1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
package requests
import (
"context"
"fmt"
"net/http"
"time"
"git.sigsum.org/sigsum-go/pkg/dns"
"git.sigsum.org/sigsum-go/pkg/merkle"
sigsumreq "git.sigsum.org/sigsum-go/pkg/requests"
"git.sigsum.org/sigsum-go/pkg/types"
)
func LeafRequestFromHTTP(r *http.Request, shardStart uint64, ctx context.Context, vf dns.Verifier) (*sigsumreq.Leaf, error) {
var req sigsumreq.Leaf
if err := req.FromASCII(r.Body); err != nil {
return nil, fmt.Errorf("parse ascii: %w", err)
}
stmt := types.Statement{
ShardHint: req.ShardHint,
Checksum: *merkle.HashFn(req.Message[:]),
}
if !stmt.Verify(&req.PublicKey, &req.Signature) {
return nil, fmt.Errorf("invalid signature")
}
shardEnd := uint64(time.Now().Unix())
if req.ShardHint < shardStart {
return nil, fmt.Errorf("invalid shard hint: %d not in [%d, %d]", req.ShardHint, shardStart, shardEnd)
}
if req.ShardHint > shardEnd {
return nil, fmt.Errorf("invalid shard hint: %d not in [%d, %d]", req.ShardHint, shardStart, shardEnd)
}
if err := vf.Verify(ctx, req.DomainHint, &req.PublicKey); err != nil {
return nil, fmt.Errorf("invalid domain hint: %v", err)
}
return &req, nil
}
func CosignatureRequestFromHTTP(r *http.Request, w map[merkle.Hash]types.PublicKey) (*sigsumreq.Cosignature, error) {
var req sigsumreq.Cosignature
if err := req.FromASCII(r.Body); err != nil {
return nil, fmt.Errorf("parse ascii: %w", err)
}
if _, ok := w[req.KeyHash]; !ok {
return nil, fmt.Errorf("unknown witness: %x", req.KeyHash)
}
return &req, nil
}
func ConsistencyProofRequestFromHTTP(r *http.Request) (*sigsumreq.ConsistencyProof, error) {
var req sigsumreq.ConsistencyProof
if err := req.FromURL(r.URL.Path); err != nil {
return nil, fmt.Errorf("parse url: %w", err)
}
if req.OldSize < 1 {
return nil, fmt.Errorf("old_size(%d) must be larger than zero", req.OldSize)
}
if req.NewSize <= req.OldSize {
return nil, fmt.Errorf("new_size(%d) must be larger than old_size(%d)", req.NewSize, req.OldSize)
}
return &req, nil
}
func InclusionProofRequestFromHTTP(r *http.Request) (*sigsumreq.InclusionProof, error) {
var req sigsumreq.InclusionProof
if err := req.FromURL(r.URL.Path); err != nil {
return nil, fmt.Errorf("parse url: %w", err)
}
if req.TreeSize < 2 {
// TreeSize:0 => not possible to prove inclusion of anything
// TreeSize:1 => you don't need an inclusion proof (it is always empty)
return nil, fmt.Errorf("tree_size(%d) must be larger than one", req.TreeSize)
}
return &req, nil
}
func LeavesRequestFromHTTP(r *http.Request, maxRange uint64) (*sigsumreq.Leaves, error) {
var req sigsumreq.Leaves
if err := req.FromURL(r.URL.Path); err != nil {
return nil, fmt.Errorf("parse url: %w", err)
}
if req.StartSize > req.EndSize {
return nil, fmt.Errorf("start_size(%d) must be less than or equal to end_size(%d)", req.StartSize, req.EndSize)
}
if req.EndSize-req.StartSize+1 > maxRange {
req.EndSize = req.StartSize + maxRange - 1
}
return &req, nil
}
|
