diff --git a/client/map_verifier.go b/client/map_verifier.go index a1ee41687e..0147946cd5 100644 --- a/client/map_verifier.go +++ b/client/map_verifier.go @@ -23,12 +23,14 @@ import ( "github.com/google/trillian/merkle" "github.com/google/trillian/merkle/hashers" "github.com/google/trillian/trees" + "github.com/google/trillian/types" tcrypto "github.com/google/trillian/crypto" ) // MapVerifier verifies protos produced by the Trillian Map. type MapVerifier struct { + MapID int64 // Hasher is the hash strategy used to compute nodes in the Merkle tree. Hasher hashers.MapHasher // PubKey verifies the signature on the digest of MapRoot. @@ -59,6 +61,7 @@ func NewMapVerifierFromTree(config *trillian.Tree) (*MapVerifier, error) { } return &MapVerifier{ + MapID: config.GetTreeId(), Hasher: mapHasher, PubKey: mapPubKey, SigHash: sigHash, @@ -70,17 +73,14 @@ func (m *MapVerifier) VerifyMapLeafInclusion(smr *trillian.SignedMapRoot, leafPr index := leafProof.GetLeaf().GetIndex() leaf := leafProof.GetLeaf().GetLeafValue() proof := leafProof.GetInclusion() - expectedRoot := smr.GetRootHash() - mapID := smr.GetMapId() - return merkle.VerifyMapInclusionProof(mapID, index, leaf, expectedRoot, proof, m.Hasher) + root, err := m.VerifySignedMapRoot(smr) + if err != nil { + return err + } + return merkle.VerifyMapInclusionProof(m.MapID, index, leaf, root.RootHash, proof, m.Hasher) } // VerifySignedMapRoot verifies the signature on the SignedMapRoot. -func (m *MapVerifier) VerifySignedMapRoot(smr *trillian.SignedMapRoot) error { - // SignedMapRoot contains its own signature. To verify, we need to create a local - // copy of the object and return the object to the state it was in when signed - // by removing the signature from the object. - orig := *smr - orig.Signature = nil // Remove the signature from the object to be verified. - return tcrypto.VerifyObject(m.PubKey, m.SigHash, orig, smr.GetSignature()) +func (m *MapVerifier) VerifySignedMapRoot(smr *trillian.SignedMapRoot) (*types.MapRootV1, error) { + return tcrypto.VerifySignedMapRoot(m.PubKey, m.SigHash, smr) } diff --git a/crypto/signer.go b/crypto/signer.go index 8b9f3ac7c9..76a5bb0d6d 100644 --- a/crypto/signer.go +++ b/crypto/signer.go @@ -18,10 +18,7 @@ package crypto import ( "crypto" "crypto/rand" - "encoding/json" - "fmt" - "github.com/benlaurie/objecthash/go/objecthash" "github.com/golang/glog" "github.com/google/trillian" "github.com/google/trillian/types" @@ -67,20 +64,6 @@ func (s *Signer) Sign(data []byte) ([]byte, error) { return s.Signer.Sign(rand.Reader, digest, s.Hash) } -// SignObject signs the requested object using ObjectHash. -func (s *Signer) SignObject(obj interface{}) ([]byte, error) { - // TODO(gbelvin): use objecthash.CommonJSONify - j, err := json.Marshal(obj) - if err != nil { - return nil, err - } - hash, err := objecthash.CommonJSONHash(string(j)) - if err != nil { - return nil, fmt.Errorf("CommonJSONHash(%s): %v", j, err) - } - return s.Sign(hash[:]) -} - // SignLogRoot returns a complete SignedLogRoot (including signature). func (s *Signer) SignLogRoot(r *types.LogRootV1) (*trillian.SignedLogRoot, error) { logRoot, err := r.MarshalBinary() @@ -105,8 +88,21 @@ func (s *Signer) SignLogRoot(r *types.LogRootV1) (*trillian.SignedLogRoot, error }, nil } -// SignMapRoot hashes and signs the supplied (to-be) SignedMapRoot and returns a -// signature. Hashing is performed by github.com/benlaurie/objecthash. -func (s *Signer) SignMapRoot(root *trillian.SignedMapRoot) ([]byte, error) { - return s.SignObject(root) +// SignMapRoot hashes and signs the supplied (to-be) SignedMapRoot and returns a signature. +func (s *Signer) SignMapRoot(r *types.MapRootV1) (*trillian.SignedMapRoot, error) { + rootBytes, err := r.MarshalBinary() + if err != nil { + return nil, err + } + + signature, err := s.Sign(rootBytes) + if err != nil { + glog.Warningf("%v: signer failed to sign map root: %v", s.KeyHint, err) + return nil, err + } + + return &trillian.SignedMapRoot{ + MapRoot: rootBytes, + Signature: signature, + }, nil } diff --git a/crypto/signer_test.go b/crypto/signer_test.go index 00a0d45042..288470fc86 100644 --- a/crypto/signer_test.go +++ b/crypto/signer_test.go @@ -16,13 +16,10 @@ package crypto import ( "crypto" - "encoding/json" "errors" "testing" - "github.com/benlaurie/objecthash/go/objecthash" "github.com/golang/mock/gomock" - "github.com/google/trillian" "github.com/google/trillian/crypto/keys/pem" "github.com/google/trillian/testonly" "github.com/google/trillian/types" @@ -123,32 +120,20 @@ func TestSignMapRoot(t *testing.T) { } signer := NewSigner(0, key, crypto.SHA256) - for _, test := range []struct { - root trillian.SignedMapRoot - }{ - {root: trillian.SignedMapRoot{TimestampNanos: 2267709, RootHash: []byte("Islington"), MapRevision: 3}}, + for _, root := range []types.MapRootV1{ + {TimestampNanos: 2267709, RootHash: []byte("Islington"), Revision: 3}, } { - sig, err := signer.SignMapRoot(&test.root) + smr, err := signer.SignMapRoot(&root) if err != nil { t.Errorf("Failed to sign map root: %v", err) continue } - if got := len(sig); got == 0 { + if got := len(smr.Signature); got == 0 { t.Errorf("len(sig): %v, want > 0", got) } - // Check that the signature is correct - j, err := json.Marshal(test.root) - if err != nil { - t.Errorf("json.Marshal err: %v want nil", err) - continue - } - hash, err := objecthash.CommonJSONHash(string(j)) - if err != nil { - t.Errorf("objecthash.CommonJSONHash err: %v want nil", err) - continue - } - if err := Verify(key.Public(), crypto.SHA256, hash[:], sig); err != nil { - t.Errorf("Verify(%v) failed: %v", test.root, err) + + if _, err := VerifySignedMapRoot(key.Public(), crypto.SHA256, smr); err != nil { + t.Errorf("Verify(%v) failed: %v", root, err) } } } diff --git a/crypto/verifier.go b/crypto/verifier.go index 13f12d6790..cf66565869 100644 --- a/crypto/verifier.go +++ b/crypto/verifier.go @@ -19,12 +19,10 @@ import ( "crypto/ecdsa" "crypto/rsa" "encoding/asn1" - "encoding/json" "errors" "fmt" "math/big" - "github.com/benlaurie/objecthash/go/objecthash" "github.com/google/trillian" "github.com/google/trillian/types" ) @@ -44,17 +42,18 @@ func VerifySignedLogRoot(pub crypto.PublicKey, hash crypto.Hash, r *trillian.Sig return &logRoot, nil } -// VerifyObject verifies the output of Signer.SignObject. -func VerifyObject(pub crypto.PublicKey, hash crypto.Hash, obj interface{}, sig []byte) error { - j, err := json.Marshal(obj) - if err != nil { - return err +// VerifySignedMapRoot verifies the signature on the SignedMapRoot. +// VerifySignedMapRoot returns MapRootV1 to encourage safe API use. +// It should be the only function available to clients that returns MapRootV1. +func VerifySignedMapRoot(pub crypto.PublicKey, hash crypto.Hash, smr *trillian.SignedMapRoot) (*types.MapRootV1, error) { + if err := Verify(pub, hash, smr.MapRoot, smr.Signature); err != nil { + return nil, err } - digest, err := objecthash.CommonJSONHash(string(j)) - if err != nil { - return fmt.Errorf("CommonJSONHash(%s): %v", j, err) + var root types.MapRootV1 + if err := root.UnmarshalBinary(smr.MapRoot); err != nil { + return nil, err } - return Verify(pub, hash, digest[:], sig) + return &root, nil } // Verify cryptographically verifies the output of Signer. diff --git a/crypto/verifier_test.go b/crypto/verifier_test.go index 48180fb4a4..250192ccda 100644 --- a/crypto/verifier_test.go +++ b/crypto/verifier_test.go @@ -18,9 +18,7 @@ import ( "crypto" "testing" - "github.com/google/trillian" "github.com/google/trillian/crypto/keys/pem" - "github.com/google/trillian/examples/ct/ctmapper/ctmapperpb" "github.com/google/trillian/testonly" ) @@ -83,53 +81,3 @@ func TestSignVerify(t *testing.T) { } } } - -func TestSignVerifyObject(t *testing.T) { - key, err := pem.UnmarshalPrivateKey(testonly.DemoPrivateKey, testonly.DemoPrivateKeyPass) - if err != nil { - t.Fatalf("Failed to open test key, err=%v", err) - } - signer := NewSigner(0, key, crypto.SHA256) - - type subfield struct { - c int - } - - meta := testonly.MustMarshalAnyNoT(&ctmapperpb.MapperMetadata{}) - meta0 := testonly.MustMarshalAnyNoT(&ctmapperpb.MapperMetadata{HighestFullyCompletedSeq: 0}) - meta1 := testonly.MustMarshalAnyNoT(&ctmapperpb.MapperMetadata{HighestFullyCompletedSeq: 1}) - - for _, tc := range []struct { - obj interface{} - }{ - {meta}, - {meta0}, - {meta1}, - - {&trillian.SignedMapRoot{}}, - {&trillian.SignedMapRoot{ - MapId: 0xcafe, - }}, - {&trillian.SignedMapRoot{Metadata: meta}}, - {&trillian.SignedMapRoot{Metadata: meta0}}, - {&trillian.SignedMapRoot{Metadata: meta1}}, - {struct{ a string }{a: "foo"}}, - {struct { - a int - b *subfield - }{a: 1, b: &subfield{c: 0}}}, - {struct { - a int - b *subfield - }{a: 1, b: nil}}, - } { - sig, err := signer.SignObject(tc.obj) - if err != nil { - t.Errorf("SignObject(%#v): %v", tc.obj, err) - continue - } - if err := VerifyObject(key.Public(), crypto.SHA256, tc.obj, sig); err != nil { - t.Errorf("SignObject(%#v): %v", tc.obj, err) - } - } -} diff --git a/examples/ct/ctmapper/mapper/mapper.go b/examples/ct/ctmapper/mapper/mapper.go index fe8ccef00c..ca1787bb80 100644 --- a/examples/ct/ctmapper/mapper/mapper.go +++ b/examples/ct/ctmapper/mapper/mapper.go @@ -29,6 +29,7 @@ import ( "github.com/google/trillian" "github.com/google/trillian/examples/ct/ctmapper" "github.com/google/trillian/examples/ct/ctmapper/ctmapperpb" + "github.com/google/trillian/types" "google.golang.org/grpc" pb "github.com/golang/protobuf/proto" @@ -81,11 +82,14 @@ func (m *CTMapper) oneMapperRun(ctx context.Context) (bool, error) { return false, err } + var mapRoot types.MapRootV1 + if err := mapRoot.UnmarshalBinary(getRootResp.GetMapRoot().GetMapRoot()); err != nil { + return false, err + } + mapperMetadata := &ctmapperpb.MapperMetadata{} - if getRootResp.GetMapRoot().Metadata != nil { - if err := proto.Unmarshal(getRootResp.MapRoot.Metadata, mapperMetadata); err != nil { - return false, fmt.Errorf("failed to unmarshal MapRoot.Metadata: %v", err) - } + if err := proto.Unmarshal(mapRoot.Metadata, mapperMetadata); err != nil { + return false, fmt.Errorf("failed to unmarshal MapRoot.Metadata: %v", err) } startEntry := mapperMetadata.HighestFullyCompletedSeq + 1 diff --git a/integration/maptest/map.go b/integration/maptest/map.go index dd32a61784..20b9250a65 100644 --- a/integration/maptest/map.go +++ b/integration/maptest/map.go @@ -28,6 +28,7 @@ import ( "github.com/google/trillian/client" "github.com/google/trillian/examples/ct/ctmapper/ctmapperpb" "github.com/google/trillian/testonly" + "github.com/google/trillian/types" stestonly "github.com/google/trillian/storage/testonly" ) @@ -68,36 +69,39 @@ func createBatchLeaves(batch, n int) []*trillian.MapLeaf { } func isEmptyMap(ctx context.Context, tmap trillian.TrillianMapClient, tree *trillian.Tree) error { - r, err := tmap.GetSignedMapRoot(ctx, &trillian.GetSignedMapRootRequest{ - MapId: tree.TreeId, - }) + r, err := tmap.GetSignedMapRoot(ctx, &trillian.GetSignedMapRootRequest{MapId: tree.TreeId}) if err != nil { return fmt.Errorf("failed to get empty map head: %v", err) } - if got, want := r.GetMapRoot().GetMapRevision(), int64(0); got != want { + var mapRoot types.MapRootV1 + if err := mapRoot.UnmarshalBinary(r.GetMapRoot().GetMapRoot()); err != nil { + return err + } + + if got, want := mapRoot.Revision, uint64(0); got != want { return fmt.Errorf("got SMR with revision %d, want %d", got, want) } return nil } -func verifyGetSignedMapRootResponse(mapVerifier *client.MapVerifier, mapRoot *trillian.SignedMapRoot, - wantRevision int64, wantTreeID int64) error { - if got, want := mapRoot.GetMapRevision(), wantRevision; got != want { - return fmt.Errorf("got SMR with revision %d, want %d", got, want) +func verifyGetSignedMapRootResponse(mapVerifier *client.MapVerifier, mapRoot *trillian.SignedMapRoot, wantRevision int64) error { + root, err := mapVerifier.VerifySignedMapRoot(mapRoot) + if err != nil { + return err } - if got, want := mapRoot.GetMapId(), wantTreeID; got != want { - return fmt.Errorf("got TreeID %d, want %d", got, want) + if got, want := int64(root.Revision), wantRevision; got != want { + return fmt.Errorf("got SMR with revision %d, want %d", got, want) } - return mapVerifier.VerifySignedMapRoot(mapRoot) + return nil } func verifyGetMapLeavesResponse(mapVerifier *client.MapVerifier, getResp *trillian.GetMapLeavesResponse, indexes [][]byte, - wantRevision int64, wantTreeID int64) error { + wantRevision int64) error { if got, want := len(getResp.GetMapLeafInclusion()), len(indexes); got != want { return fmt.Errorf("got %d values, want %d", got, want) } - if err := verifyGetSignedMapRootResponse(mapVerifier, getResp.GetMapRoot(), wantRevision, wantTreeID); err != nil { + if err := verifyGetSignedMapRootResponse(mapVerifier, getResp.GetMapRoot(), wantRevision); err != nil { return err } for _, incl := range getResp.GetMapLeafInclusion() { @@ -105,7 +109,7 @@ func verifyGetMapLeavesResponse(mapVerifier *client.MapVerifier, getResp *trilli index := incl.GetLeaf().GetIndex() leafHash := incl.GetLeaf().GetLeafHash() - wantLeafHash, err := mapVerifier.Hasher.HashLeaf(wantTreeID, index, leaf) + wantLeafHash, err := mapVerifier.Hasher.HashLeaf(mapVerifier.MapID, index, leaf) if err != nil { return err } @@ -171,7 +175,7 @@ func RunMapRevisionZero(ctx context.Context, t *testing.T, tadmin trillian.Trill if err != nil { t.Fatalf("GetSignedMapRoot(): %v", err) } - if err := verifyGetSignedMapRootResponse(mapVerifier, getSmrResp.GetMapRoot(), tc.wantRev, tree.TreeId); err != nil { + if err := verifyGetSignedMapRootResponse(mapVerifier, getSmrResp.GetMapRoot(), tc.wantRev); err != nil { t.Errorf("verifyGetSignedMapRootResponse(rev %v): %v", tc.wantRev, err) } @@ -182,7 +186,7 @@ func RunMapRevisionZero(ctx context.Context, t *testing.T, tadmin trillian.Trill if err != nil { t.Errorf("GetSignedMapRootByRevision(): %v", err) } - if err := verifyGetSignedMapRootResponse(mapVerifier, getSmrByRevResp.GetMapRoot(), tc.wantRev, tree.TreeId); err != nil { + if err := verifyGetSignedMapRootResponse(mapVerifier, getSmrByRevResp.GetMapRoot(), tc.wantRev); err != nil { t.Errorf("verifyGetSignedMapRootResponse(rev %v): %v", tc.wantRev, err) } @@ -318,14 +322,13 @@ func RunLeafHistory(ctx context.Context, t *testing.T, tadmin trillian.TrillianA } for _, batch := range tc.set { - setResp, err := tmap.SetLeaves(ctx, &trillian.SetMapLeavesRequest{ + _, err := tmap.SetLeaves(ctx, &trillian.SetMapLeavesRequest{ MapId: tree.TreeId, Leaves: batch, }) if err != nil { t.Fatalf("SetLeaves(): %v", err) } - glog.Infof("Rev: %v Set(): %x", setResp.GetMapRoot().GetMapRevision(), setResp.GetMapRoot().GetRootHash()) } for _, batch := range tc.get { @@ -339,7 +342,6 @@ func RunLeafHistory(ctx