Skip to content

Commit

Permalink
pass treeSize and rootHash to avoid trillian import (#1513)
Browse files Browse the repository at this point in the history
Signed-off-by: Bob Callaway <bcallaway@google.com>
  • Loading branch information
bobcallaway authored May 30, 2023
1 parent 62d3f06 commit 67cc9e5
Show file tree
Hide file tree
Showing 6 changed files with 10 additions and 13 deletions.
4 changes: 2 additions & 2 deletions pkg/api/entries.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ func logEntryFromLeaf(ctx context.Context, signer signature.Signer, _ trilliancl
return nil, fmt.Errorf("signing entry error: %w", err)
}

scBytes, err := util.CreateAndSignCheckpoint(ctx, viper.GetString("rekor_server.hostname"), tid, root, api.signer)
scBytes, err := util.CreateAndSignCheckpoint(ctx, viper.GetString("rekor_server.hostname"), tid, root.TreeSize, root.RootHash, api.signer)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -280,7 +280,7 @@ func createLogEntry(params entries.CreateLogEntryParams) (models.LogEntry, middl
hashes = append(hashes, hex.EncodeToString(hash))
}

scBytes, err := util.CreateAndSignCheckpoint(ctx, viper.GetString("rekor_server.hostname"), api.logID, root, api.signer)
scBytes, err := util.CreateAndSignCheckpoint(ctx, viper.GetString("rekor_server.hostname"), api.logID, root.TreeSize, root.RootHash, api.signer)
if err != nil {
return nil, handleRekorAPIError(params, http.StatusInternalServerError, err, sthGenerateError)
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/api/tlog.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ func GetLogInfoHandler(params tlog.GetLogInfoParams) middleware.Responder {
treeSize := int64(root.TreeSize)

scBytes, err := util.CreateAndSignCheckpoint(params.HTTPRequest.Context(),
viper.GetString("rekor_server.hostname"), api.logRanges.ActiveTreeID(), root, api.signer)
viper.GetString("rekor_server.hostname"), api.logRanges.ActiveTreeID(), root.TreeSize, root.RootHash, api.signer)
if err != nil {
return handleRekorAPIError(params, http.StatusInternalServerError, err, sthGenerateError)
}
Expand Down Expand Up @@ -184,7 +184,7 @@ func inactiveShardLogInfo(ctx context.Context, tid int64) (*models.InactiveShard
hashString := hex.EncodeToString(root.RootHash)
treeSize := int64(root.TreeSize)

scBytes, err := util.CreateAndSignCheckpoint(ctx, viper.GetString("rekor_server.hostname"), tid, root, api.signer)
scBytes, err := util.CreateAndSignCheckpoint(ctx, viper.GetString("rekor_server.hostname"), tid, root.TreeSize, root.RootHash, api.signer)
if err != nil {
return nil, err
}
Expand Down
7 changes: 3 additions & 4 deletions pkg/util/checkpoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ import (
"strings"
"time"

"github.com/google/trillian/types"
"github.com/sigstore/sigstore/pkg/signature"
"github.com/sigstore/sigstore/pkg/signature/options"
)
Expand Down Expand Up @@ -168,11 +167,11 @@ func (r *SignedCheckpoint) GetTimestamp() uint64 {
}

// CreateAndSignCheckpoint creates a signed checkpoint as a commitment to the current root hash
func CreateAndSignCheckpoint(ctx context.Context, hostname string, treeID int64, root *types.LogRootV1, signer signature.Signer) ([]byte, error) {
func CreateAndSignCheckpoint(ctx context.Context, hostname string, treeID int64, treeSize uint64, rootHash []byte, signer signature.Signer) ([]byte, error) {
sth, err := CreateSignedCheckpoint(Checkpoint{
Origin: fmt.Sprintf("%s - %d", hostname, treeID),
Size: root.TreeSize,
Hash: root.RootHash,
Size: treeSize,
Hash: rootHash,
})
if err != nil {
return nil, fmt.Errorf("error creating checkpoint: %v", err)
Expand Down
3 changes: 1 addition & 2 deletions pkg/util/checkpoint_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ import (
"time"

"github.com/google/go-cmp/cmp"
"github.com/google/trillian/types"
"github.com/sigstore/sigstore/pkg/signature"
"github.com/sigstore/sigstore/pkg/signature/options"
"golang.org/x/mod/sumdb/note"
Expand Down Expand Up @@ -458,7 +457,7 @@ func TestSignCheckpoint(t *testing.T) {
t.Fatalf("error generating signer: %v", err)
}
ctx := context.Background()
scBytes, err := CreateAndSignCheckpoint(ctx, hostname, treeID, &types.LogRootV1{TreeSize: treeSize, RootHash: rootHash[:]}, signer)
scBytes, err := CreateAndSignCheckpoint(ctx, hostname, treeID, treeSize, rootHash[:], signer)
if err != nil {
t.Fatalf("error creating signed checkpoint: %v", err)
}
Expand Down
3 changes: 1 addition & 2 deletions pkg/verify/verify_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ import (
"github.com/go-openapi/runtime"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/google/trillian/types"
"github.com/sigstore/rekor/pkg/generated/client"
"github.com/sigstore/rekor/pkg/generated/client/tlog"
"github.com/sigstore/rekor/pkg/generated/models"
Expand Down Expand Up @@ -253,7 +252,7 @@ func TestCheckpoint(t *testing.T) {
t.Fatalf("error generating signer: %v", err)
}
ctx := context.Background()
scBytes, err := util.CreateAndSignCheckpoint(ctx, hostname, treeID, &types.LogRootV1{TreeSize: treeSize, RootHash: rootHash[:]}, signer)
scBytes, err := util.CreateAndSignCheckpoint(ctx, hostname, treeID, treeSize, rootHash[:], signer)
if err != nil {
t.Fatalf("error creating signed checkpoint: %v", err)
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/witness/publish_checkpoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ func (c *CheckpointPublisher) publish(tc *trillianclient.TrillianClient, sTreeID
}

// sign checkpoint with Rekor private key
checkpoint, err := util.CreateAndSignCheckpoint(context.Background(), c.hostname, c.treeID, root, c.signer)
checkpoint, err := util.CreateAndSignCheckpoint(context.Background(), c.hostname, c.treeID, root.TreeSize, root.RootHash, c.signer)
if err != nil {
c.reqCounter.With(
map[string]string{
Expand Down

0 comments on commit 67cc9e5

Please sign in to comment.