diff options
Diffstat (limited to 'type.go')
| -rw-r--r-- | type.go | 306 |
1 files changed, 0 insertions, 306 deletions
diff --git a/type.go b/type.go deleted file mode 100644 index db9ddc6..0000000 --- a/type.go +++ /dev/null @@ -1,306 +0,0 @@ -package stfe - -import ( - "fmt" - "time" - - "encoding/base64" - - "github.com/google/certificate-transparency-go/tls" - "github.com/google/trillian/types" - "github.com/system-transparency/stfe/namespace" -) - -// StFormat defines a particular StItem type that is versioned -type StFormat tls.Enum - -const ( - StFormatReserved StFormat = 0 - StFormatSignedTreeHeadV1 StFormat = 1 - StFormatSignedDebugInfoV1 StFormat = 2 - StFormatConsistencyProofV1 StFormat = 3 - StFormatInclusionProofV1 StFormat = 4 - StFormatChecksumV1 = 5 - StFormatCosignedTreeHeadV1 = 6 -) - -// StItem references a versioned item based on a given format specifier -type StItem struct { - Format StFormat `tls:"maxval:65535"` - SignedTreeHeadV1 *SignedTreeHeadV1 `tls:"selector:Format,val:1"` - SignedDebugInfoV1 *SignedDebugInfoV1 `tls:"selector:Format,val:2"` - ConsistencyProofV1 *ConsistencyProofV1 `tls:"selector:Format,val:3"` - InclusionProofV1 *InclusionProofV1 `tls:"selector:Format,val:4"` - ChecksumV1 *ChecksumV1 `tls:"selector:Format,val:5"` - CosignedTreeHeadV1 *CosignedTreeHeadV1 `tls:"selector:Format,val:6"` -} - -// SignedTreeHeadV1 is a signed tree head as defined by RFC 6962/bis, §4.10 -type SignedTreeHeadV1 struct { - LogId []byte `tls:"minlen:35,maxlen:35"` - TreeHead TreeHeadV1 - Signature []byte `tls:"minlen:1,maxlen:65535"` -} - -// SignedDebugInfoV1 is a signed statement that we intend (but do not promise) -// to insert an entry into the log as defined by markdown/api.md -type SignedDebugInfoV1 struct { - LogId []byte `tls:"minlen:35,maxlen:35"` - Message []byte `tls:"minlen:0,maxlen:65535"` - Signature []byte `tls:"minlen:1,maxlen:65535"` -} - -// ConsistencyProofV1 is a consistency proof as defined by RFC 6962/bis, §4.11 -type ConsistencyProofV1 struct { - LogId []byte `tls:"minlen:35,maxlen:35"` - TreeSize1 uint64 - TreeSize2 uint64 - ConsistencyPath []NodeHash `tls:"minlen:0,maxlen:65535"` -} - -// InclusionProofV1 is an inclusion proof as defined by RFC 6962/bis, §4.12 -type InclusionProofV1 struct { - LogId []byte `tls:"minlen:35,maxlen:35"` - TreeSize uint64 - LeafIndex uint64 - InclusionPath []NodeHash `tls:"minlen:0,maxlen:65535"` -} - -// ChecksumV1 associates a leaf type as defined by markdown/api.md -type ChecksumV1 struct { - Package []byte `tls:"minlen:1,maxlen:255"` - Checksum []byte `tls:"minlen:1,maxlen:64"` - Namespace namespace.Namespace -} - -// TreeHeadV1 is a tree head as defined by RFC 6962/bis, §4.10 -type TreeHeadV1 struct { - Timestamp uint64 - TreeSize uint64 - RootHash NodeHash - Extension []byte `tls:"minlen:0,maxlen:65535"` -} - -// CosignedTreeheadV1 is a cosigned STH -type CosignedTreeHeadV1 struct { - SignedTreeHeadV1 SignedTreeHeadV1 - SignatureV1 []SignatureV1 `tls:"minlen:0,maxlen:4294967295"` -} - -// SignatureV1 is a detached signature that was produced by a namespace -type SignatureV1 struct { - Namespace namespace.Namespace - Signature []byte `tls:"minlen:1,maxlen:65535"` -} - -// NodeHash is a Merkle tree hash as defined by RFC 6962/bis, §4.9 -type NodeHash struct { - Data []byte `tls:"minlen:32,maxlen:255"` -} - -// RawCertificate is a serialized