package stfe import ( "fmt" "crypto/x509" "encoding/base64" "time" "github.com/google/certificate-transparency-go/tls" "github.com/google/trillian" "github.com/google/trillian/types" ) // StFormat defines a particular StItem type that is versioned type StFormat tls.Enum const ( StFormatReserved StFormat = 0 StFormatSignedTreeHeadV1 StFormat = 1 StFormatSignedDebugInfoV1 StFormat = 2 StFormatConsistencyProofV1 StFormat = 3 StFormatInclusionProofV1 StFormat = 4 StFormatChecksumV1 = 5 ) // StItem references a versioned item based on a given format specifier. type StItem struct { Format StFormat `tls:"maxval:65535"` SignedTreeHeadV1 *SignedTreeHeadV1 `tls:"selector:Format,val:1"` SignedDebugInfoV1 *SignedDebugInfoV1 `tls:"selector:Format,val:2"` ConsistencyProofV1 *ConsistencyProofV1 `tls:"selector:Format,val:3"` InclusionProofV1 *InclusionProofV1 `tls:"selector:Format,val:4"` ChecksumV1 *ChecksumV1 `tls:"selector:Format,val:5"` } type ConsistencyProofV1 struct { LogId []byte `tls:"minlen:2,maxlen:127"` TreeSize1 uint64 TreeSize2 uint64 ConsistencyPath []NodeHash `tls:"minlen:1,maxlen:65535"` } type SignedTreeHeadV1 struct { LogId []byte `tls:"minlen:2,maxlen:127"` TreeHead TreeHeadV1 `tls:minlen:0, maxlen:65535` // what should maxlen be? Signature []byte `tls:"minlen:0,maxlen:65535"` } type TreeHeadV1 struct { Timestamp uint64 TreeSize uint64 RootHash NodeHash `tls:minlen:32,maxlen:255` Extension []byte `tls:"minlen:0,maxlen:65535"` } // ChecksumV1 associates a package name with an arbitrary checksum value type ChecksumV1 struct { Package []byte `tls:"minlen:0,maxlen:255"` Checksum []byte `tls:"minlen:32,maxlen:255"` } // InclusionProofV1 is a Merkle tree inclusion proof, see RFC 6962/bis (§4.12) type InclusionProofV1 struct { LogID []byte `tls:"minlen:2,maxlen:127"` TreeSize uint64 LeafIndex uint64 InclusionPath []NodeHash `tls:"minlen:1,maxlen:65535"` } // SignedDebugInfoV1 is a signed statement that we intend (but do not promise) // to insert an entry into the log. Only Ed25519 signatures are supported. // TODO: double-check that crypto/ed25519 encodes signature as in RFC 8032 // TODO: need to think about signature format, then update markdown/api.md type SignedDebugInfoV1 struct { LogId []byte `tls:"minlen:32,maxlen:127"` Message []byte `tls:"minlen:0,maxlen:65535"` Signature []byte `tls:"minlen:0,maxlen:65535"` // defined in RFC 8032 } // NodeHash is a hashed Merkle tree node, see RFC 6962/bis (§4.9) type NodeHash struct { Data []byte `tls:"minlen:32,maxlen:255"` } func NewSignedTreeHeadV1(th TreeHeadV1, logId, signature []byte) StItem { return StItem{ Format: StFormatSignedTreeHeadV1, SignedTreeHeadV1: &SignedTreeHeadV1{ LogId: logId, TreeHead: th, Signature: signature, }, } } // NewTreeHead converts a Trillian-signed log root to a tree head without // verifying any signature. In other words, Trillian <-> STFE is trusted. func NewTreeHeadV1(lp *LogParameters, slr *trillian.SignedLogRoot) (TreeHeadV1, error) { if slr == nil { return TreeHeadV1{}, fmt.Errorf("Trillian returned no tree head") } var lr types.LogRootV1 if err := lr.UnmarshalBinary(slr.GetLogRoot()); err != nil { return TreeHeadV1{}, fmt.Errorf("failed unmarshaling Trillian slr: %v", err) } if lp.HashType.Size() != len(lr.RootHash) { return TreeHeadV1{}, fmt.Errorf("invalid Trillian root hash: %v", lr.RootHash) } return TreeHeadV1{ Timestamp: uint64(lr.TimestampNanos / 1000 / 1000), TreeSize: uint64(lr.TreeSize), RootHash: NodeHash{ Data: lr.RootHash, }, Extension: nil, // no known extensions }, nil } func NewSignedDebugInfoV1(logId, message, signature []byte) StItem { return StItem{ Format: StFormatSignedDebugInfoV1, SignedDebugInfoV1: &SignedDebugInfoV1{ LogId: logId, Message: message, Signature: signature, }, } } // NewChecksumV1 creates a new StItem of type checksum_v1 func NewChecksumV1(identifier []byte, checksum []byte) StItem { return StItem{ Format: StFormatChecksumV1, ChecksumV1: &ChecksumV1{ Package: identifier, Checksum: checksum, }, } } // NewInclusionProofV1 creates a new StItem of type inclusion_proof_v1 func NewInclusionProofV1(logID []byte, treeSize uint64, proof *trillian.Proof) StItem { inclusionPath := make([]NodeHash, 0, len(proof.Hashes)) for _, hash := range proof.Hashes { inclusionPath = append(inclusionPath, NodeHash{Data: hash}) } return