context.Context, t *testing.T, tadmin trillian.TrillianA t.Errorf("GetLeavesByRevision(rev: %d)=_, err %v want nil", batch.revision, err) continue } - glog.Infof("Rev: %v Get(): %x", getResp.GetMapRoot().GetMapRevision(), getResp.GetMapRoot().GetRootHash()) if got, want := len(getResp.GetMapLeafInclusion()), 1; got < want { t.Errorf("GetLeavesByRevision(rev: %v).len: %v, want >= %v", batch.revision, got, want) @@ -348,7 +350,7 @@ func RunLeafHistory(ctx context.Context, t *testing.T, tadmin trillian.TrillianA t.Errorf("GetLeavesByRevision(rev: %v).LeafValue: %s, want %s", batch.revision, got, want) } - if err := verifyGetMapLeavesResponse(mapVerifier, getResp, indexes, int64(batch.revision), tree.TreeId); err != nil { + if err := verifyGetMapLeavesResponse(mapVerifier, getResp, indexes, int64(batch.revision)); err != nil { t.Errorf("verifyGetMapLeavesResponse(rev %v): %v", batch.revision, err) } } @@ -423,7 +425,7 @@ func RunInclusion(ctx context.Context, t *testing.T, tadmin trillian.TrillianAdm t.Fatalf("GetLeaves(): %v", err) } - if err := verifyGetMapLeavesResponse(mapVerifier, getResp, indexes, 1, tree.TreeId); err != nil { + if err := verifyGetMapLeavesResponse(mapVerifier, getResp, indexes, 1); err != nil { t.Errorf("verifyGetMapLeavesResponse(): %v", err) } }) @@ -506,15 +508,13 @@ func runMapBatchTest(ctx context.Context, t *testing.T, desc string, tmap trilli } // Check your head - r, err := tmap.GetSignedMapRoot(ctx, &trillian.GetSignedMapRootRequest{ - MapId: tree.TreeId, - }) + r, err := tmap.GetSignedMapRoot(ctx, &trillian.GetSignedMapRootRequest{MapId: tree.TreeId}) if err != nil || r.MapRoot == nil { t.Fatalf("%s: failed to get map head: %v", desc, err) } - if got, want := r.MapRoot.MapRevision, int64(numBatches); got != want { - t.Fatalf("%s: got SMR with revision %d, want %d", desc, got, want) + if err := verifyGetSignedMapRootResponse(mapVerifier, r.GetMapRoot(), int64(numBatches)); err != nil { + t.Fatalf("%s: %v", desc, err) } // Shuffle the indexes. Map access is randomized. @@ -539,7 +539,7 @@ func runMapBatchTest(ctx context.Context, t *testing.T, desc string, tmap trilli continue } - if err := verifyGetMapLeavesResponse(mapVerifier, getResp, indexes, int64(numBatches), tree.TreeId); err != nil { + if err := verifyGetMapLeavesResponse(mapVerifier, getResp, indexes, int64(numBatches)); err != nil { t.Errorf("%s: batch %v: verifyGetMapLeavesResponse(): %v", desc, i, err) continue } diff --git a/server/map_rpc_server.go b/server/map_rpc_server.go index 44e8f510c7..0f02e7e74c 100644 --- a/server/map_rpc_server.go +++ b/server/map_rpc_server.go @@ -24,6 +24,7 @@ import ( "github.com/google/trillian/merkle/hashers" "github.com/google/trillian/storage" "github.com/google/trillian/trees" + "github.com/google/trillian/types" "github.com/golang/glog" "golang.org/x/net/context" @@ -104,7 +105,12 @@ func (t *TrillianMapServer) getLeavesByRevision(ctx context.Context, mapID int64 root = &r } - smtReader := merkle.NewSparseMerkleTreeReader(root.MapRevision, hasher, tx) + var mapRoot types.MapRootV1 + if err := mapRoot.UnmarshalBinary(root.MapRoot); err != nil { + return nil, err + } + + smtReader := merkle.NewSparseMerkleTreeReader(int64(mapRoot.Revision), hasher, tx) inclusions := make([]*trillian.MapLeafInclusion, 0, len(indices)) found := 0 @@ -114,7 +120,7 @@ func (t *TrillianMapServer) getLeavesByRevision(ctx context.Context, mapID int64 "index len(%x): %v, want %v", index, got, want) } // Fetch the leaf if it exists. - leaves, err := tx.Get(ctx, root.MapRevision, [][]byte{index}) + leaves, err := tx.Get(ctx, int64(mapRoot.Revision), [][]byte{index}) if err != nil { return nil, fmt.Errorf("could not fetch leaf %x: %v", index, err) } @@ -136,7 +142,7 @@ func (t *TrillianMapServer) getLeavesByRevision(ctx context.Context, mapID int64 } // Fetch the proof regardless of whether the leaf exists. - proof, err := smtReader.InclusionProof(ctx, root.MapRevision, index) + proof, err := smtReader.InclusionProof(ctx, int64(mapRoot.Revision), index) if err != nil { return nil, fmt.Errorf("could not get inclusion proof for leaf %x: %v", index, err) } @@ -237,23 +243,21 @@ func (t *TrillianMapServer) SetLeaves(ctx context.Context, req *trillian.SetMapL func (t *TrillianMapServer) makeSignedMapRoot(ctx context.Context, tree *trillian.Tree, smrTs time.Time, rootHash []byte, mapID, revision int64, meta []byte) (*trillian.SignedMapRoot, error) { - smr := &trillian.SignedMapRoot{ - TimestampNanos: smrTs.UnixNano(), + smr := &types.MapRootV1{ RootHash: rootHash, - MapId: mapID, - MapRevision: revision, + TimestampNanos: uint64(smrTs.UnixNano()), + Revision: uint64(revision), Metadata: meta, } signer, err := trees.Signer(ctx, tree) if err != nil { return nil, fmt.Errorf("trees.Signer(): %v", err) } - sig, err := signer.SignMapRoot(smr) + root, err := signer.SignMapRoot(smr) if err != nil { return nil, fmt.Errorf("SignMapRoot(): %v", err) } - smr.Signature = sig - return smr, nil + return root, nil } // GetSignedMapRoot implements the GetSignedMapRoot RPC method. @@ -351,7 +355,7 @@ func (t *TrillianMapServer) InitMap(ctx context.Context, req *trillian.InitMapRe return status.Errorf(codes.FailedPrecondition, "LatestSignedMapRoot(): %v", err) } // Belt and braces check. - if latestRoot.GetRootHash() != nil { + if latestRoot.GetMapRoot() != nil { return status.Errorf(codes.AlreadyExists, "map is already initialised") } diff --git a/server/map_rpc_server_test.go b/server/map_rpc_server_test.go index e1097faee3..2de4efe891 100644 --- a/server/map_rpc_server_test.go +++ b/server/map_rpc_server_test.go @@ -30,27 +30,7 @@ import ( "google.golang.org/grpc/status" ) -const ( - mapID1 = int64(1) -) - -var ( - signedMapRootID1Rev0 = trillian.SignedMapRoot{ - TimestampNanos: 1508235889834964600, - RootHash: []byte("\306h\237\020\201*\t\200\227m\2253\3308u(!f\025\225g\3545\025W\026\301A:\365=j"), - Signature: []byte("0F\002!\000\307b\255\223\353\23615&\022\263\323\341\342+\276\274$\rX?\366\014U\362\006\376\0269rcm\002!\000\241*\255\220\301\263D\033\275\374\340A\377\337\354\202\331%au\3179\000O\r9\237\302\021\r\363\263"), - MapId: mapID1, - MapRevision: 0, - } - - signedMapRootID1Rev1 = trillian.SignedMapRoot{ - TimestampNanos: 1508235889834964600, - RootHash: []byte("\306h\237\020\201*\t\200\227m\2253\3308u(!f\025\225g\3545\025W\026\301A:\365=j"), - Signature: []byte("0F\002!\000\307b\255\223\353\23615&\022\263\323\341\342+\276\274$\rX?\366\014U\362\006\376\0269rcm\002!\000\241*\255\220\301\263D\033\275\374\340A\377\337\354\202\331%au\3179\000O\r9\237\302\021\r\363\263"), - MapId: mapID1, - MapRevision: 1, - } -) +const mapID1 = int64(1) func TestIsHealthy(t *testing.T) { ctrl := gomock.NewController(t) @@ -105,7 +85,7 @@ func TestInitMap(t *testing.T) { mockTX.EXPECT().LatestSignedMapRoot(gomock.Any()).Return(trillian.SignedMapRoot{}, tc.getRootErr) } else { mockTX.EXPECT().LatestSignedMapRoot(gomock.Any()).Return( - trillian.SignedMapRoot{RootHash: tc.root}, nil) + trillian.SignedMapRoot{MapRoot: tc.root}, nil) } mockTX.EXPECT().IsOpen().AnyTimes().Return(false) @@ -187,12 +167,12 @@ func TestGetSignedMapRoot(t *testing.T) { { desc: "Map is empty, head at revision 0", req: &trillian.GetSignedMapRootRequest{MapId: mapID1}, - mapRoot: signedMapRootID1Rev0, + mapRoot: trillian.SignedMapRoot{Signature: []byte("notempty")}, }, { desc: "Map has leaves, head > revision 0", req: &trillian.GetSignedMapRootRequest{MapId: mapID1}, - mapRoot: signedMapRootID1Rev1, + mapRoot: trillian.SignedMapRoot{Signature: []byte("notempty2")}, }, { desc: "LatestSignedMapRoot returns error", @@ -303,9 +283,11 @@ func TestGetSignedMapRootByRevision(t *testing.T) { wantErr: true, }, { - desc: "Request revision >0 for non-empty map", - req: &trillian.GetSignedMapRootByRevisionRequest{MapId: mapID1, Revision: 1}, - mapRoot: signedMapRootID1Rev1, + desc: "Request revision >0 for non-empty map", + req: &trillian.GetSignedMapRootByRevisionRequest{MapId: mapID1, Revision: 1}, + mapRoot: trillian.SignedMapRoot{ + Signature: []byte("0F\002!