7 files changed, 23 insertions, 20 deletions

diff --git a/cmd/tmp/submit/main.go b/cmd/tmp/submit/main.go
index f29b168..a1f0fff 100644
--- a/cmd/tmp/submit/main.go
+++ b/cmd/tmp/submit/main.go
@@ -15,7 +15,7 @@ import (
 
 var (
 	shardHint  = flag.Uint64("shard_hint", 0, "shard hint (decimal)")
-	checksum   = flag.String("checksum", "", "checksum (hex)")
+	preimage   = flag.String("preimage", "", "preimage (hex)")
 	sk         = flag.String("sk", "", "secret key (hex)")
 	domainHint = flag.String("domain_hint", "example.com", "domain hint (string)")
 	base_url   = flag.String("base_url", "localhost:6965/testonly", "base url (string)")
@@ -28,22 +28,22 @@ func main() {
 	var priv ed25519.PrivateKey = ed25519.PrivateKey(privBuf[:])
 	mustDecodeHex(*sk, priv[:])
 
-	var c types.Hash
-	if *checksum != "" {
-		mustDecodeHex(*checksum, c[:])
+	var p types.Hash
+	if *preimage != "" {
+		mustDecodeHex(*preimage, p[:])
 	} else {
-		mustPutRandom(c[:])
+		mustPutRandom(p[:])
 	}
 
 	msg := types.Statement{
 		ShardHint: *shardHint,
-		Checksum:  c,
+		Checksum:  *types.HashFn(p[:]),
 	}
 	sig := ed25519.Sign(priv, msg.ToBinary())
 
-	fmt.Printf("echo \"shard_hint=%d\nchecksum=%x\nsignature=%x\nverification_key=%x\ndomain_hint=%s\" | curl --data-binary @- %s/sigsum/v0/add-leaf\n",
-		msg.ShardHint,
-		msg.Checksum[:],
+	fmt.Printf("echo \"shard_hint=%d\npreimage=%x\nsignature=%x\nverification_key=%x\ndomain_hint=%s\" | curl --data-binary @- %s/sigsum/v0/add-leaf\n",
+		*shardHint,
+		p[:],
 		sig,
 		priv.Public().(ed25519.PublicKey)[:],
 		*domainHint,
diff --git a/go.mod b/go.mod
index 993ddfd..5efddb0 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module git.sigsum.org/sigsum-log-go
 go 1.15
 
 require (
-	git.sigsum.org/sigsum-lib-go v0.0.2
+	git.sigsum.org/sigsum-lib-go v0.0.3
 	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 	github.com/golang/mock v1.4.4
 	github.com/google/certificate-transparency-go v1.1.1 // indirect
diff --git a/go.sum b/go.sum
index c196590..ce98daf 100644
--- a/go.sum
+++ b/go.sum
@@ -35,6 +35,8 @@ contrib.go.opencensus.io/exporter/stackdriver v0.13.4/go.mod h1:aXENhDJ1Y4lIg4EU
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 git.sigsum.org/sigsum-lib-go v0.0.2 h1:1FwdnraPaasw1D1Lb+flRMJRGLTuZrp17AZ6tx+iT/0=
 git.sigsum.org/sigsum-lib-go v0.0.2/go.mod h1:DVmlcf0MBHy4IZdnZ5DcbsKkGEd0EkOAoLINhLgcndY=
+git.sigsum.org/sigsum-lib-go v0.0.3 h1:VXtUC/LOPVb990P8dFitQkYx8a1M54hKFcsK7MiZ514=
+git.sigsum.org/sigsum-lib-go v0.0.3/go.mod h1:DVmlcf0MBHy4IZdnZ5DcbsKkGEd0EkOAoLINhLgcndY=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
diff --git a/pkg/db/trillian.go b/pkg/db/trillian.go
index 25b2fb3..453a884 100644
--- a/pkg/db/trillian.go
+++ b/pkg/db/trillian.go
@@ -26,7 +26,7 @@ func (c *TrillianClient) AddLeaf(ctx context.Context, req *requests.Leaf) error
 	leaf := types.Leaf{
 		Statement: types.Statement{
 			ShardHint: req.ShardHint,
-			Checksum:  req.Checksum,
+			Checksum:  *types.HashFn(req.Preimage[:]),
 		},
 		Signature: req.Signature,
 		KeyHash:   *types.HashFn(req.VerificationKey[:]),
diff --git a/pkg/db/trillian_test.go b/pkg/db/trillian_test.go
index 955fc46..4dc561d 100644
--- a/pkg/db/trillian_test.go
+++ b/pkg/db/trillian_test.go
@@ -20,10 +20,8 @@ import (
 
 func TestAddLeaf(t *testing.T) {
 	req := &requests.Leaf{
-		Statement: types.Statement{
-			ShardHint: 0,
-			Checksum:  types.Hash{},
-		},
+		ShardHint:       0,
+		Preimage:        types.Hash{},
 		Signature:       types.Signature{},
 		VerificationKey: types.PublicKey{},
 		DomainHint:      "example.com",
diff --git a/pkg/instance/handler_test.go b/pkg/instance/handler_test.go
index f8817dc..8a48860 100644
--- a/pkg/instance/handler_test.go
+++ b/pkg/instance/handler_test.go
@@ -658,7 +658,7 @@ func mustHandle(t *testing.T, i Instance, e types.Endpoint) Handler {
 	return Handler{}
 }
 
-func mustLeafBuffer(t *testing.T, shardHint uint64, checksum types.Hash, wantSig bool) io.Reader {
+func mustLeafBuffer(t *testing.T, shardHint uint64, preimage types.Hash, wantSig bool) io.Reader {
 	t.Helper()
 
 	vk, sk, err := ed25519.GenerateKey(rand.Reader)
@@ -667,7 +667,7 @@ func mustLeafBuffer(t *testing.T, shardHint uint64, checksum types.Hash, wantSig
 	}
 	msg := types.Statement{
 		ShardHint: shardHint,
-		Checksum:  checksum,
+		Checksum:  *types.HashFn(preimage[:]),
 	}
 	sig := ed25519.Sign(sk, msg.ToBinary())
 	if !wantSig {
@@ -676,7 +676,7 @@ func mustLeafBuffer(t *testing.T, shardHint uint64, checksum types.Hash, wantSig
 	return bytes.NewBufferString(fmt.Sprintf(
 		"%s=%d\n"+"%s=%x\n"+"%s=%x\n"+"%s=%x\n"+"%s=%s\n",
 		"shard_hint", shardHint,
-		"checksum", checksum[:],
+		"preimage", preimage[:],
 		"signature", sig,
 		"verification_key", vk,
 		"domain_hint", "example.com",
diff --git a/pkg/instance/instance.go b/pkg/instance/instance.go
index bbd6cde..7ade955 100644
--- a/pkg/instance/instance.go
+++ b/pkg/instance/instance.go
@@ -56,8 +56,11 @@ func (i *Instance) leafRequestFromHTTP(ctx context.Context, r *http.Request) (*r
 	if err := req.FromASCII(r.Body); err != nil {
 		return nil, fmt.Errorf("FromASCII: %v", err)
 	}
-
-	if !req.Statement.Verify(&req.VerificationKey, &req.Signature) {
+	stmt := types.Statement{
+		ShardHint: req.ShardHint,
+		Checksum:  *types.HashFn(req.Preimage[:]),
+	}
+	if !stmt.Verify(&req.VerificationKey, &req.Signature) {
 		return nil, fmt.Errorf("invalid signature")
 	}
 	shardEnd := uint64(time.Now().Unix())