf("LogID(%s) TreeSize(%d) LeafIndex(%d) AuditPath(%v)", b64(i.LogId), i.TreeSize, i.LeafIndex, B64EncodePath(i.InclusionPath)) -} - -func (i ChecksumV1) String() string { - return fmt.Sprintf("Package(%s) Checksum(%s) Namespace(%s)", string(i.Package), string(i.Checksum), i.Namespace.String()) -} - -func (th TreeHeadV1) String() string { - return fmt.Sprintf("Timestamp(%s) TreeSize(%d) RootHash(%s)", time.Unix(int64(th.Timestamp/1000), 0), th.TreeSize, b64(th.RootHash.Data)) -} - -func (i CosignedTreeHeadV1) String() string { - return fmt.Sprintf("SignedTreeHead(%s) #Cosignatures(%d)", i.SignedTreeHeadV1.String(), len(i.SignatureV1)) -} - -// Marshal serializes an Stitem as defined by RFC 5246 -func (i *StItem) Marshal() ([]byte, error) { - serialized, err := tls.Marshal(*i) - if err != nil { - return nil, fmt.Errorf("marshal failed for StItem(%s): %v", i.Format, err) - } - return serialized, nil -} - -// MarshalB64 base64-encodes a serialized StItem -func (i *StItem) MarshalB64() (string, error) { - serialized, err := i.Marshal() - if err != nil { - return "", err - } - return b64(serialized), nil -} - -// Unmarshal unpacks a serialized StItem -func (i *StItem) Unmarshal(serialized []byte) error { - extra, err := tls.Unmarshal(serialized, i) - if err != nil { - return fmt.Errorf("unmarshal failed for StItem(%s): %v", i.Format, err) - } else if len(extra) > 0 { - return fmt.Errorf("unmarshal found extra data for StItem(%s): %v", i.Format, extra) - } - return nil -} - -// UnmarshalB64 unpacks a base64-encoded serialized StItem -func (i *StItem) UnmarshalB64(s string) error { - serialized, err := deb64(s) - if err != nil { - return fmt.Errorf("base64 decoding failed for StItem(%s): %v", i.Format, err) - } - return i.Unmarshal(serialized) -} - -// Marshal serializes a TreeHeadV1 as defined by RFC 5246 -func (th *TreeHeadV1) Marshal() ([]byte, error) { - serialized, err := tls.Marshal(*th) - if err != nil { - return nil, fmt.Errorf("marshal failed for TreeHeadV1: %v", err) - } - return serialized, nil -} - -// B64EncodePath encodes a path of node hashes as a list of base64 strings -func B64EncodePath(path []NodeHash) []string { - p := make([]string, 0, len(path)) - for _, hash := range path { - p = append(p, b64(hash.Data)) - } - return p -} - -// NewSignedTreeHead creates a new StItem of type signed_tree_head_v1 -func NewSignedTreeHeadV1(th *TreeHeadV1, logId, signature []byte) *StItem { - return &StItem{ - Format: StFormatSignedTreeHeadV1, - SignedTreeHeadV1: &SignedTreeHeadV1{logId, *th, signature}, - } -} - -// NewSignedDebugInfoV1 creates a new StItem of type inclusion_proof_v1 -func NewSignedDebugInfoV1(logId, message, signature []byte) *StItem { - return &StItem{ - Format: StFormatSignedDebugInfoV1, - SignedDebugInfoV1: &SignedDebugInfoV1{logId, message, signature}, - } -} - -// NewInclusionProofV1 creates a new StItem of type inclusion_proof_v1 -func NewInclusionProofV1(logID []byte, treeSize, index uint64, proof [][]byte) *StItem { - path := make([]NodeHash, 0, len(proof)) - for _, hash := range proof { - path = append(path, NodeHash{Data: hash}) - } - return &StItem{ - Format: StFormatInclusionProofV1, - InclusionProofV1: &InclusionProofV1{logID, treeSize, index, path}, - } -} - -// NewConsistencyProofV1 creates a new StItem of type consistency_proof_v1 -func NewConsistencyProofV1(logId []byte, first, second uint64, proof [][]byte) *StItem { - path := make([]NodeHash, 0, len(proof)) - for _, hash := range proof { - path = append(path, NodeHash{Data: hash}) - } - return &StItem{ - Format: StFormatConsistencyProofV1, - ConsistencyProofV1: &ConsistencyProofV1{logId, uint64(first), uint64(second), path}, - } -} - -// NewChecksumV1 creates a new StItem of type checksum_v1 -func NewChecksumV1(identifier, checksum []byte, namespace *namespace.Namespace) *StItem { - return &StItem{ - Format: StFormatChecksumV1, - ChecksumV1: &ChecksumV1{identifier, checksum, *namespace}, - } -} - -// NewTreeHead creates a new TreeHeadV1 from a Trillian-signed log root without -// verifying any signature. In other words, Trillian <-> STFE must be trusted. -func NewTreeHeadV1(lr *types.LogRootV1) *TreeHeadV1 { - return &TreeHeadV1{ - uint64(lr.TimestampNanos / 1000 / 1000), - uint64(lr.TreeSize), - NodeHash{lr.RootHash}, - make([]byte, 0), - } -} - -// NewCosignedTreeHeadV1 creates a new StItem of type cosigned_tree_head_v1 -func NewCosignedTreeHeadV1(sth *SignedTreeHeadV1, sigs []SignatureV1) *StItem { - return &StItem{ - Format: StFormatCosignedTreeHeadV1, - CosignedTreeHeadV1: &CosignedTreeHeadV1{ - SignedTreeHeadV1: *sth, - SignatureV1: sigs, - }, - } -} - -func b64(b []byte) string { - return base64.StdEncoding.EncodeToString(b) -} - -func deb64(str string) ([]byte, error) { - return base64.StdEncoding.DecodeString(str) -} |