\000\307b\255\223\353\23615&\022\263\323\341\342+\276\274$\rX?\366\014U\362\006\376\0269rcm\002!\000\241*\255\220\301\263D\033\275\374\340A\377\337\354\202\331%au\3179\000O\r9\237\302\021\r\363\263"), + }, }, } diff --git a/storage/mysql/map_storage.go b/storage/mysql/map_storage.go index 3e412a0c91..893d4bdab6 100644 --- a/storage/mysql/map_storage.go +++ b/storage/mysql/map_storage.go @@ -22,6 +22,7 @@ import ( "github.com/google/trillian/merkle/hashers" "github.com/google/trillian/storage" "github.com/google/trillian/storage/cache" + "github.com/google/trillian/types" "github.com/golang/glog" "github.com/golang/protobuf/proto" @@ -117,7 +118,11 @@ func (m *mySQLMapStorage) begin(ctx context.Context, tree *trillian.Tree) (stora return mtx, err } - mtx.treeTX.writeRevision = mtx.root.MapRevision + 1 + if err := mtx.smr.UnmarshalBinary(mtx.root.MapRoot); err != nil { + return nil, err + } + + mtx.treeTX.writeRevision = int64(mtx.smr.Revision) + 1 return mtx, nil } @@ -143,10 +148,11 @@ type mapTreeTX struct { treeTX ms *mySQLMapStorage root trillian.SignedMapRoot + smr types.MapRootV1 } func (m *mapTreeTX) ReadRevision() int64 { - return m.root.MapRevision + return int64(m.smr.Revision) } func (m *mapTreeTX) WriteRevision() int64 { @@ -276,18 +282,29 @@ func (m *mapTreeTX) LatestSignedMapRoot(ctx context.Context) (trillian.SignedMap return m.signedMapRoot(timestamp, mapRevision, rootHash, rootSignatureBytes, mapperMetaBytes) } -func (m *mapTreeTX) signedMapRoot(timestamp, mapRevision int64, rootHash, rootSignatureBytes, mapperMetaBytes []byte) (trillian.SignedMapRoot, error) { - return trillian.SignedMapRoot{ +func (m *mapTreeTX) signedMapRoot(timestamp, mapRevision int64, rootHash, rootSignature, mapperMeta []byte) (trillian.SignedMapRoot, error) { + mapRoot, err := (&types.MapRootV1{ RootHash: rootHash, - TimestampNanos: timestamp, - MapRevision: mapRevision, - Signature: rootSignatureBytes, - MapId: m.treeID, - Metadata: mapperMetaBytes, + TimestampNanos: uint64(timestamp), + Revision: uint64(mapRevision), + Metadata: mapperMeta, + }).MarshalBinary() + if err != nil { + return trillian.SignedMapRoot{}, err + } + + return trillian.SignedMapRoot{ + MapRoot: mapRoot, + Signature: rootSignature, }, nil } func (m *mapTreeTX) StoreSignedMapRoot(ctx context.Context, root trillian.SignedMapRoot) error { + var r types.MapRootV1 + if err := r.UnmarshalBinary(root.MapRoot); err != nil { + return err + } + stmt, err := m.tx.PrepareContext(ctx, insertMapHeadSQL) if err != nil { return err @@ -295,7 +312,7 @@ func (m *mapTreeTX) StoreSignedMapRoot(ctx context.Context, root trillian.Signed defer stmt.Close() // TODO(al): store transactionLogHead too - res, err := stmt.ExecContext(ctx, m.treeID, root.TimestampNanos, root.RootHash, root.MapRevision, root.Signature, root.Metadata) + res, err := stmt.ExecContext(ctx, m.treeID, r.TimestampNanos, r.RootHash, r.Revision, root.Signature, r.Metadata) if err != nil { glog.Warningf("Failed to store signed map root: %s", err) diff --git a/storage/mysql/map_storage_test.go b/storage/mysql/map_storage_test.go index 856a820317..da3ff70c2a 100644 --- a/storage/mysql/map_storage_test.go +++ b/storage/mysql/map_storage_test.go @@ -15,7 +15,9 @@ package mysql import ( + "bytes" "context" + "crypto" "database/sql" "fmt" "strings" @@ -27,11 +29,23 @@ import ( "github.com/google/trillian/storage" "github.com/google/trillian/storage/testdb" "github.com/google/trillian/testonly" + "github.com/google/trillian/types" "github.com/kylelemons/godebug/pretty" + tcrypto "github.com/google/trillian/crypto" storageto "github.com/google/trillian/storage/testonly" ) +var fixedSigner = tcrypto.NewSigner(0, testonly.NewSignerWithFixedSig(nil, []byte("notempty")), crypto.SHA256) + +func MustSignMapRoot(root *types.MapRootV1) *trillian.SignedMapRoot { + r, err := fixedSigner.SignMapRoot(root) + if err != nil { + panic(fmt.Sprintf("SignMapRoot(): %v", err)) + } + return r +} + func TestMySQLMapStorage_CheckDatabaseAccessible(t *testing.T) { if provider := testdb.Default(); !provider.IsMySQL() { t.Skipf("Inhibited due to known issue (#896) on SQL driver: %q", provider.Driver) @@ -145,24 +159,29 @@ func TestMapReadWriteTransaction(t *testing.T) { t.Run(test.desc, func(t *testing.T) { err := s.ReadWriteTransaction(ctx, test.tree, func(ctx context.Context, tx storage.MapTreeTX) error { root, err := tx.LatestSignedMapRoot(ctx) - if err != nil && !strings.Contains(err.Error(), test.wantRootErr) { - t.Errorf("%v: LatestSignedMapRoot() returned err = %v", test.desc, err) + if err != nil { + if !strings.Contains(err.Error(), test.wantRootErr) { + t.Errorf("LatestSignedMapRoot() returned err = %v", err) + } + return nil } - if err == nil && len(test.wantRootErr) != 0 { - t.Errorf("%v: LatestSignedMapRoot() returned err = %v, want: nil", test.desc, err) + if len(test.wantRootErr) != 0 { + t.Fatalf("LatestSignedMapRoot() returned err = %v, want: nil", err) } - if err == nil { - if got, want := tx.WriteRevision(), test.wantTXRev; got != want { - t.Errorf("%v: WriteRevision() = %v, want = %v", test.desc, got, want) - } - if got, want := root.MapRevision, test.wantRev; got != want { - t.Errorf("%v: TreeRevision() = %v, want = %v", test.desc, got, want) - } + var mapRoot types.MapRootV1 + if err := mapRoot.UnmarshalBinary(root.MapRoot); err != nil { + t.Fatalf("UmarshalBinary(): %v", err) + } + if got, want := tx.WriteRevision(), test.wantTXRev; got != want { + t.Errorf("WriteRevision() = %v, want = %v", got, want) + } + if got, want := int64(mapRoot.Revision), test.wantRev; got != want { + t.Errorf("TreeRevision() = %v, want = %v", got, want) } return nil }) if hasErr := err != nil; hasErr != test.wantErr { - t.Fatalf("%v: err = %q, wantErr = %v", test.desc, err, test.wantErr) + t.Fatalf("err = %q, wantErr = %v", err, test.wantErr) } else if hasErr { return } @@ -184,55 +203,47 @@ func TestMapRootUpdate(t *testing.T) { for _, tc := range []struct { desc string - root trillian.SignedMapRoot + root *trillian.SignedMapRoot wantMetadata []byte }{ { desc: "Initial root", - root: trillian.SignedMapRoot{ - MapId: tree.TreeId, + root: MustSignMapRoot(&types.MapRootV1{ TimestampNanos: 98765, - MapRevision: 5, + Revision: 5, RootHash: []byte(dummyHash), - Signature: []byte("notempty"), - }, + }), }, { desc: "Root update", - root: trillian.SignedMapRoot{ - MapId: tree.TreeId, + root: MustSignMapRoot(&types.MapRootV1{ TimestampNanos: 98766, - MapRevision: 6, + Revision: 6, RootHash: []byte(dummyHash), - Signature: []byte("notempty"), - }, + }), }, { desc: "Root with default (empty) MapperMetadata", - root: trillian.SignedMapRoot{ - MapId: tree.TreeId, + root: MustSignMapRoot(&types.MapRootV1{ TimestampNanos: 98768, - MapRevision: 7, + Revision: 7, RootHash: []byte(dummyHash), - Signature: []byte("notempty"), - }, + }), }, { desc: "Root with non-default (populated) MapperMetadata", - root: trillian.SignedMapRoot{ - MapId: tree.TreeId, + root: MustSignMapRoot(&types.MapRootV1{ TimestampNanos: 98769, - MapRevision: 8, + Revision: 8, RootHash: []byte(dummyHash), - Signature: []byte("notempty"), Metadata: populatedMetadata, - }, + }), wantMetadata: populatedMetadata, }, } { func() { runMapTX(ctx, s, tree, t, func(ctx context.Context, tx storage.MapTreeTX) error { - if err := tx.StoreSignedMapRoot(ctx, tc.root); err != nil { + if err := tx.StoreSignedMapRoot(ctx, *tc.root); err != nil { t.Fatalf("%v: Failed to store signed map root: %v", tc.desc, err) } return nil @@ -241,14 +252,17 @@ func TestMapRootUpdate(t *testing.T) { func() { runMapTX(ctx, s, tree, t, func(ctx context.Context, tx storage.MapTreeTX) error { - root, err := tx.LatestSignedMapRoot(ctx) + smr, err := tx.LatestSignedMapRoot(ctx) if err != nil { t.Fatalf("%v: Failed to read back new map root: %v", tc.desc, err) } - want := proto.Clone(&tc.root).(*trillian.SignedMapRoot) - want.Metadata = tc.wantMetadata - if got := &root; !proto.Equal(got, want) { + var root types.MapRootV1 + if err := root.UnmarshalBinary(smr.MapRoot); err != nil { + t.Fatalf("%v: UnmarshalBinary(): %v", tc.desc, err) + } + + if got, want := root.Metadata, tc.wantMetadata; !bytes.Equal(got, want) { t.Errorf("%v: LatestSignedMapRoot() diff(-got, +want) \n%v", tc.desc, pretty.Compare(got, want)) } return nil @@ -462,7 +476,7 @@ func TestLatestSignedMapRootNoneWritten(t *testing.T) { if err != nil { t.Fatalf("Failed to read an empty map root: %v", err) } - if root.MapId != 0 || len(root.RootHash) != 0 || root.Signature != nil { + if len(root.MapRoot) != 0 || root.Signature != nil { t.Fatalf("Read a root with contents when it should be empty: %v", root) } return nil @@ -480,15 +494,13 @@ func TestGetSignedMapRoot(t *testing.T) { s := NewMapStorage(DB) revision := int64(5) - root := trillian.SignedMapRoot{ - MapId: tree.TreeId, + root := MustSignMapRoot(&types.MapRootV1{ TimestampNanos: 98765, - MapRevision: revision, + Revision: uint64(revision), RootHash: []byte(dummyHash), - Signature: []byte("notempty"), - } + }) runMapTX(ctx, s, tree, t, func(ctx context.Context, tx storage.MapTreeTX) error { - if err := tx.StoreSignedMapRoot(ctx, root); err != nil { + if err := tx.StoreSignedMapRoot(ctx, *root); err != nil { t.Fatalf("Failed to store signed root: %v", err) } return nil @@ -500,7 +512,7 @@ func TestGetSignedMapRoot(t *testing.T) { if err != nil { t.Fatalf("Failed to get back new map root: %v", err) } - if !proto.Equal(&root, &root2) { + if !proto.Equal(root, &root2) { t.Fatalf("Getting root round trip failed: <%#v> and: <%#v>", root, root2) } return nil @@ -518,15 +530,13 @@ func TestLatestSignedMapRoot(t *testing.T) { tree := createInitializedMapForTests(ctx, t, DB) s := NewMapStorage(DB) - root := trillian.SignedMapRoot{ - MapId: tree.TreeId, + root := MustSignMapRoot(&types.MapRootV1{ TimestampNanos: 98765, - MapRevision: 5, + Revision: 5, RootHash: []byte(dummyHash), - Signature: []byte("notempty"), - } + }) runMapTX(ctx, s, tree, t, func(ctx context.Context, tx storage.MapTreeTX) error { - if err := tx.StoreSignedMapRoot(ctx, root); err != nil { + if err := tx.StoreSignedMapRoot(ctx, *root); err != nil { t.Fatalf("Failed to store signed root: %v", err) } return nil @@ -538,7 +548,7 @@ func TestLatestSignedMapRoot(t *testing.T) { if err != nil { t.Fatalf("Failed to read back new map root: %v", err) } - if !proto.Equal(&root, &root2) { + if !proto.Equal(root, &root2) { t.Fatalf("Root round trip failed: <%#v> and: <%#v>", root, root2) } return nil @@ -557,18 +567,16 @@ func TestDuplicateSignedMapRoot(t *testing.T) { s := NewMapStorage(DB) runMapTX(ctx, s, tree, t, func(ctx context.Context, tx storage.MapTreeTX) error { - root := trillian.SignedMapRoot{ - MapId: tree.TreeId, + root := MustSignMapRoot(&types.MapRootV1{ TimestampNanos: 98765, - MapRevision: 5, + Revision: 5, RootHash: []byte(dummyHash), - Signature: []byte("notempty"), - } - if err := tx.StoreSignedMapRoot(ctx, root); err != nil { + }) + if err := tx.StoreSignedMapRoot(ctx, *root); err != nil { t.Fatalf("Failed to store signed map root: %v", err) } // Shouldn't be able to do it again - if err := tx.StoreSignedMapRoot(ctx, root); err == nil { + if err := tx.StoreSignedMapRoot(ctx, *root); err == nil { t.Fatal("Allowed duplicate signed map root") } return nil @@ -604,16 +612,15 @@ func createInitializedMapForTests(ctx context.Context, t *testing.T, db *sql.DB) tree := createTreeOrPanic(db, storageto.MapTree) s := NewMapStorage(db) + signer := tcrypto.NewSigner(tree.TreeId, testonly.NewSignerWithFixedSig(nil, []byte("sig")), crypto.SHA256) err := s.ReadWriteTransaction(ctx, tree, func(ctx context.Context, tx storage.MapTreeTX) error { - initialRoot := trillian.SignedMapRoot{ - RootHash: []byte("rootHash"), - Signature: []byte("sig"), - MapId: tree.TreeId, - MapRevision: 0, - } + initialRoot, _ := signer.SignMapRoot(&types.MapRootV1{ + RootHash: []byte("rootHash"), + Revision: 0, + }) - if err := tx.StoreSignedMapRoot(ctx, initialRoot); err != nil { - t.Fatalf("%v: Failed to StoreSignedMapRoot: %v", tree.TreeId, err) + if err := tx.StoreSignedMapRoot(ctx, *initialRoot); err != nil { + t.Fatalf("Failed to StoreSignedMapRoot: %v", err) } return nil }) diff --git a/testonly/hammer/hammer.go b/testonly/hammer/hammer.go index 04c711e50a..beaa283850 100644 --- a/testonly/hammer/hammer.go +++ b/testonly/hammer/hammer.go @@ -30,6 +30,7 @@ import ( "github.com/google/trillian" "github.com/google/trillian/monitoring" "github.com/google/trillian/testonly" + "github.com/google/trillian/types" ) const ( @@ -167,6 +168,16 @@ func (c MapConfig) String() string { c.MapID, c.EPBias, c.Operations, c.EmitInterval, c.IgnoreErrors, c.CheckSignatures) } +// CheckSignature verifies the signature and returns the map root contents. +func CheckSignature(_ *MapConfig, r *trillian.SignedMapRoot) (*types.MapRootV1, error) { + // TODO(gbelvin): verify signatures + var root types.MapRootV1 + if err := root.UnmarshalBinary(r.GetMapRoot()); err != nil { + return nil, err + } + return &root, nil +} + // HitMap performs load/stress operations according to given config. func HitMap(cfg MapConfig) error { ctx := context.Background() @@ -347,7 +358,7 @@ func (s *hammerState) pickCopy() (int, bool) { return rand.Intn(i), true } -func (s *hammerState) updateContents(rev int64, leaves []*trillian.MapLeaf) error { +func (s *hammerState) updateContents(rev uint64, leaves []*trillian.MapLeaf) error { s.mu.Lock() defer s.mu.Unlock() @@ -361,7 +372,7 @@ func (s *hammerState) updateContents(rev int64, leaves []*trillian.MapLeaf) erro s.contents[i] = s.contents[i-1] } // Start from previous map contents - s.contents[0].rev = rev + s.contents[0].rev = int64(rev) s.contents[0].data = make(map[mapKey]string) for k, v := range s.contents[1].data { s.contents[0].data[k] = v @@ -581,7 +592,7 @@ func (s *hammerState) doGetLeaves(ctx context.Context, latest bool) error { label += "-rev" req := &trillian.GetMapLeavesByRevisionRequest{ MapId: s.cfg.MapID, - Revision: rev, + Revision: int64(rev), Index: indices, } rsp, err = s.cfg.Client.GetLeavesByRevision(ctx, req) @@ -595,11 +606,16 @@ func (s *hammerState) doGetLeaves(ctx context.Context, latest bool) error { dumpRespKeyVals(rsp.MapLeafInclusion) } + root, err := CheckSignature(s.cfg, rsp.MapRoot) + if err != nil { + return err + } + // TODO(drysdale): verify inclusion if err := s.checkContents(which, rsp.MapLeafInclusion); err != nil { return fmt.Errorf("incorrect contents of %s(%+v): %v", label, rqMsg, err) } - glog.V(2).Infof("%d: got %d leaves, with SMR(time=%q, rev=%d)", s.cfg.MapID, len(rsp.MapLeafInclusion), timeFromNanos(rsp.MapRoot.TimestampNanos), rsp.MapRoot.MapRevision) + glog.V(2).Infof("%d: got %d leaves, with SMR(time=%q, rev=%d)", s.cfg.MapID, len(rsp.MapLeafInclusion), time.Unix(0, int64(root.TimestampNanos)), root.Revision) return nil } @@ -705,12 +721,16 @@ leafloop: if err != nil { return fmt.Errorf("failed to set-leaves(%+v): %v", req, err) } + root, err := CheckSignature(s.cfg, rsp.MapRoot) + if err != nil { + return err + } s.pushSMR(rsp.MapRoot) - if err := s.updateContents(rsp.MapRoot.MapRevision, leaves); err != nil { + if err := s.updateContents(root.Revision, leaves); err != nil { return err } - glog.V(2).Infof("%d: set %d leaves, new SMR(time=%q, rev=%d)", s.cfg.MapID, len(leaves), timeFromNanos(rsp.MapRoot.TimestampNanos), rsp.MapRoot.MapRevision) + glog.V(2).Infof("%d: set %d leaves, new SMR(time=%q, rev=%d)", s.cfg.MapID, len(leaves), time.Unix(0, int64(root.TimestampNanos)), root.Revision) return nil } @@ -749,34 +769,46 @@ func (s *hammerState) getSMR(ctx context.Context) error { if err != nil { return fmt.Errorf("failed to get-smr: %v", err) } + root, err := CheckSignature(s.cfg, rsp.MapRoot) + if err != nil { + return err + } - // TODO(drysdale): check signature s.pushSMR(rsp.MapRoot) - glog.V(2).Infof("%d: got SMR(time=%q, rev=%d)", s.cfg.MapID, timeFromNanos(rsp.MapRoot.TimestampNanos), rsp.MapRoot.MapRevision) + glog.V(2).Infof("%d: got SMR(time=%q, rev=%d)", s.cfg.MapID, time.Unix(0, int64(root.TimestampNanos)), root.Revision) return nil } func (s *hammerState) getSMRRev(ctx context.Context) error { which := rand.Intn(smrCount) smr := s.previousSMR(which) - if smr == nil || smr.MapRevision < 0 { + if smr == nil || len(smr.MapRoot) == 0 { glog.V(3).Infof("%d: skipping get-smr-rev as no earlier SMR", s.cfg.MapID) return errSkip{} } + smrRoot, err := CheckSignature(s.cfg, smr) + if err != nil { + return err + } + rev := int64(smrRoot.Revision) - req := trillian.GetSignedMapRootByRevisionRequest{MapId: s.cfg.MapID, Revision: smr.MapRevision} - rsp, err := s.cfg.Client.GetSignedMapRootByRevision(ctx, &req) + rsp, err := s.cfg.Client.GetSignedMapRootByRevision(ctx, + &trillian.GetSignedMapRootByRevisionRequest{MapId: s.cfg.MapID, Revision: rev}) if err != nil { - return fmt.Errorf("failed to get-smr-rev(@%d): %v", req.Revision, err) + return fmt.Errorf("failed to get-smr-rev(@%d): %v", rev, err) } - glog.V(2).Infof("%d: got SMR(time=%q, rev=%d)", s.cfg.MapID, timeFromNanos(rsp.MapRoot.TimestampNanos), rsp.MapRoot.MapRevision) + root, err := CheckSignature(s.cfg, rsp.MapRoot) + if err != nil { + return err + } + glog.V(2).Infof("%d: got SMR(time=%q, rev=%d)", s.cfg.MapID, time.Unix(0, int64(root.TimestampNanos)), root.Revision) if !s.cfg.CheckSignatures { rsp.MapRoot.Signature = nil } if !proto.Equal(rsp.MapRoot, smr) { - return fmt.Errorf("get-smr-rev(@%d)=%+v, want %+v", req.Revision, rsp.MapRoot, smr) + return fmt.Errorf("get-smr-rev(@%d)=%+v, want %+v", rev, rsp.MapRoot, smr) } return nil } @@ -806,15 +838,15 @@ func (s *hammerState) getSMRRevInvalid(ctx context.Context) error { return nil } -func timeFromNanos(nanos int64) time.Time { - return time.Unix(nanos/1e9, nanos%1e9) -} - func smrRev(smr *trillian.SignedMapRoot) string { if smr == nil { return "n/a" } - return fmt.Sprintf("%d", smr.MapRevision) + var root types.MapRootV1 + if err := root.UnmarshalBinary(smr.MapRoot); err != nil { + return "unknown" + } + return fmt.Sprintf("%d", root.Revision) } func dehash(index []byte) string { diff --git a/trillian.pb.go b/trillian.pb.go index a328c8f5ac..9dd50a8b0d 100644 --- a/trillian.pb.go +++ b/trillian.pb.go @@ -497,15 +497,24 @@ func (m *SignedLogRoot) GetLogRootSignature() []byte { // SignedMapRoot represents a commitment by a Map to a particular tree. type SignedMapRoot struct { - TimestampNanos int64 `protobuf:"varint,1,opt,name=timestamp_nanos,json=timestampNanos" json:"timestamp_nanos,omitempty"` - RootHash []byte `protobuf:"bytes,2,opt,name=root_hash,json=rootHash,proto3" json:"root_hash,omitempty"` - Signature []byte `protobuf:"bytes,4,opt,name=signature,proto3" json:"signature,omitempty"` - MapId int64 `protobuf:"varint,5,opt,name=map_id,json=mapId" json:"map_id,omitempty"` - MapRevision int64 `protobuf:"varint,6,opt,name=map_revision,json=mapRevision" json:"map_revision,omitempty"` - // Metadata associated with the Map root. This is set by the map personality - // layer in a SetLeaves map request. It could be used to persist state - // needed to recreate the Map from an external data source. - Metadata []byte `protobuf:"bytes,8,opt,name=metadata,proto3" json:"metadata,omitempty"` + // map_root holds the TLS-serialization of the following + // structure (described in RFC5246 notation): + // enum { v1(1), (65535)} Version; + // struct { + // opaque root_hash<0..128>; + // uint64 timestamp_nanos; + // uint64 revision; + // opaque metadata<0..65535>; + // } MapRootV1; + // struct { + // Version version; + // select(version) { + // case v1: MapRootV1; + // } + // } MapRoot; + MapRoot []byte `protobuf:"bytes,9,opt,name=map_root,json=mapRoot,proto3" json:"map_root,omitempty"` + // Signature is the signature over MapRoot. + Signature []byte `protobuf:"bytes,4,opt,name=signature,proto3" json:"signature,omitempty"` } func (m *SignedMapRoot) Reset() { *m = SignedMapRoot{} } @@ -513,16 +522,9 @@ func (m *SignedMapRoot) String() string { return proto.CompactTextStr func (*SignedMapRoot) ProtoMessage() {} func (*SignedMapRoot) Descriptor() ([]byte, []int) { return fileDescriptor3, []int{3} } -func (m *SignedMapRoot) GetTimestampNanos() int64 { +func (m *SignedMapRoot) GetMapRoot() []byte { if m != nil { - return m.TimestampNanos - } - return 0 -} - -func (m *SignedMapRoot) GetRootHash() []byte { - if m != nil { - return m.RootHash + return m.MapRoot } return nil } @@ -534,27 +536,6 @@ func (m *SignedMapRoot) GetSignature() []byte { return nil } -func (m *SignedMapRoot) GetMapId() int64 { - if m != nil { - return m.MapId - } - return 0 -} - -func (m *SignedMapRoot) GetMapRevision() int64 { - if m != nil { - return m.MapRevision - } - return 0 -} - -func (m *SignedMapRoot) GetMetadata() []byte { - if m != nil { - return m.Metadata - } - return nil -} - func init() { proto.RegisterType((*Tree)(nil), "trillian.Tree") proto.RegisterType((*SignedEntryTimestamp)(nil), "trillian.SignedEntryTimestamp") @@ -570,75 +551,74 @@ func init() { func init() { proto.RegisterFile("trillian.proto", fileDescriptor3) } var fileDescriptor3 = []byte{ - // 1111 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x56, 0x5b, 0x6f, 0xdb, 0xb6, - 0x17, 0xaf, 0x6c, 0xc5, 0x96, 0x69, 0x27, 0x51, 0x98, 0x5e, 0x14, 0xf7, 0x8f, 0x7f, 0xbd, 0x6c, - 0xc0, 0xb2, 0x62, 0x70, 0x56, 0x6f, 0x2d, 0x30, 0xf4, 0x61, 0x50, 0x63, 0x25, 0xb6, 0x93, 0xd8, - 0x06, 0xa5, 0x75, 0x68, 0x5f, 0x08, 0xda, 0xe2, 0x64, 0x21, 0xba, 0x41, 0xa2, 0x8b, 0xaa, 0xcf, - 0x03, 