1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
package instance
import (
"context"
"crypto"
"fmt"
"net/http"
"time"
"git.sigsum.org/sigsum-lib-go/pkg/requests"
"git.sigsum.org/sigsum-lib-go/pkg/types"
"git.sigsum.org/sigsum-log-go/pkg/db"
"git.sigsum.org/sigsum-log-go/pkg/dns"
"git.sigsum.org/sigsum-log-go/pkg/state"
)
// Config is a collection of log parameters
type Config struct {
LogID string // H(public key), then hex-encoded
TreeID int64 // Merkle tree identifier used by Trillian
Prefix string // The portion between base URL and st/v0 (may be "")
MaxRange int64 // Maximum number of leaves per get-leaves request
Deadline time.Duration // Deadline used for gRPC requests
Interval time.Duration // Cosigning frequency
ShardStart uint64 // Shard interval start (num seconds since UNIX epoch)
// Witnesses map trusted witness identifiers to public verification keys
Witnesses map[types.Hash]types.PublicKey
}
// Instance is an instance of the log's front-end
type Instance struct {
Config // configuration parameters
Client db.Client // provides access to the Trillian backend
Signer crypto.Signer // provides access to Ed25519 private key
Stateman state.StateManager // coordinates access to (co)signed tree heads
DNS dns.Verifier // checks if domain name knows a public key
}
// Handlers returns a list of sigsum handlers
func (i *Instance) Handlers() []Handler {
return []Handler{
Handler{Instance: i, Handler: addLeaf, Endpoint: types.EndpointAddLeaf, Method: http.MethodPost},
Handler{Instance: i, Handler: addCosignature, Endpoint: types.EndpointAddCosignature, Method: http.MethodPost},
Handler{Instance: i, Handler: getTreeHeadToCosign, Endpoint: types.EndpointGetTreeHeadToSign, Method: http.MethodGet}, // XXX: ToCosign
Handler{Instance: i, Handler: getTreeHeadCosigned, Endpoint: types.EndpointGetTreeHeadCosigned, Method: http.MethodGet},
Handler{Instance: i, Handler: getCheckpoint, Endpoint: types.Endpoint("get-checkpoint"), Method: http.MethodGet},
Handler{Instance: i, Handler: getConsistencyProof, Endpoint: types.EndpointGetConsistencyProof, Method: http.MethodPost},
Handler{Instance: i, Handler: getInclusionProof, Endpoint: types.EndpointGetInclusionProof, Method: http.MethodPost},
Handler{Instance: i, Handler: getLeaves, Endpoint: types.EndpointGetLeaves, Method: http.MethodPost},
}
}
func (i *Instance) leafRequestFromHTTP(ctx context.Context, r *http.Request) (*requests.Leaf, error) {
var req requests.Leaf
if err := req.FromASCII(r.Body); err != nil {
return nil, fmt.Errorf("FromASCII: %v", err)
}
stmt := types.Statement{
ShardHint: req.ShardHint,
Checksum: *types.HashFn(req.Preimage[:]),
}
if !stmt.Verify(&req.VerificationKey, &req.Signature) {
return nil, fmt.Errorf("invalid signature")
}
shardEnd := uint64(time.Now().Unix())
if req.ShardHint < i.ShardStart {
return nil, fmt.Errorf("invalid shard hint: %d not in [%d, %d]", req.ShardHint, i.ShardStart, shardEnd)
}
if req.ShardHint > shardEnd {
return nil, fmt.Errorf("invalid shard hint: %d not in [%d, %d]", req.ShardHint, i.ShardStart, shardEnd)
}
if err := i.DNS.Verify(ctx, req.DomainHint, &req.VerificationKey); err != nil {
return nil, fmt.Errorf("invalid domain hint: %v", err)
}
return &req, nil
}
func (i *Instance) cosignatureRequestFromHTTP(r *http.Request) (*requests.Cosignature, error) {
var req requests.Cosignature
if err := req.FromASCII(r.Body); err != nil {
return nil, fmt.Errorf("FromASCII: %v", err)
}
if _, ok := i.Witnesses[req.KeyHash]; !ok {
return nil, fmt.Errorf("Unknown witness: %x", req.KeyHash)
}
return &req, nil
}
func (i *Instance) consistencyProofRequestFromHTTP(r *http.Request) (*requests.ConsistencyProof, error) {
var req requests.ConsistencyProof
if err := req.FromASCII(r.Body); err != nil {
return nil, fmt.Errorf("FromASCII: %v", err)
}
if req.OldSize < 1 {
return nil, fmt.Errorf("OldSize(%d) must be larger than zero", req.OldSize)
}
if req.NewSize <= req.OldSize {
return nil, fmt.Errorf("NewSize(%d) must be larger than OldSize(%d)", req.NewSize, req.OldSize)
}
return &req, nil
}
func (i *Instance) inclusionProofRequestFromHTTP(r *http.Request) (*requests.InclusionProof, error) {
var req requests.InclusionProof
if err := req.FromASCII(r.Body); err != nil {
return nil, fmt.Errorf("FromASCII: %v", err)
}
if req.TreeSize < 2 {
// TreeSize:0 => not possible to prove inclusion of anything
// TreeSize:1 => you don't need an inclusion proof (it is always empty)
return nil, fmt.Errorf("TreeSize(%d) must be larger than one", req.TreeSize)
}
return &req, nil
}
func (i *Instance) leavesRequestFromHTTP(r *http.Request) (*requests.Leaves, error) {
var req requests.Leaves
if err := req.FromASCII(r.Body); err != nil {
return nil, fmt.Errorf("FromASCII: %v", err)
}
if req.StartSize > req.EndSize {
return nil, fmt.Errorf("StartSize(%d) must be less than or equal to EndSize(%d)", req.StartSize, req.EndSize)
}
if req.EndSize-req.StartSize+1 > uint64(i.MaxRange) {
req.EndSize = req.StartSize + uint64(i.MaxRange) - 1
}
return &req, nil
}
|