From cb6485bb6075179dc2521b8e82db961deae74faf Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus@mullvad.net>
Date: Sat, 21 May 2022 20:31:09 +0200
Subject: add proof verification to sigsum-debug

---
 cmd/sigsum-debug/head/consistency/consistency.go | 30 ++++++++++++++++++++++--
 cmd/sigsum-debug/head/sign/sign.go               |  2 +-
 cmd/sigsum-debug/leaf/hash/hash.go               |  2 +-
 cmd/sigsum-debug/leaf/inclusion/inclusion.go     | 28 +++++++++++++++++++++-
 internal/fmtio/fmtio.go                          |  2 +-
 5 files changed, 58 insertions(+), 6 deletions(-)

diff --git a/cmd/sigsum-debug/head/consistency/consistency.go b/cmd/sigsum-debug/head/consistency/consistency.go
index 18fbdd6..c4feb94 100644
--- a/cmd/sigsum-debug/head/consistency/consistency.go
+++ b/cmd/sigsum-debug/head/consistency/consistency.go
@@ -1,9 +1,35 @@
 package consistency
 
 import (
+	"bytes"
 	"fmt"
+
+	"git.sigsum.org/sigsum-go/internal/fmtio"
+	"git.sigsum.org/sigsum-go/pkg/types"
 )
 
-func Main(args []string, oldSize, newSize uint64, oldRoot, newRoot string) error {
-	return fmt.Errorf("TODO")
+func Main(args []string, optOldSize, optNewSize uint64, optOldRoot, optNewRoot string) error {
+	if len(args) != 0 {
+		return fmt.Errorf("trailing arguments: %v", args)
+	}
+	b, err := fmtio.BytesFromStdin()
+	if err != nil {
+		return fmt.Errorf("read: %w", err)
+	}
+	var proof types.ConsistencyProof
+	if err := proof.FromASCII(bytes.NewBuffer(b), optOldSize, optNewSize); err != nil {
+		return fmt.Errorf("parse proof: %w", err)
+	}
+	oldRoot, err := fmtio.HashFromHex(optOldRoot)
+	if err != nil {
+		return fmt.Errorf("parse old root: %w", err)
+	}
+	newRoot, err := fmtio.HashFromHex(optNewRoot)
+	if err != nil {
+		return fmt.Errorf("parse new root: %w", err)
+	}
+	if err := proof.Verify(&oldRoot, &newRoot); err != nil {
+		return fmt.Errorf("verify: %w", err)
+	}
+	return nil
 }
diff --git a/cmd/sigsum-debug/head/sign/sign.go b/cmd/sigsum-debug/head/sign/sign.go
index 572af9a..6369d21 100644
--- a/cmd/sigsum-debug/head/sign/sign.go
+++ b/cmd/sigsum-debug/head/sign/sign.go
@@ -22,7 +22,7 @@ func Main(args []string, optPrivateKey, optKeyHash string) error {
 	if err != nil {
 		return fmt.Errorf("parse private key: %v", err)
 	}
-	keyHash, err := fmtio.KeyHashFromHex(optKeyHash)
+	keyHash, err := fmtio.HashFromHex(optKeyHash)
 	if err != nil {
 		return fmt.Errorf("parse key hash: %v", err)
 	}
diff --git a/cmd/sigsum-debug/leaf/hash/hash.go b/cmd/sigsum-debug/leaf/hash/hash.go
index 4fd471c..a6fe1ad 100644
--- a/cmd/sigsum-debug/leaf/hash/hash.go
+++ b/cmd/sigsum-debug/leaf/hash/hash.go
@@ -18,7 +18,7 @@ func Main(args []string, optKeyHash, optSignature string, optShardHint uint64) e
 	if err != nil {
 		return fmt.Errorf("read stdin: %w", err)
 	}
-	keyHash, err := fmtio.KeyHashFromHex(optKeyHash)
+	keyHash, err := fmtio.HashFromHex(optKeyHash)
 	if err != nil {
 		return fmt.Errorf("parse key hash: %w", err)
 	}
diff --git a/cmd/sigsum-debug/leaf/inclusion/inclusion.go b/cmd/sigsum-debug/leaf/inclusion/inclusion.go
index f9aeb68..e70b3eb 100644
--- a/cmd/sigsum-debug/leaf/inclusion/inclusion.go
+++ b/cmd/sigsum-debug/leaf/inclusion/inclusion.go
@@ -1,9 +1,35 @@
 package inclusion
 
 import (
+	"bytes"
 	"fmt"
+
+	"git.sigsum.org/sigsum-go/internal/fmtio"
+	"git.sigsum.org/sigsum-go/pkg/types"
 )
 
 func Main(args []string, optLeafHash, optRootHash string, optTreeSize uint64) error {
-	return fmt.Errorf("TODO")
+	if len(args) != 0 {
+		return fmt.Errorf("trailing arguments: %v", args)
+	}
+	b, err := fmtio.BytesFromStdin()
+	if err != nil {
+		return fmt.Errorf("read: %w", err)
+	}
+	var proof types.InclusionProof
+	if err := proof.FromASCII(bytes.NewBuffer(b), optTreeSize); err != nil {
+		return fmt.Errorf("parse proof: %w", err)
+	}
+	leafHash, err := fmtio.HashFromHex(optLeafHash)
+	if err != nil {
+		return fmt.Errorf("parse leaf hash: %w", err)
+	}
+	rootHash, err := fmtio.HashFromHex(optRootHash)
+	if err != nil {
+		return fmt.Errorf("parse root hash: %w", err)
+	}
+	if err := proof.Verify(&leafHash, &rootHash); err != nil {
+		return fmt.Errorf("verify: %w", err)
+	}
+	return nil
 }
diff --git a/internal/fmtio/fmtio.go b/internal/fmtio/fmtio.go
index 84b1265..9d86917 100644
--- a/internal/fmtio/fmtio.go
+++ b/internal/fmtio/fmtio.go
@@ -55,7 +55,7 @@ func PublicKeyFromHex(s string) (pub types.PublicKey, err error) {
 	return
 }
 
-func KeyHashFromHex(s string) (h merkle.Hash, err error) {
+func HashFromHex(s string) (h merkle.Hash, err error) {
 	b, err := hex.Deserialize(s)
 	if err != nil {
 		return h, err
-- 
cgit v1.2.3