From f02d9ad52b4b70fc1af8224201cf993faa82eaee Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Tue, 17 Nov 2020 12:11:30 +0100 Subject: fixed redundant tree head checking --- handler.go | 10 ++++------ trillian.go | 9 ++++----- trillian_test.go | 3 +-- type.go | 14 ++++++-------- 4 files changed, 15 insertions(+), 21 deletions(-) diff --git a/handler.go b/handler.go index fe93f4f..d77379d 100644 --- a/handler.go +++ b/handler.go @@ -9,6 +9,7 @@ import ( "github.com/golang/glog" "github.com/google/trillian" + "github.com/google/trillian/types" ) // handler implements the http.Handler interface, and contains a reference @@ -180,15 +181,12 @@ func getSth(ctx context.Context, i *Instance, w http.ResponseWriter, _ *http.Req trsp, err := i.Client.GetLatestSignedLogRoot(ctx, &trillian.GetLatestSignedLogRootRequest{ LogId: i.LogParameters.TreeId, }) - if status, errInner := checkGetLatestSignedLogRoot(i.LogParameters, trsp, err); errInner != nil { + var lr types.LogRootV1 + if status, errInner := checkGetLatestSignedLogRoot(i.LogParameters, trsp, err, &lr); errInner != nil { return status, fmt.Errorf("bad GetLatestSignedLogRootResponse: %v", errInner) } - th, err := NewTreeHeadV1(i.LogParameters, trsp.SignedLogRoot) - if err != nil { - return http.StatusInternalServerError, fmt.Errorf("failed creating tree head: %v", err) - } - sth, err := i.LogParameters.genV1Sth(th) + sth, err := i.LogParameters.genV1Sth(NewTreeHeadV1(i.LogParameters, &lr)) if err != nil { return http.StatusInternalServerError, fmt.Errorf("failed creating signed tree head: %v", err) } diff --git a/trillian.go b/trillian.go index 02b220c..8ae96a1 100644 --- a/trillian.go +++ b/trillian.go @@ -62,16 +62,15 @@ func checkGetConsistencyProof(lp *LogParameters, rsp *trillian.GetConsistencyPro return checkHashPath(lp.HashType.Size(), rsp.Proof.Hashes) } -func checkGetLatestSignedLogRoot(lp *LogParameters, rsp *trillian.GetLatestSignedLogRootResponse, err error) (int, error) { +func checkGetLatestSignedLogRoot(lp *LogParameters, rsp *trillian.GetLatestSignedLogRootResponse, err error, out *types.LogRootV1) (int, error) { if err != nil || rsp == nil || rsp.SignedLogRoot == nil || rsp.SignedLogRoot.LogRoot == nil { return http.StatusInternalServerError, fmt.Errorf("%v", err) } - var lr types.LogRootV1 - if err := lr.UnmarshalBinary(rsp.SignedLogRoot.LogRoot); err != nil { + if err := out.UnmarshalBinary(rsp.SignedLogRoot.LogRoot); err != nil { return http.StatusInternalServerError, fmt.Errorf("cannot unmarshal log root: %v", err) } - if len(lr.RootHash) != lp.HashType.Size() { - return http.StatusInternalServerError, fmt.Errorf("invalid root hash: %v", lr.RootHash) + if len(out.RootHash) != lp.HashType.Size() { + return http.StatusInternalServerError, fmt.Errorf("invalid root hash: %v", out.RootHash) } return 0, nil } diff --git a/trillian_test.go b/trillian_test.go index 66ad647..7b26bb9 100644 --- a/trillian_test.go +++ b/trillian_test.go @@ -1,8 +1,8 @@ package stfe import ( - "testing" "fmt" + "testing" "github.com/google/trillian" "github.com/system-transparency/stfe/server/testdata" @@ -31,7 +31,6 @@ func TestCheckGetConsistencyProof(t *testing.T) { func TestCheckGetLatestSignedLogRoot(t *testing.T) { } - // makeTrillianQueueLeafResponse creates a valid trillian QueueLeafResponse // for a package `name` where the checksum is all zeros (32 bytes). The pemKey // is a PEM-encoded ed25519 signing key, and pemChain its certificate chain. diff --git a/type.go b/type.go index 93022b7..7105eff 100644 --- a/type.go +++ b/type.go @@ -282,15 +282,13 @@ func NewChecksumV1(identifier []byte, checksum []byte) *StItem { // NewTreeHead creates a new TreeHeadV1 from a Trillian-signed log root without // verifying any signature. In other words, Trillian <-> STFE must be trusted. -func NewTreeHeadV1(lp *LogParameters, slr *trillian.SignedLogRoot) (*TreeHeadV1, error) { - var lr types.LogRootV1 - if err := lr.UnmarshalBinary(slr.GetLogRoot()); err != nil { - return nil, fmt.Errorf("failed unmarshaling Trillian slr: %v", err) +func NewTreeHeadV1(lp *LogParameters, lr *types.LogRootV1) *TreeHeadV1 { + return &TreeHeadV1{ + uint64(lr.TimestampNanos / 1000 / 1000), + uint64(lr.TreeSize), + NodeHash{lr.RootHash}, + nil, } - if lp.HashType.Size() != len(lr.RootHash) { - return nil, fmt.Errorf("invalid Trillian root hash: %v", lr.RootHash) - } - return &TreeHeadV1{uint64(lr.TimestampNanos / 1000 / 1000), uint64(lr.TreeSize), NodeHash{lr.RootHash}, nil}, nil } // NewAppendix creates a new leaf Appendix for an X.509 chain and signature -- cgit v1.2.3