Encapsulate Client Verifier State in test vectors

core/api/v1/keytransparency.proto

@@ -338,6 +338,14 @@ message MapRoot {
   repeated bytes log_inclusion = 2;
 }
 
+// LogRootRequest contains the information needed to request and verify LogRoot.
+message LogRootRequest {
+  // root_hash is the root hash of the last log root the client verified.
+  bytes root_hash = 1;
+  // tree_size is the tree size of the last log root the client verified.
+  int64 tree_size = 2;
+}
+
 // LogRoot contains the latest log root and its consistency proof.
 message LogRoot {
   // log_root is the latest globally consistent log root.

core/client/verifier/verifier_test.go

@@ -47,17 +47,17 @@ func RunTranscriptTest(t *testing.T, transcript *tpb.Transcript) {
 		t.Fatal(err)
 	}
 
-	trusted := &types.LogRootV1{}
 	for _, rpc := range transcript.Actions {
 		t.Run(rpc.Desc, func(t *testing.T) {
+			trusted := types.LogRootV1{
+				TreeSize: uint64(rpc.LastVerifiedLogRoot.GetTreeSize()),
+				RootHash: rpc.LastVerifiedLogRoot.GetRootHash(),
+			}
 			switch pair := rpc.ReqRespPair.(type) {
 			case *tpb.Action_GetUser:
-				slr, smr, err := v.VerifyRevision(pair.GetUser.Response.Revision, *trusted)
+				_, smr, err := v.VerifyRevision(pair.GetUser.Response.Revision, trusted)
 				if err != nil {
-					t.Errorf("VerifyRevision(): %v", err)
-				}
-				if err == nil && rpc.TrustNewLog {
-					trusted = slr
+					t.Fatalf("VerifyRevision(): %v", err)
 				}
 				if err := v.VerifyMapLeaf(
 					transcript.Directory.DirectoryId,

core/integration/client_tests.go

@@ -260,6 +260,7 @@ func TestEmptyGetAndUpdate(ctx context.Context, env *Env, t *testing.T) []*tpb.A
 	} {
 		t.Run(tc.desc, func(t *testing.T) {
 			// Check profile.
+			reqSLR := *slr
 			e, newslr, err := CheckProfile(ctx, env, tc.userID, tc.wantProfile, slr)
 			if err != nil {
 				t.Fatalf("%v", err)
@@ -272,10 +273,17 @@ func TestEmptyGetAndUpdate(ctx context.Context, env *Env, t *testing.T) []*tpb.A
 				slr = newslr
 			}
 			transcript = append(transcript, &tpb.Action{
-				Desc:        tc.desc,
-				TrustNewLog: trust,
+				Desc: tc.desc,
+				LastVerifiedLogRoot: &pb.LogRootRequest{
+					TreeSize: int64(reqSLR.TreeSize),
+					RootHash: reqSLR.RootHash,
+				},
 				ReqRespPair: &tpb.Action_GetUser{GetUser: &tpb.GetUser{
-					Request:  &pb.GetUserRequest{UserId: tc.userID},
+					Request: &pb.GetUserRequest{
+						DirectoryId:          env.Directory.DirectoryId,
+						UserId:               tc.userID,
+						LastVerifiedTreeSize: int64(reqSLR.TreeSize),
+					},
 					Response: e,
 				}},
 			})
@@ -399,7 +407,8 @@ func TestBatchGetUser(ctx context.Context, env *Env, t *testing.T) []*tpb.Action
 			if err != nil {
 				t.Fatalf("BatchGetUser(): %v", err)
 			}
-			_, smr, err := env.Client.VerifyRevision(resp.Revision, types.LogRootV1{})
+			slr := types.LogRootV1{}
+			_, smr, err := env.Client.VerifyRevision(resp.Revision, slr)
 			if err != nil {
 				t.Fatalf("VerifyRevision(): %v", nil)
 			}
@@ -413,6 +422,10 @@ func TestBatchGetUser(ctx context.Context, env *Env, t *testing.T) []*tpb.Action
 			}
 			transcript = append(transcript, &tpb.Action{
 				Desc: tc.desc,
+				LastVerifiedLogRoot: &pb.LogRootRequest{
+					TreeSize: int64(slr.TreeSize),
+					RootHash: slr.RootHash,
+				},
 				ReqRespPair: &tpb.Action_BatchGetUser{
 					BatchGetUser: &tpb.BatchGetUser{
 						Request:  &pb.BatchGetUserRequest{UserIds: userIDs},

core/testdata/TestBatchCreate.json

@@ -3,7 +3,7 @@
 	"directory": {
 		"directoryId": "integration",
 		"log": {
-			"treeId": "6351326452095781645",
+			"treeId": "8172687717364565544",
 			"treeType": "PREORDERED_LOG",
 			"hashStrategy": "RFC6962_SHA256",
 			"hashAlgorithm": "SHA256",
@@ -13,7 +13,7 @@
 			}
 		},
 		"map": {
-			"treeId": "8005363257432365208",
+			"treeId": "8476932576446208687",
 			"treeType": "MAP",
 			"hashStrategy": "CONIKS_SHA256",
 			"hashAlgorithm": "SHA256",