diff options
author | Linus Nordberg <linus@nordberg.se> | 2022-03-02 13:00:50 +0100 |
---|---|---|
committer | Linus Nordberg <linus@nordberg.se> | 2022-03-02 13:00:50 +0100 |
commit | eaffcf03a1fc423c9dab622de7d93a6a22cc16d2 (patch) | |
tree | a3dedf0c916a352fd2b7c32c567c106db9759f9f /doc | |
parent | d65e54012475cf957a5b62cb75530573281eadc7 (diff) |
add shard hint to tree_leaf struct
Needed for being able to verify signatures.
Also, remove struct statement since we won't expose it and have no use
for it.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/api.md | 18 |
1 files changed, 8 insertions, 10 deletions
@@ -100,29 +100,27 @@ Logs support a single leaf type. It contains a signer's statement, signature, and key hash. ``` -struct statement { - u8 checksum[32]; -} - struct tree_leaf { - struct statement statement; + u64 shard_hint; + u8 checksum_hash[32]; u8 signature[64]; u8 key_hash[32]; } ``` -`checksum` is a the hash of a preimage. The signer submits a 32-byte preimage +`shard_hint` is a shard hint that matches the log's shard interval. + +`checksum_hash` is a hash of a preimage. The signer submits a 32-byte preimage representing some data. It is recommended to set this preimage to `H(data)`, in -which case the checksum will be `H(H(data))`. +which case the checksum hash will be `H(H(data))`. `signature` is computed by treating the above preimage as the message `M` in SSH's [signing format](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig). The hash algorithm string must be "SHA256". The reserved string must be empty. The namespace field must be set to `tree_leaf:v0:<shard_hint>@sigsum.org`, where -`<shard_hint>` is replaced with the shortest decimal ASCII representation of a -shard hint that matches the log's shard interval. This ensures a _sigsum -shard-specific tree leaf context_. +`<shard_hint>` is replaced with the shortest decimal ASCII representation of `shard_hint`. +This ensures a _sigsum shard-specific tree leaf context_. `key_hash` is a hash of the signer's public verification key using the same format as Section 2.3.2. It is included |