StItem{ Format: StFormatInclusionProofV1, InclusionProofV1: &InclusionProofV1{ LogID: logID, TreeSize: treeSize, LeafIndex: uint64(proof.LeafIndex), InclusionPath: inclusionPath, }, } } func NewConsistencyProofV1(logId []byte, first, second int64, proof *trillian.Proof) StItem { path := make([]NodeHash, 0, len(proof.Hashes)) for _, hash := range proof.Hashes { path = append(path, NodeHash{Data: hash}) } return StItem{ Format: StFormatConsistencyProofV1, ConsistencyProofV1: &ConsistencyProofV1{ LogId: logId, TreeSize1: uint64(first), TreeSize2: uint64(second), ConsistencyPath: path, }, } } func (f StFormat) String() string { switch f { case StFormatReserved: return "reserved" case StFormatSignedTreeHeadV1: return "signed_tree_head_v1" case StFormatSignedDebugInfoV1: return "signed_debug_info_v1" case StFormatConsistencyProofV1: return "consistency_proof_v1" case StFormatInclusionProofV1: return "inclusion_proof_v1" case StFormatChecksumV1: return "checksum_v1" default: return fmt.Sprintf("Unknown StFormat: %d", f) } } func (i StItem) String() string { switch i.Format { case StFormatChecksumV1: return fmt.Sprintf("Format(%s): %s", i.Format, *i.ChecksumV1) case StFormatConsistencyProofV1: return fmt.Sprintf("Format(%s): %s", i.Format, *i.ConsistencyProofV1) case StFormatInclusionProofV1: return fmt.Sprintf("Format(%s): %s", i.Format, *i.InclusionProofV1) case StFormatSignedDebugInfoV1: return fmt.Sprintf("Format(%s): %s", i.Format, *i.SignedDebugInfoV1) case StFormatSignedTreeHeadV1: return fmt.Sprintf("Format(%s): %s", i.Format, *i.SignedTreeHeadV1) default: return fmt.Sprintf("unknown StItem: %s", i.Format) } } func (th TreeHeadV1) String() string { return fmt.Sprintf("Timestamp(%s) TreeSize(%d) RootHash(%s)", time.Unix(int64(th.Timestamp/1000), 0), th.TreeSize, base64.StdEncoding.EncodeToString(th.RootHash.Data)) } func (i SignedTreeHeadV1) String() string { return fmt.Sprintf("LogId(%s) TreeHead(%s) Signature(%s)", base64.StdEncoding.EncodeToString(i.LogId), i.TreeHead, base64.StdEncoding.EncodeToString(i.Signature)) } func (i SignedDebugInfoV1) String() string { return fmt.Sprintf("LogId(%s) Message(%s) Signature(%s)", base64.StdEncoding.EncodeToString(i.LogId), string(i.Message), base64.StdEncoding.EncodeToString(i.Signature)) } func (i ChecksumV1) String() string { return fmt.Sprintf("Package(%v) Checksum(%v)", string(i.Package), base64.StdEncoding.EncodeToString(i.Checksum)) } func (i InclusionProofV1) String() string { path := make([]string, 0, len(i.InclusionPath)) for _, hash := range i.InclusionPath { path = append(path, base64.StdEncoding.EncodeToString(hash.Data)) } return fmt.Sprintf("LogID(%s) TreeSize(%d) LeafIndex(%d) AuditPath(%v)", base64.StdEncoding.EncodeToString(i.LogID), i.TreeSize, i.LeafIndex, path) } func (i ConsistencyProofV1) String() string { path := make([]string, 0, len(i.ConsistencyPath)) for _, hash := range i.ConsistencyPath { path = append(path, base64.StdEncoding.EncodeToString(hash.Data)) } return fmt.Sprintf("LogID(%s) TreeSize1(%d) TreeSize2(%d) ConsistencyPath(%v)", base64.StdEncoding.EncodeToString(i.LogId), i.TreeSize1, i.TreeSize2, path) } // StItemFromB64 creates an StItem from a serialized and base64-encoded string func StItemFromB64(s string) (StItem, error) { b, err := base64.StdEncoding.DecodeString(s) if err != nil { return StItem{}, fmt.Errorf("base64 decoding failed: %v", err) } var item StItem extra, err := tls.Unmarshal(b, &item) if err != nil { return StItem{}, fmt.Errorf("tls unmarshal failed: %v", err) } else if len(extra) > 0 { return StItem{}, fmt.Errorf("tls unmarshal found extra data: %v", extra) } return item, nil } // Appendix is extra data that Trillian can store about a leaf type Appendix struct { Signature []byte `tls:"minlen:0,maxlen:16383"` Chain []RawCertificate `tls:"minlen:0,maxlen:65535"` } // RawCertificate is a serialized X.509 certificate type RawCertificate struct { Data []byte `tls:"minlen:0,maxlen:65535"` } // NewAppendix creates a new leaf Appendix for an X.509 chain and signature func NewAppendix(x509Chain []*x509.Certificate, signature []byte) Appendix { chain := make([]RawCertificate, 0, 2) // TODO: base length on config param for _, c := range x509Chain { chain = append(chain, RawCertificate{c.Raw}) } return Appendix{Signature: signature, Chain: chain} }