X.509 certificate -type RawCertificate struct { - Data []byte `tls:"minlen:0,maxlen:65535"` -} - -func (f StFormat) String() string { - switch f { - case StFormatReserved: - return "reserved" - case StFormatSignedTreeHeadV1: - return "signed_tree_head_v1" - case StFormatSignedDebugInfoV1: - return "signed_debug_info_v1" - case StFormatConsistencyProofV1: - return "consistency_proof_v1" - case StFormatInclusionProofV1: - return "inclusion_proof_v1" - case StFormatChecksumV1: - return "checksum_v1" - case StFormatCosignedTreeHeadV1: - return "cosigned_tree_head_v1" - default: - return fmt.Sprintf("Unknown StFormat: %d", f) - } -} - -func (i StItem) String() string { - switch i.Format { - case StFormatChecksumV1: - return fmt.Sprintf("Format(%s): %s", i.Format, i.ChecksumV1) - case StFormatConsistencyProofV1: - return fmt.Sprintf("Format(%s): %s", i.Format, i.ConsistencyProofV1) - case StFormatInclusionProofV1: - return fmt.Sprintf("Format(%s): %s", i.Format, i.InclusionProofV1) - case StFormatSignedDebugInfoV1: - return fmt.Sprintf("Format(%s): %s", i.Format, i.SignedDebugInfoV1) - case StFormatSignedTreeHeadV1: - return fmt.Sprintf("Format(%s): %s", i.Format, i.SignedTreeHeadV1) - case StFormatCosignedTreeHeadV1: - return fmt.Sprintf("Format(%s): %s", i.Format, i.CosignedTreeHeadV1) - default: - return fmt.Sprintf("unknown StItem: %s", i.Format) - } -} - -func (i SignedTreeHeadV1) String() string { - return fmt.Sprintf("LogId(%s) TreeHead(%s) Signature(%s)", b64(i.LogId), i.TreeHead, b64(i.Signature)) -} - -func (i SignedDebugInfoV1) String() string { - return fmt.Sprintf("LogId(%s) Message(%s) Signature(%s)", b64(i.LogId), string(i.Message), b64(i.Signature)) -} - -func (i ConsistencyProofV1) String() string { - return fmt.Sprintf("LogID(%s) TreeSize1(%d) TreeSize2(%d) ConsistencyPath(%v)", b64(i.LogId), i.TreeSize1, i.TreeSize2, B64EncodePath(i.ConsistencyPath)) -} - -func (i InclusionProofV1) String() string { - return fmt.Sprintf("LogID(%s) TreeSize(%d) LeafIndex(%d) AuditPath(%v)", b64(i.LogId), i.TreeSize, i.LeafIndex, B64EncodePath(i.InclusionPath)) -} - -func (i ChecksumV1) String() string { - return fmt.Sprintf("Package(%s) Checksum(%s) Namespace(%s)", string(i.Package), string(i.Checksum), i.Namespace.String()) -} - -func (th TreeHeadV1) String() string { - return fmt.Sprintf("Timestamp(%s) TreeSize(%d) RootHash(%s)", time.Unix(int64(th.Timestamp/1000), 0), th.TreeSize, b64(th.RootHash.Data)) -} - -func (i CosignedTreeHeadV1) String() string { - return fmt.Sprintf("SignedTreeHead(%s) #Cosignatures(%d)", i.SignedTreeHeadV1.String(), len(i.SignatureV1)) -} - -// Marshal serializes an Stitem as defined by RFC 5246 -func (i *StItem) Marshal() ([]byte, error) { - serialized, err := tls.Marshal(*i) - if err != nil { - return nil, fmt.Errorf("marshal failed for StItem(%s): %v", i.Format, err) - } - return serialized, nil -} - -// MarshalB64 base64-encodes a serialized StItem -func (i *StItem) MarshalB64() (string, error) { - serialized, err := i.Marshal() - if err != nil { - return "", err - } - return b64(serialized), nil -} - -// Unmarshal unpacks a serialized StItem -func (i *StItem) Unmarshal(serialized []byte) error { - extra, err := tls.Unmarshal(serialized, i) - if err != nil { - return fmt.Errorf("unmarshal failed for StItem(%s): %v", i.Format, err) - } else if len(extra) > 0 { - return fmt.Errorf("unmarshal