0x86, 0x61, 0xfb, 0x7a, 0xfb, 0x3e, 0x03, 0x29, 0x4a, 0x4e, 0xdd, 0x75, 0xdd, 0xc3, 0x5e, - 0x12, 0x9e, 0xf3, 0xbb, 0x90, 0x3e, 0xe7, 0x90, 0x36, 0xd8, 0x63, 0xa9, 0x1f, 0x04, 0x3e, 0x89, - 0xfa, 0x49, 0x1a, 0xb3, 0x18, 0x6a, 0x65, 0xdc, 0xed, 0x2e, 0xd3, 0x3c, 0x61, 0xf1, 0xe9, 0x0d, - 0xcd, 0xb3, 0x64, 0x21, 0xff, 0x15, 0xac, 0xae, 0x21, 0xb1, 0xcc, 0xf7, 0x92, 0x45, 0xf1, 0x57, - 0x22, 0x47, 0x5e, 0x1c, 0x7b, 0x01, 0x3d, 0x15, 0xd1, 0x62, 0xfd, 0xf3, 0x29, 0x89, 0x72, 0x09, - 0xfd, 0x7f, 0x1b, 0x72, 0xd7, 0x29, 0x61, 0x7e, 0x2c, 0xb7, 0xee, 0x3e, 0xda, 0xc6, 0x99, 0x1f, - 0xd2, 0x8c, 0x91, 0x30, 0x29, 0x08, 0xc7, 0xbf, 0x35, 0x81, 0xea, 0xa4, 0x94, 0xc2, 0x07, 0xa0, - 0xc9, 0x52, 0x4a, 0xb1, 0xef, 0x1a, 0x4a, 0x4f, 0x39, 0xa9, 0xa3, 0x06, 0x0f, 0xc7, 0x2e, 0x1c, - 0x00, 0x20, 0x80, 0x8c, 0x11, 0x46, 0x8d, 0x5a, 0x4f, 0x39, 0xd9, 0x1b, 0x1c, 0xf6, 0xab, 0x8f, - 0xc8, 0xc5, 0x36, 0x87, 0x50, 0x8b, 0x95, 0x4b, 0x78, 0x0a, 0x44, 0x80, 0x59, 0x9e, 0x50, 0xa3, - 0x2e, 0x24, 0xf0, 0x7d, 0x89, 0x93, 0x27, 0x14, 0x69, 0x4c, 0xae, 0xe0, 0x73, 0xb0, 0xbb, 0x22, - 0xd9, 0x0a, 0x67, 0x2c, 0x25, 0x8c, 0x7a, 0xb9, 0xa1, 0x0a, 0xd1, 0xfd, 0x8d, 0x68, 0x44, 0xb2, - 0x95, 0x2d, 0x51, 0xd4, 0x59, 0xdd, 0x8a, 0xe0, 0x25, 0xd8, 0x13, 0x62, 0x12, 0x78, 0x71, 0xea, - 0xb3, 0x55, 0x68, 0xec, 0x08, 0xf5, 0x17, 0xfd, 0xa2, 0x8a, 0x43, 0xdf, 0xf3, 0x19, 0x09, 0x82, - 0xdc, 0xf6, 0xbd, 0x88, 0xba, 0xc2, 0xca, 0x2c, 0xb9, 0x48, 0x6c, 0x5c, 0x85, 0xf0, 0x35, 0x38, - 0xcc, 0x7c, 0x2f, 0x22, 0x6c, 0x9d, 0xd2, 0x5b, 0x8e, 0x0d, 0xe1, 0xf8, 0xd5, 0x47, 0x1c, 0xed, - 0x52, 0xb1, 0xb1, 0x85, 0xd9, 0x07, 0x39, 0xf8, 0x19, 0xe8, 0xb8, 0x7e, 0x96, 0x04, 0x24, 0xc7, - 0x11, 0x09, 0xa9, 0xa1, 0xf5, 0x94, 0x93, 0x16, 0x6a, 0xcb, 0xdc, 0x94, 0x84, 0x14, 0xf6, 0x40, - 0xdb, 0xa5, 0xd9, 0x32, 0xf5, 0x13, 0xde, 0x45, 0xa3, 0x25, 0x19, 0x9b, 0x14, 0x7c, 0x0a, 0xda, - 0x49, 0xea, 0xbf, 0x21, 0x8c, 0xe2, 0x1b, 0x9a, 0x1b, 0x9d, 0x9e, 0x72, 0xd2, 0x1e, 0xdc, 0xed, - 0x17, 0x8d, 0xee, 0x97, 0x8d, 0xee, 0x9b, 0x51, 0x8e, 0x80, 0x24, 0x5e, 0xd2, 0x1c, 0xfe, 0x00, - 0xf4, 0x8c, 0xc5, 0x29, 0xf1, 0x28, 0xce, 0x28, 0x63, 0x7e, 0xe4, 0x65, 0xc6, 0xee, 0x3f, 0x68, - 0xf7, 0x25, 0xdb, 0x96, 0x64, 0xf8, 0x0d, 0x00, 0xc9, 0x7a, 0x11, 0xf8, 0x4b, 0xb1, 0xed, 0x9e, - 0x90, 0x1e, 0xf4, 0xe5, 0x08, 0xcf, 0x05, 0x72, 0x49, 0x73, 0xd4, 0x4a, 0xca, 0x25, 0xb4, 0xc0, - 0x41, 0x48, 0xde, 0xe2, 0x34, 0x8e, 0x19, 0x2e, 0xe7, 0xd2, 0xd8, 0x17, 0xc2, 0xa3, 0x0f, 0xf6, - 0x1c, 0x4a, 0x02, 0xda, 0x0f, 0xc9, 0x5b, 0x14, 0xc7, 0xac, 0x4c, 0xc0, 0xe7, 0xa0, 0xbd, 0x4c, - 0x29, 0xff, 0xbc, 0x7c, 0x78, 0x0d, 0x5d, 0x18, 0x74, 0x3f, 0x30, 0x70, 0xca, 0xc9, 0x46, 0xa0, - 0xa0, 0xf3, 0x04, 0x17, 0xaf, 0x13, 0xb7, 0x12, 0x1f, 0x7c, 0x5a, 0x5c, 0xd0, 0x85, 0xd8, 0x00, - 0x4d, 0x97, 0x06, 0x94, 0x51, 0xd7, 0x38, 0xec, 0x29, 0x27, 0x1a, 0x2a, 0x43, 0x6e, 0x5b, 0x2c, - 0x0b, 0xdb, 0xbb, 0x9f, 0xb6, 0x2d, 0xe8, 0x3c, 0x31, 0x51, 0x35, 0xa8, 0x1f, 0x4e, 0x54, 0xad, - 0xa9, 0x6b, 0x13, 0x55, 0x03, 0x7a, 0x7b, 0xa2, 0x6a, 0x6d, 0xbd, 0x73, 0xfc, 0x87, 0x02, 0xee, - 0x16, 0x03, 0x65, 0x45, 0x2c, 0xcd, 0x2b, 0x31, 0xfc, 0x12, 0xec, 0x57, 0xf7, 0x16, 0x47, 0x24, - 0x8a, 0x33, 0x79, 0x47, 0xf7, 0xaa, 0xf4, 0x94, 0x67, 0xe1, 0x3d, 0xd0, 0x08, 0x62, 0x8f, 0xdf, - 0xe1, 0x9a, 0xc0, 0x77, 0x82, 0xd8, 0x1b, 0xbb, 0xf0, 0x3b, 0xd0, 0xaa, 0xa6, 0x51, 0x5c, 0xc7, - 0xf6, 0xe0, 0xfe, 0xdf, 0x4f, 0x32, 0xda, 0x10, 0x8f, 0x7f, 0xad, 0x81, 0xdd, 0x22, 0x7b, 0x15, - 0x7b, 0xbc, 0x23, 0xff, 0xfe, 0x1c, 0x0f, 0x41, 0x4b, 0x74, 0x9d, 0x5f, 0x2d, 0x71, 0x94, 0x0e, - 0xd2, 0x78, 0x82, 0xdf, 0x3c, 0x0e, 0x16, 0x0f, 0x8a, 0xff, 0xae, 0x38, 0x4d, 0xbd, 0x78, 0x08, - 0x6c, 0xff, 0x1d, 0x85, 0x9f, 0x83, 0x5d, 0x01, 0xa6, 0xf4, 0x8d, 0x9f, 0xf1, 0x79, 0x69, 0x08, - 0x42, 0x87, 0x27, 0x91, 0xcc, 0xc1, 0x23, 0xa0, 0xdd, 0xd0, 0x1c, 0xaf, 0xfc, 0x88, 0x19, 0x4d, - 0xe1, 0xde, 0xbc, 0xa1, 0xf9, 0xc8, 0x8f, 0x18, 0x87, 0x78, 0x05, 0xf8, 0x66, 0xe2, 0x7a, 0x75, - 0x50, 0x33, 0x90, 0xa7, 0xff, 0x1a, 0xc0, 0x12, 0xc2, 0x9b, 0x72, 0xb4, 0x04, 0x49, 0x97, 0xa4, - 0xea, 0x22, 0x4f, 0x54, 0x4d, 0xd5, 0x77, 0x26, 0xaa, 0xb6, 0xa3, 0x37, 0x8e, 0xff, 0x54, 0xca, - 0x4a, 0x5c, 0x93, 0xe4, 0x3f, 0xac, 0xc4, 0xff, 0x6e, 0xf7, 0x45, 0x15, 0xe0, 0x26, 0xc1, 0x9b, - 0x19, 0x92, 0x84, 0x37, 0x73, 0xa7, 0x68, 0x66, 0x48, 0x92, 0xb1, 0xcb, 0x1f, 0x11, 0x9e, 0xde, - 0x2a, 0x50, 0x3b, 0x24, 0x49, 0x55, 0x9f, 0x2e, 0xd0, 0x42, 0xca, 0x88, 0x4b, 0x18, 0x91, 0x45, - 0xa8, 0xe2, 0x89, 0xaa, 0xd5, 0x75, 0xb5, 0x18, 0xbe, 0xc7, 0x43, 0xb0, 0x2b, 0x5b, 0x7b, 0x1e, - 0xa7, 0x21, 0x61, 0xf0, 0x21, 0x78, 0x70, 0x35, 0xbb, 0xc0, 0x68, 0x36, 0x73, 0xf0, 0xf9, 0x0c, - 0x5d, 0x9b, 0x0e, 0xfe, 0x71, 0x7a, 0x39, 0x9d, 0xfd, 0x34, 0xd5, 0xef, 0xc0, 0xfb, 0x00, 0x6e, - 0x83, 0x2f, 0x9f, 0xe8, 0x0a, 0x77, 0x91, 0x65, 0xd9, 0xb8, 0x5c, 0x9b, 0xf3, 0x8f, 0xbb, 0x6c, - 0x83, 0xc2, 0xe5, 0x17, 0x05, 0x74, 0x6e, 0xbf, 0xf1, 0xf0, 0x08, 0xdc, 0x93, 0x2a, 0x3c, 0x32, - 0xed, 0x11, 0xb6, 0x1d, 0x64, 0x3a, 0xd6, 0xc5, 0x2b, 0xfd, 0x0e, 0x84, 0x60, 0x0f, 0x9d, 0x9f, - 0x3d, 0xfb, 0xfe, 0xd9, 0x00, 0xdb, 0x23, 0x73, 0xf0, 0xf4, 0x99, 0xae, 0xc0, 0x43, 0xb0, 0xef, - 0x58, 0xb6, 0x83, 0xb9, 0x39, 0xe7, 0x5b, 0x48, 0xaf, 0x71, 0x8f, 0xd9, 0x8b, 0x89, 0x75, 0xe6, - 0xe0, 0x2d, 0x7e, 0x1d, 0xde, 0x03, 0x07, 0x67, 0xb3, 0xe9, 0xf8, 0xd2, 0xe6, 0xa9, 0xa7, 0x4f, - 0x06, 0x98, 0xa7, 0xd5, 0xc7, 0xbf, 0x2b, 0xa0, 0x55, 0x7d, 0xa5, 0xf1, 0xc3, 0x96, 0x67, 0x70, - 0x90, 0x65, 0x61, 0xdb, 0x31, 0x1d, 0x4b, 0xbf, 0x03, 0x01, 0x68, 0x98, 0x67, 0xce, 0xf8, 0xa5, - 0xa5, 0x2b, 0x7c, 0x7d, 0x8e, 0x66, 0xaf, 0xad, 0xa9, 0x5e, 0x83, 0x8f, 0xc0, 0x83, 0xa1, 0x35, - 0x47, 0xd6, 0x99, 0xe9, 0x58, 0x43, 0x6c, 0xcf, 0xce, 0x1d, 0x3c, 0xb4, 0xae, 0x2c, 0xc7, 0x1a, - 0xea, 0xf5, 0x6e, 0x4d, 0x53, 0xb6, 0x08, 0x23, 0x13, 0x0d, 0x2b, 0x82, 0x2a, 0x08, 0x1d, 0xa0, - 0x0d, 0x91, 0x39, 0x9e, 0x8e, 0xa7, 0x17, 0xfa, 0xce, 0xe3, 0x0b, 0xa0, 0x95, 0x5f, 0x96, 0xfc, - 0xc0, 0xef, 0x9d, 0xc5, 0x79, 0x35, 0xe7, 0x47, 0x69, 0x82, 0xfa, 0xd5, 0xec, 0x42, 0x57, 0xf8, - 0xe2, 0xda, 0x9c, 0xeb, 0x35, 0x5e, 0x9d, 0x39, 0xb2, 0x66, 0x68, 0x68, 0x21, 0x6b, 0x88, 0x39, - 0x58, 0x7f, 0x31, 0x02, 0x47, 0xcb, 0x38, 0x2c, 0xdf, 0xa7, 0xf7, 0x7f, 0x9f, 0xbc, 0xd8, 0x75, - 0x64, 0x3c, 0xe7, 0xe1, 0x5c, 0x79, 0xdd, 0xf5, 0x7c, 0xb6, 0x5a, 0x2f, 0xfa, 0xcb, 0x38, 0x3c, - 0x95, 0x3f, 0x20, 0x4a, 0xc9, 0xa2, 0x21, 0x34, 0xdf, 0xfe, 0x15, 0x00, 0x00, 0xff, 0xff, 0x0b, - 0x5f, 0xc3, 0xca, 0xe5, 0x08, 0x00, 0x00, + // 1097 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x56, 0xdb, 0x6f, 0xdb, 0x36, + 0x17, 0xaf, 0x6c, 0xc5, 0x96, 0xe9, 0x4b, 0x18, 0xa6, 0x17, 0xd9, 0xfd, 0xf0, 0xd5, 0xcb, 0x06, + 0x2c, 0x2b, 0x06, 0x67, 0xf5, 0xd6, 0x02, 0x43, 0x1f, 0x06, 0x35, 0x56, 0x62, 0x3b, 0x89, 0x6d, + 0x50, 0x5a, 0x87, 0xe6, 0x85, 0x90, 0x6d, 0x4e, 0x16, 0xa2, 0x1b, 0x24, 0xba, 0xa8, 0xfa, 0x3c, + 0x60, 0x18, 0xb6, 0x3f, 0x7a, 0x20, 0x45, 0xd9, 0x89, 0xb3, 0xae, 0x7b, 0x49, 0x78, 0xce, 0xef, + 0xc2, 0x23, 0xf2, 0x1c, 0xc9, 0xa0, 0xc5, 0x12, 0xcf, 0xf7, 0x3d, 0x27, 0xec, 0xc5, 0x49, 0xc4, + 0x22, 0xa4, 0x15, 0x71, 0xa7, 0xb3, 0x48, 0xb2, 0x98, 0x45, 0x27, 0x37, 0x34, 0x4b, 0xe3, 0xb9, + 0xfc, 0x97, 0xb3, 0x3a, 0xba, 0xc4, 0x52, 0xcf, 0x8d, 0xe7, 0xf9, 0x5f, 0x89, 0xb4, 0xdd, 0x28, + 0x72, 0x7d, 0x7a, 0x22, 0xa2, 0xf9, 0xfa, 0xd7, 0x13, 0x27, 0xcc, 0x24, 0xf4, 0xff, 0x5d, 0x68, + 0xb9, 0x4e, 0x1c, 0xe6, 0x45, 0x72, 0xeb, 0xce, 0xb3, 0x5d, 0x9c, 0x79, 0x01, 0x4d, 0x99, 0x13, + 0xc4, 0x39, 0xe1, 0xe8, 0x8f, 0x2a, 0x50, 0xed, 0x84, 0x52, 0xf4, 0x04, 0x54, 0x59, 0x42, 0x29, + 0xf1, 0x96, 0xba, 0xd2, 0x55, 0x8e, 0xcb, 0xb8, 0xc2, 0xc3, 0xd1, 0x12, 0xf5, 0x01, 0x10, 0x40, + 0xca, 0x1c, 0x46, 0xf5, 0x52, 0x57, 0x39, 0x6e, 0xf5, 0x0f, 0x7b, 0x9b, 0x47, 0xe4, 0x62, 0x8b, + 0x43, 0xb8, 0xc6, 0x8a, 0x25, 0x3a, 0x01, 0x22, 0x20, 0x2c, 0x8b, 0xa9, 0x5e, 0x16, 0x12, 0x74, + 0x57, 0x62, 0x67, 0x31, 0xc5, 0x1a, 0x93, 0x2b, 0xf4, 0x1a, 0x34, 0x57, 0x4e, 0xba, 0x22, 0x29, + 0x4b, 0x1c, 0x46, 0xdd, 0x4c, 0x57, 0x85, 0xe8, 0xf1, 0x56, 0x34, 0x74, 0xd2, 0x95, 0x25, 0x51, + 0xdc, 0x58, 0xdd, 0x8a, 0xd0, 0x05, 0x68, 0x09, 0xb1, 0xe3, 0xbb, 0x51, 0xe2, 0xb1, 0x55, 0xa0, + 0xef, 0x09, 0xf5, 0x57, 0xbd, 0xfc, 0x14, 0x07, 0x9e, 0xeb, 0x31, 0xc7, 0xf7, 0x33, 0xcb, 0x73, + 0x43, 0xba, 0x14, 0x56, 0x46, 0xc1, 0xc5, 0x62, 0xe3, 0x4d, 0x88, 0xae, 0xc1, 0x61, 0xea, 0xb9, + 0xa1, 0xc3, 0xd6, 0x09, 0xbd, 0xe5, 0x58, 0x11, 0x8e, 0xdf, 0x7c, 0xc2, 0xd1, 0x2a, 0x14, 0x5b, + 0x5b, 0x94, 0xde, 0xcb, 0xa1, 0x2f, 0x40, 0x63, 0xe9, 0xa5, 0xb1, 0xef, 0x64, 0x24, 0x74, 0x02, + 0xaa, 0x6b, 0x5d, 0xe5, 0xb8, 0x86, 0xeb, 0x32, 0x37, 0x71, 0x02, 0x8a, 0xba, 0xa0, 0xbe, 0xa4, + 0xe9, 0x22, 0xf1, 0x62, 0x7e, 0x8b, 0x7a, 0x4d, 0x32, 0xb6, 0x29, 0xf4, 0x12, 0xd4, 0xe3, 0xc4, + 0x7b, 0xef, 0x30, 0x4a, 0x6e, 0x68, 0xa6, 0x37, 0xba, 0xca, 0x71, 0xbd, 0xff, 0xb0, 0x97, 0x5f, + 0x74, 0xaf, 0xb8, 0xe8, 0x9e, 0x11, 0x66, 0x18, 0x48, 0xe2, 0x05, 0xcd, 0xd0, 0x4f, 0x00, 0xa6, + 0x2c, 0x4a, 0x1c, 0x97, 0x92, 0x94, 0x32, 0xe6, 0x85, 0x6e, 0xaa, 0x37, 0xff, 0x45, 0xbb, 0x2f, + 0xd9, 0x96, 0x24, 0xa3, 0xef, 0x00, 0x88, 0xd7, 0x73, 0xdf, 0x5b, 0x88, 0x6d, 0x5b, 0x42, 0x7a, + 0xd0, 0x93, 0x2d, 0x3c, 0x13, 0xc8, 0x05, 0xcd, 0x70, 0x2d, 0x2e, 0x96, 0xc8, 0x04, 0x07, 0x81, + 0xf3, 0x81, 0x24, 0x51, 0xc4, 0x48, 0xd1, 0x97, 0xfa, 0xbe, 0x10, 0xb6, 0xef, 0xed, 0x39, 0x90, + 0x04, 0xbc, 0x1f, 0x38, 0x1f, 0x70, 0x14, 0xb1, 0x22, 0x81, 0x5e, 0x83, 0xfa, 0x22, 0xa1, 0xfc, + 0x79, 0x79, 0xf3, 0xea, 0x50, 0x18, 0x74, 0xee, 0x19, 0xd8, 0x45, 0x67, 0x63, 0x90, 0xd3, 0x79, + 0x82, 0x8b, 0xd7, 0xf1, 0x72, 0x23, 0x3e, 0xf8, 0xbc, 0x38, 0xa7, 0x0b, 0xb1, 0x0e, 0xaa, 0x4b, + 0xea, 0x53, 0x46, 0x97, 0xfa, 0x61, 0x57, 0x39, 0xd6, 0x70, 0x11, 0x72, 0xdb, 0x7c, 0x99, 0xdb, + 0x3e, 0xfc, 0xbc, 0x6d, 0x4e, 0xe7, 0x89, 0xb1, 0xaa, 0x21, 0x78, 0x38, 0x56, 0xb5, 0x2a, 0xd4, + 0xc6, 0xaa, 0x06, 0x60, 0x7d, 0xac, 0x6a, 0x75, 0xd8, 0x38, 0xfa, 0x4b, 0x01, 0x0f, 0xf3, 0x86, + 0x32, 0x43, 0x96, 0x64, 0x1b, 0x31, 0xfa, 0x1a, 0xec, 0x6f, 0xe6, 0x96, 0x84, 0x4e, 0x18, 0xa5, + 0x72, 0x46, 0x5b, 0x9b, 0xf4, 0x84, 0x67, 0xd1, 0x23, 0x50, 0xf1, 0x23, 0x97, 0xcf, 0x70, 0x49, + 0xe0, 0x7b, 0x7e, 0xe4, 0x8e, 0x96, 0xe8, 0x07, 0x50, 0xdb, 0x74, 0xa3, 0x18, 0xc7, 0x7a, 0xff, + 0xf1, 0x3f, 0x77, 0x32, 0xde, 0x12, 0x8f, 0x7e, 0x2f, 0x81, 0x66, 0x9e, 0xbd, 0x8c, 0x5c, 0x7e, + 0x23, 0xff, 0xbd, 0x8e, 0xa7, 0xa0, 0x26, 0x6e, 0x9d, 0x8f, 0x96, 0x28, 0xa5, 0x81, 0x35, 0x9e, + 0xe0, 0x93, 0xc7, 0xc1, 0xfc, 0x85, 0xe2, 0x7d, 0xcc, 0xab, 0x29, 0xe7, 0x2f, 0x02, 0xcb, 0xfb, + 0x48, 0xd1, 0x97, 0xa0, 0x29, 0xc0, 0x84, 0xbe, 0xf7, 0x52, 0xde, 0x2f, 0x15, 0x41, 0x68, 0xf0, + 0x24, 0x96, 0x39, 0xd4, 0x06, 0xda, 0x0d, 0xcd, 0xc8, 0xca, 0x0b, 0x99, 0x5e, 0x15, 0xee, 0xd5, + 0x1b, 0x9a, 0x0d, 0xbd, 0x90, 0x71, 0x88, 0x9f, 0x00, 0xdf, 0x4c, 0x8c, 0x57, 0x03, 0x57, 0x7d, + 0x59, 0xfd, 0xb7, 0x00, 0x15, 0x10, 0xd9, 0x1e, 0x47, 0x4d, 0x90, 0xa0, 0x24, 0x6d, 0x06, 0x79, + 0xac, 0x6a, 0x2a, 0xdc, 0x1b, 0xab, 0xda, 0x1e, 0xac, 0x1c, 0x25, 0xc5, 0x41, 0x5c, 0x39, 0xb1, + 0xb0, 0x6a, 0x03, 0x2d, 0x70, 0xe2, 0x7c, 0x97, 0xdc, 0xa0, 0x1a, 0x48, 0xe8, 0x7f, 0xb7, 0xcf, + 0x5a, 0x15, 0xd8, 0x36, 0x31, 0x56, 0x35, 0x05, 0x96, 0xc6, 0xaa, 0x56, 0x82, 0xe5, 0xb1, 0xaa, + 0x95, 0xa1, 0x9a, 0xef, 0x30, 0x56, 0xb5, 0x0a, 0xac, 0x6e, 0x5a, 0x42, 0x83, 0xb5, 0xe7, 0x03, + 0xd0, 0x94, 0xc7, 0x7e, 0x16, 0x25, 0x81, 0xc3, 0xd0, 0x53, 0xf0, 0xe4, 0x72, 0x7a, 0x4e, 0xf0, + 0x74, 0x6a, 0x93, 0xb3, 0x29, 0xbe, 0x32, 0x6c, 0xf2, 0xf3, 0xe4, 0x62, 0x32, 0xfd, 0x65, 0x02, + 0x1f, 0xa0, 0xc7, 0x00, 0xed, 0x82, 0x6f, 0x5f, 0x40, 0x85, 0xbb, 0xc8, 0x9a, 0xb7, 0x2e, 0x57, + 0xc6, 0xec, 0xd3, 0x2e, 0xbb, 0xa0, 0x70, 0xf9, 0x4d, 0x01, 0x8d, 0xdb, 0xef, 0x5f, 0xd4, 0x06, + 0x8f, 0xa4, 0x8a, 0x0c, 0x0d, 0x6b, 0x48, 0x2c, 0x1b, 0x1b, 0xb6, 0x79, 0xfe, 0x0e, 0x3e, 0x40, + 0x08, 0xb4, 0xf0, 0xd9, 0xe9, 0xab, 0x1f, 0x5f, 0xf5, 0x89, 0x35, 0x34, 0xfa, 0x2f, 0x5f, 0x41, + 0x05, 0x1d, 0x82, 0x7d, 0xdb, 0xb4, 0x6c, 0xc2, 0xcd, 0x39, 0xdf, 0xc4, 0xb0, 0xc4, 0x3d, 0xa6, + 0x6f, 0xc6, 0xe6, 0xa9, 0x4d, 0x76, 0xf8, 0x65, 0xf4, 0x08, 0x1c, 0x9c, 0x4e, 0x27, 0xa3, 0x0b, + 0x8b, 0xa7, 0x5e, 0xbe, 0xe8, 0x13, 0x9e, 0x56, 0x9f, 0xff, 0xa9, 0x80, 0xda, 0xe6, 0x73, 0xc3, + 0x8b, 0x2d, 0x6a, 0xb0, 0xb1, 0x69, 0x12, 0xcb, 0x36, 0x6c, 0x13, 0x3e, 0x40, 0x00, 0x54, 0x8c, + 0x53, 0x7b, 0xf4, 0xd6, 0x84, 0x0a, 0x5f, 0x9f, 0xe1, 0xe9, 0xb5, 0x39, 0x81, 0x25, 0xf4, 0x0c, + 0x3c, 0x19, 0x98, 0x33, 0x6c, 0x9e, 0x1a, 0xb6, 0x39, 0x20, 0xd6, 0xf4, 0xcc, 0x26, 0x03, 0xf3, + 0xd2, 0xb4, 0xcd, 0x01, 0x2c, 0x77, 0x4a, 0x9a, 0xb2, 0x43, 0x18, 0x1a, 0x78, 0xb0, 0x21, 0xa8, + 0x82, 0xd0, 0x00, 0xda, 0x00, 0x1b, 0xa3, 0xc9, 0x68, 0x72, 0x0e, 0xf7, 0x9e, 0x9f, 0x03, 0xad, + 0xf8, 0x90, 0xf1, 0x82, 0xef, 0xd4, 0x62, 0xbf, 0x9b, 0xf1, 0x52, 0xaa, 0xa0, 0x7c, 0x39, 0x3d, + 0x87, 0x0a, 0x5f, 0x5c, 0x19, 0x33, 0x58, 0xe2, 0xa7, 0x33, 0xc3, 0xe6, 0x14, 0x0f, 0x4c, 0x6c, + 0x0e, 0x08, 0x07, 0xcb, 0x6f, 0x86, 0xa0, 0xbd, 0x88, 0x82, 0xe2, 0xdd, 0x71, 0xf7, 0xb7, 0xc3, + 0x9b, 0xa6, 0x2d, 0xe3, 0x19, 0x0f, 0x67, 0xca, 0x75, 0xc7, 0xf5, 0xd8, 0x6a, 0x3d, 0xef, 0x2d, + 0xa2, 0xe0, 0x44, 0x7e, 0xdc, 0x0b, 0xc9, 0xbc, 0x22, 0x34, 0xdf, 0xff, 0x1d, 0x00, 0x00, 0xff, + 0xff, 0x19, 0x4e, 0xf0, 0x51, 0x81, 0x08, 0x00, 0x00, } diff --git a/trillian.proto b/trillian.proto index 966638dc39..d93864f9e2 100644 --- a/trillian.proto +++ b/trillian.proto @@ -259,16 +259,30 @@ message SignedLogRoot { // SignedMapRoot represents a commitment by a Map to a particular tree. message SignedMapRoot { - int64 timestamp_nanos = 1; - bytes root_hash = 2; - reserved 3; // was MapperMetadata (removed, replaced by 'Any metadata'). - + reserved 1; // Deprecated: Was timestamp_nanos. Use map_root. + reserved 2; // Deprecated: Was root_hash. Use map_root. + reserved 3; // Deprecated: Was MapperMetadata. Use map_root. + reserved 5; // Deprecated: Was map_id. Use signature. + reserved 6; // Deprecated: Was map_revision. Use map_root. + reserved 7; // Deprecated: Was metadata Any. Use map_root. + reserved 8; // Deprecated: Was metadata bytes. Use map_root. + + // map_root holds the TLS-serialization of the following + // structure (described in RFC5246 notation): + // enum { v1(1), (65535)} Version; + // struct { + // opaque root_hash<0..128>; + // uint64 timestamp_nanos; + // uint64 revision; + // opaque metadata<0..65535>; + // } MapRootV1; + // struct { + // Version version; + // select(version) { + // case v1: MapRootV1; + // } + // } MapRoot; + bytes map_root = 9; + // Signature is the signature over MapRoot. bytes signature = 4; - int64 map_id = 5; - int64 map_revision = 6; - reserved 7; - // Metadata associated with the Map root. This is set by the map personality - // layer in a SetLeaves map request. It could be used to persist state - // needed to recreate the Map from an external data source. - bytes metadata = 8; }