found extra data for StItem(%s): %v", i.Format, extra) - } - return nil -} - -// UnmarshalB64 unpacks a base64-encoded serialized StItem -func (i *StItem) UnmarshalB64(s string) error { - serialized, err := deb64(s) - if err != nil { - return fmt.Errorf("base64 decoding failed for StItem(%s): %v", i.Format, err) - } - return i.Unmarshal(serialized) -} - -// Marshal serializes a TreeHeadV1 as defined by RFC 5246 -func (th *TreeHeadV1) Marshal() ([]byte, error) { - serialized, err := tls.Marshal(*th) - if err != nil { - return nil, fmt.Errorf("marshal failed for TreeHeadV1: %v", err) - } - return serialized, nil -} - -// B64EncodePath encodes a path of node hashes as a list of base64 strings -func B64EncodePath(path []NodeHash) []string { - p := make([]string, 0, len(path)) - for _, hash := range path { - p = append(p, b64(hash.Data)) - } - return p -} - -// NewSignedTreeHead creates a new StItem of type signed_tree_head_v1 -func NewSignedTreeHeadV1(th *TreeHeadV1, logId, signature []byte) *StItem { - return &StItem{ - Format: StFormatSignedTreeHeadV1, - SignedTreeHeadV1: &SignedTreeHeadV1{logId, *th, signature}, - } -} - -// NewSignedDebugInfoV1 creates a new StItem of type inclusion_proof_v1 -func NewSignedDebugInfoV1(logId, message, signature []byte) *StItem { - return &StItem{ - Format: StFormatSignedDebugInfoV1, - SignedDebugInfoV1: &SignedDebugInfoV1{logId, message, signature}, - } -} - -// NewInclusionProofV1 creates a new StItem of type inclusion_proof_v1 -func NewInclusionProofV1(logID []byte, treeSize, index uint64, proof [][]byte) *StItem { - path := make([]NodeHash, 0, len(proof)) - for _, hash := range proof { - path = append(path, NodeHash{Data: hash}) - } - return &StItem{ - Format: StFormatInclusionProofV1, - InclusionProofV1: &InclusionProofV1{logID, treeSize, index, path}, - } -} - -// NewConsistencyProofV1 creates a new StItem of type consistency_proof_v1 -func NewConsistencyProofV1(logId []byte, first, second uint64, proof [][]byte) *StItem { - path := make([]NodeHash, 0, len(proof)) - for _, hash := range proof { - path = append(path, NodeHash{Data: hash}) - } - return &StItem{ - Format: StFormatConsistencyProofV1, - ConsistencyProofV1: &ConsistencyProofV1{logId, uint64(first), uint64(second), path}, - } -} - -// NewChecksumV1 creates a new StItem of type checksum_v1 -func NewChecksumV1(identifier, checksum []byte, namespace *namespace.Namespace) *StItem { - return &StItem{ - Format: StFormatChecksumV1, - ChecksumV1: &ChecksumV1{identifier, checksum, *namespace}, - } -} - -// NewTreeHead creates a new TreeHeadV1 from a Trillian-signed log root without -// verifying any signature. In other words, Trillian <-> STFE must be trusted. -func NewTreeHeadV1(lr *types.LogRootV1) *TreeHeadV1 { - return &TreeHeadV1{ - uint64(lr.TimestampNanos / 1000 / 1000), - uint64(lr.TreeSize), - NodeHash{lr.RootHash}, - make([]byte, 0), - } -} - -// NewCosignedTreeHeadV1 creates a new StItem of type cosigned_tree_head_v1 -func NewCosignedTreeHeadV1(sth *SignedTreeHeadV1, sigs []SignatureV1) *StItem { - return &StItem{ - Format: StFormatCosignedTreeHeadV1, - CosignedTreeHeadV1: &CosignedTreeHeadV1{ - SignedTreeHeadV1: *sth, - SignatureV1: sigs, - }, - } -} - -func b64(b []byte) string { - return base64.StdEncoding.EncodeToString(b) -} - -func deb64(str string) ([]byte, error) { - return base64.StdEncoding.DecodeString(str) -} |