diff --git a/client/log_verifier_test.go b/client/log_verifier_test.go index 610f0cf7e7..dc5464aa4d 100644 --- a/client/log_verifier_test.go +++ b/client/log_verifier_test.go @@ -15,6 +15,7 @@ package client import ( + "crypto" "testing" "github.com/google/trillian" @@ -32,7 +33,7 @@ func TestVerifyRootErrors(t *testing.T) { if err != nil { t.Fatalf("Failed to open test key, err=%v", err) } - signer := tcrypto.NewSHA256Signer(key) + signer := tcrypto.NewSigner(0, key, crypto.SHA256) pk, err := pem.UnmarshalPublicKey(testonly.DemoPublicKey) if err != nil { t.Fatalf("Failed to load public key, err=%v", err) diff --git a/crypto/signer.go b/crypto/signer.go index b5860360dc..f8303808dd 100644 --- a/crypto/signer.go +++ b/crypto/signer.go @@ -35,11 +35,22 @@ var sigpbHashLookup = map[crypto.Hash]sigpb.DigitallySigned_HashAlgorithm{ // Signer is responsible for signing log-related data and producing the appropriate // application specific signature objects. type Signer struct { - Hash crypto.Hash - Signer crypto.Signer + KeyHint []byte + Hash crypto.Hash + Signer crypto.Signer } -// NewSHA256Signer creates a new SHA256 based Signer. +// NewSigner returns a new signer. The signer will set the KeyHint field, when available, with KeyID. +func NewSigner(keyID int64, signer crypto.Signer, hash crypto.Hash) *Signer { + return &Signer{ + KeyHint: types.SerializeKeyHint(keyID), + Hash: hash, + Signer: signer, + } +} + +// NewSHA256Signer creates a new SHA256 based Signer and a KeyID of 0. +// TODO(gbelvin): remove func NewSHA256Signer(signer crypto.Signer) *Signer { return &Signer{ Hash: crypto.SHA256, @@ -98,7 +109,7 @@ func (s *Signer) SignLogRoot(r *types.LogRootV1) (*trillian.SignedLogRoot, error } signature, err := s.Sign(hash) if err != nil { - glog.Warningf("%v: signer failed to sign log root: %v", root.LogId, err) + glog.Warningf("%v: signer failed to sign log root: %v", s.KeyHint, err) return nil, err } @@ -111,7 +122,7 @@ func (s *Signer) SignLogRoot(r *types.LogRootV1) (*trillian.SignedLogRoot, error func (s *Signer) SignMapRoot(root *trillian.SignedMapRoot) (*sigpb.DigitallySigned, error) { signature, err := s.SignObject(root) if err != nil { - glog.Warningf("%v: signer failed to sign map root: %v", root.MapId, err) + glog.Warningf("%v: signer failed to sign map root: %v", s.KeyHint, err) return nil, err } diff --git a/crypto/signer_test.go b/crypto/signer_test.go index 8f85821800..b5cd361cb8 100644 --- a/crypto/signer_test.go +++ b/crypto/signer_test.go @@ -15,6 +15,7 @@ package crypto import ( + "crypto" "encoding/json" "errors" "testing" @@ -35,7 +36,7 @@ func TestSign(t *testing.T) { if err != nil { t.Fatalf("Failed to open test key, err=%v", err) } - signer := NewSHA256Signer(key) + signer := NewSigner(0, key, crypto.SHA256) for _, test := range []struct { message []byte @@ -72,7 +73,7 @@ func TestSign_SignerFails(t *testing.T) { t.Fatalf("Failed to load private key: %v", err) } - _, err = NewSHA256Signer(testonly.NewSignerWithErr(key, errors.New("sign"))).Sign([]byte(message)) + _, err = NewSigner(0, testonly.NewSignerWithErr(key, errors.New("sign")), crypto.SHA256).Sign([]byte(message)) if err == nil { t.Fatalf("Ignored a signing error: %v", err) } @@ -95,7 +96,7 @@ func TestSignWithSignedLogRoot_SignerFails(t *testing.T) { if err != nil { t.Fatalf("HashLogRoot(): %v", err) } - _, err = NewSHA256Signer(s).Sign(hash) + _, err = NewSigner(0, s, crypto.SHA256).Sign(hash) testonly.EnsureErrorContains(t, err, "signfail") } @@ -104,7 +105,7 @@ func TestSignLogRoot(t *testing.T) { if err != nil { t.Fatalf("Failed to open test key, err=%v", err) } - signer := NewSHA256Signer(key) + signer := NewSigner(0, key, crypto.SHA256) for _, test := range []struct { root *types.LogRootV1 @@ -137,7 +138,7 @@ func TestSignMapRoot(t *testing.T) { if err != nil { t.Fatalf("Failed to open test key, err=%v", err) } - signer := NewSHA256Signer(key) + signer := NewSigner(0, key, crypto.SHA256) for _, test := range []struct { root trillian.SignedMapRoot diff --git a/crypto/verifier_test.go b/crypto/verifier_test.go index 1876c36c77..cfb1aa68b1 100644 --- a/crypto/verifier_test.go +++ b/crypto/verifier_test.go @@ -15,6 +15,7 @@ package crypto import ( + "crypto" "testing" "github.com/google/trillian" @@ -70,7 +71,7 @@ func TestSignVerify(t *testing.T) { msg := []byte("foo") var signature *sigpb.DigitallySigned if !test.skipSigning { - signature, err = NewSHA256Signer(key).Sign(msg) + signature, err = NewSigner(0, key, crypto.SHA256).Sign(msg) if err != nil { t.Errorf("%s: Sign()=(_,%v), want (_,nil)", test.name, err) continue @@ -89,7 +90,7 @@ func TestSignVerifyObject(t *testing.T) { if err != nil { t.Fatalf("Failed to open test key, err=%v", err) } - signer := NewSHA256Signer(key) + signer := NewSigner(0, key, crypto.SHA256) type subfield struct { c int diff --git a/log/sequencer.go b/log/sequencer.go index 149f9e2726..a515e4450c 100644 --- a/log/sequencer.go +++ b/log/sequencer.go @@ -138,19 +138,19 @@ func (s Sequencer) buildMerkleTreeFromStorageAtRoot(ctx context.Context, root tr mt, err := merkle.NewCompactMerkleTreeWithState(s.hasher, root.TreeSize, func(depth int, index int64) ([]byte, error) { nodeID, err := storage.NewNodeIDForTreeCoords(int64(depth), index, maxTreeDepth) if err != nil { - glog.Warningf("%v: Failed to create nodeID: %v", root.LogId, err) + glog.Warningf("%x: Failed to create nodeID: %v", s.signer.KeyHint, err) return nil, err } nodes, err := tx.GetMerkleNodes(ctx, root.TreeRevision, []storage.NodeID{nodeID}) if err != nil { - glog.Warningf("%v: Failed to get Merkle nodes: %v", root.LogId, err) + glog.Warningf("%x: Failed to get Merkle nodes: %v", s.signer.KeyHint, err) return nil, err } // We expect to get exactly one node here if nodes == nil || len(nodes) != 1 { - return nil, fmt.Errorf("%v: Did not retrieve one node while loading CompactMerkleTree, got %#v for ID %v@%v", root.LogId, nodes, nodeID.String(), root.TreeRevision) + return nil, fmt.Errorf("%x: Did not retrieve one node while loading CompactMerkleTree, got %#v for ID %v@%v", s.signer.KeyHint, nodes, nodeID.String(), root.TreeRevision) } return nodes[0].Hash, nil diff --git a/log/sequencer_test.go b/log/sequencer_test.go index 9f2c0d0e11..2adff402ef 100644 --- a/log/sequencer_test.go +++ b/log/sequencer_test.go @@ -31,9 +31,10 @@ import ( "github.com/google/trillian/merkle/rfc6962" "github.com/google/trillian/quota" "github.com/google/trillian/storage" - stestonly "github.com/google/trillian/storage/testonly" "github.com/google/trillian/testonly" "github.com/google/trillian/util" + + stestonly "github.com/google/trillian/storage/testonly" ) var ( @@ -73,7 +74,6 @@ var expectedSignedRoot = trillian.SignedLogRoot{ TimestampNanos: fakeTimeForTest.UnixNano(), TreeRevision: 6, TreeSize: 17, - LogId: 0, Signature: &sigpb.DigitallySigned{ SignatureAlgorithm: sigpb.DigitallySigned_ECDSA, HashAlgorithm: sigpb.DigitallySigned_SHA256, @@ -87,7 +87,6 @@ var expectedSignedRoot16 = trillian.SignedLogRoot{ TreeRevision: 6, TreeSize: 16, RootHash: testRoot16.RootHash, - LogId: 0, Signature: &sigpb.DigitallySigned{ SignatureAlgorithm: sigpb.DigitallySigned_ECDSA, HashAlgorithm: sigpb.DigitallySigned_SHA256, @@ -101,7 +100,6 @@ var expectedSignedRoot0 = trillian.SignedLogRoot{ TimestampNanos: fakeTimeForTest.UnixNano(), TreeRevision: 1, TreeSize: 0, - LogId: 0, Signature: &sigpb.DigitallySigned{ SignatureAlgorithm: sigpb.DigitallySigned_ECDSA, HashAlgorithm: sigpb.DigitallySigned_SHA256, @@ -251,7 +249,7 @@ func createTestContext(ctrl *gomock.Controller, params testParameters) (testCont } } - signer := crypto.NewSHA256Signer(params.signer) + signer := crypto.NewSigner(0, params.signer, gocrypto.SHA256) qm := params.qm if qm == nil { qm = quota.Noop() @@ -550,7 +548,7 @@ func TestIntegrateBatch_PutTokens(t *testing.T) { // Needed to create a signer hasher := rfc6962.DefaultHasher ts := util.NewFakeTimeSource(fakeTimeForTest) - signer := crypto.NewSHA256Signer(cryptoSigner) + signer := crypto.NewSigner(0, cryptoSigner, gocrypto.SHA256) // Needed for IntegrateBatch calls const treeID int64 = 1234 diff --git a/quota/mysqlqm/mysql_quota_test.go b/quota/mysqlqm/mysql_quota_test.go index 25f66bb9d7..464621bd50 100644 --- a/quota/mysqlqm/mysql_quota_test.go +++ b/quota/mysqlqm/mysql_quota_test.go @@ -16,21 +16,25 @@ package mysqlqm_test import ( "context" + "crypto" "database/sql" "fmt" "testing" "time" "github.com/google/trillian" - "github.com/google/trillian/crypto/sigpb" "github.com/google/trillian/quota" "github.com/google/trillian/quota/mysqlqm" "github.com/google/trillian/storage" "github.com/google/trillian/storage/mysql" "github.com/google/trillian/storage/testdb" - "github.com/google/trillian/storage/testonly" + "github.com/google/trillian/testonly" "github.com/google/trillian/trees" + "github.com/google/trillian/types" "github.com/kylelemons/godebug/pretty" + + tcrypto "github.com/google/trillian/crypto" + stestonly "github.com/google/trillian/storage/testonly" ) func TestQuotaManager_GetTokens(t *testing.T) { @@ -293,7 +297,7 @@ func createTree(ctx context.Context, db *sql.DB) (*trillian.Tree, error) { as := mysql.NewAdminStorage(db) err := as.ReadWriteTransaction(ctx, func(ctx context.Context, tx storage.AdminTX) error { var err error - tree, err = tx.CreateTree(ctx, testonly.LogTree) + tree, err = tx.CreateTree(ctx, stestonly.LogTree) return err }) if err != nil { @@ -304,7 +308,13 @@ func createTree(ctx context.Context, db *sql.DB) (*trillian.Tree, error) { { ls := mysql.NewLogStorage(db, nil) err := ls.ReadWriteTransaction(ctx, tree, func(ctx context.Context, tx storage.LogTreeTX) error { - return tx.StoreSignedLogRoot(ctx, trillian.SignedLogRoot{LogId: tree.TreeId, RootHash: []byte{0}, Signature: &sigpb.DigitallySigned{}}) + signer := tcrypto.NewSigner(0, testonly.NewSignerWithFixedSig(nil, nil), crypto.SHA256) + slr, err := signer.SignLogRoot(&types.LogRootV1{RootHash: []byte{0}}) + if err != nil { + return err + } + return tx.StoreSignedLogRoot(ctx, *slr) + }) if err != nil { return nil, err diff --git a/server/sequencer_manager_test.go b/server/sequencer_manager_test.go index aaa2b99051..7fc0375d9b 100644 --- a/server/sequencer_manager_test.go +++ b/server/sequencer_manager_test.go @@ -36,6 +36,7 @@ import ( "github.com/google/trillian/storage" stestonly "github.com/google/trillian/storage/testonly" "github.com/google/trillian/testonly" + "github.com/google/trillian/types" "github.com/google/trillian/util" ) @@ -63,7 +64,7 @@ var testLeaf0Updated = &trillian.LogLeaf{ var testRoot0 = trillian.SignedLogRoot{ TreeSize: 0, TreeRevision: 0, - LogId: testLogID1, + KeyHint: types.SerializeKeyHint(testLogID1), RootHash: []byte{}, Signature: &sigpb.DigitallySigned{ HashAlgorithm: sigpb.DigitallySigned_SHA256, diff --git a/storage/cloudspanner/log_storage.go b/storage/cloudspanner/log_storage.go index 8aca9719a1..58dd899e1b 100644 --- a/storage/cloudspanner/log_storage.go +++ b/storage/cloudspanner/log_storage.go @@ -340,7 +340,6 @@ func (tx *logTX) LatestSignedLogRoot(ctx context.Context) (trillian.SignedLogRoo TimestampNanos: currentSTH.TsNanos, RootHash: currentSTH.RootHash, TreeSize: currentSTH.TreeSize, - LogId: currentSTH.TreeId, TreeRevision: currentSTH.TreeRevision, Signature: apiSig, }, nil diff --git a/storage/mysql/log_storage.go b/storage/mysql/log_storage.go index 96220a36d6..511511d5fe 100644 --- a/storage/mysql/log_storage.go +++ b/storage/mysql/log_storage.go @@ -34,6 +34,7 @@ import ( "github.com/google/trillian/monitoring" "github.com/google/trillian/storage" "github.com/google/trillian/storage/cache" + "github.com/google/trillian/types" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" @@ -668,8 +669,8 @@ func (t *logTreeTX) fetchLatestRoot(ctx context.Context) (trillian.SignedLogRoot TimestampNanos: timestamp, TreeRevision: treeRevision, Signature: &rootSignature, - LogId: t.treeID, TreeSize: treeSize, + KeyHint: types.SerializeKeyHint(t.treeID), }, nil } diff --git a/storage/mysql/log_storage_test.go b/storage/mysql/log_storage_test.go index 2500f162e3..a22ee12a25 100644 --- a/storage/mysql/log_storage_test.go +++ b/storage/mysql/log_storage_test.go @@ -30,6 +30,7 @@ import ( "github.com/google/trillian" "github.com/google/trillian/storage" "github.com/google/trillian/storage/testonly" + "github.com/google/trillian/types" "github.com/kylelemons/godebug/pretty" spb "github.com/google/trillian/crypto/sigpb" @@ -865,7 +866,7 @@ func TestLatestSignedLogRoot(t *testing.T) { tree := logTree(logID) root := trillian.SignedLogRoot{ - LogId: logID, + KeyHint: types.SerializeKeyHint(logID), TimestampNanos: 98765, TreeSize: 16, TreeRevision: 5, @@ -902,7 +903,7 @@ func TestDuplicateSignedLogRoot(t *testing.T) { runLogTX(s, tree, t, func(ctx context.Context, tx storage.LogTreeTX) error { root := trillian.SignedLogRoot{ - LogId: logID, + KeyHint: types.SerializeKeyHint(logID), TimestampNanos: 98765, TreeSize: 16, TreeRevision: 5, @@ -928,7 +929,7 @@ func TestLogRootUpdate(t *testing.T) { tree := logTree(logID) root := trillian.SignedLogRoot{ - LogId: logID, + KeyHint: types.SerializeKeyHint(logID), TimestampNanos: 98765, TreeSize: 16, TreeRevision: 5, @@ -936,7 +937,7 @@ func TestLogRootUpdate(t *testing.T) { Signature: &spb.DigitallySigned{Signature: []byte("notempty")}, } root2 := trillian.SignedLogRoot{ - LogId: logID, + KeyHint: types.SerializeKeyHint(logID), TimestampNanos: 98766, TreeSize: 16, TreeRevision: 6, diff --git a/storage/mysql/storage_test.go b/storage/mysql/storage_test.go index 3101e435bb..2e3333a96c 100644 --- a/storage/mysql/storage_test.go +++ b/storage/mysql/storage_test.go @@ -27,12 +27,14 @@ import ( "github.com/golang/glog" "github.com/google/trillian" - "github.com/google/trillian/crypto/sigpb" "github.com/google/trillian/merkle" "github.com/google/trillian/merkle/rfc6962" "github.com/google/trillian/storage" "github.com/google/trillian/storage/testdb" + "github.com/google/trillian/testonly" + "github.com/google/trillian/types" + tcrypto "github.com/google/trillian/crypto" storageto "github.com/google/trillian/storage/testonly" ) @@ -256,13 +258,16 @@ func createLogForTests(db *sql.DB) int64 { panic(fmt.Sprintf("Error creating log: %v", err)) } + signer := tcrypto.NewSigner(0, testonly.NewSignerWithFixedSig(nil, nil), crypto.SHA256) + ctx := context.Background() l := NewLogStorage(db, nil) err = l.ReadWriteTransaction(ctx, tree, func(ctx context.Context, tx storage.LogTreeTX) error { - if err := tx.StoreSignedLogRoot(ctx, trillian.SignedLogRoot{ - LogId: tree.TreeId, - RootHash: []byte{0}, - Signature: &sigpb.DigitallySigned{Signature: []byte("asignature")}}); err != nil { + root, err := signer.SignLogRoot(&types.LogRootV1{RootHash: []byte{0}}) + if err != nil { + return fmt.Errorf("Error creating new SignedLogRoot: %v", err) + } + if err := tx.StoreSignedLogRoot(ctx, *root); err != nil { return fmt.Errorf("Error storing new SignedLogRoot: %v", err) } return nil diff --git a/trillian.pb.go b/trillian.pb.go index 2c4c01798d..acd9ae586f 100644 --- a/trillian.pb.go +++ b/trillian.pb.go @@ -409,8 +409,16 @@ type SignedLogRoot struct { // TreeSize is the number of entries in the tree. TreeSize int64 `protobuf:"varint,3,opt,name=tree_size,json=treeSize" json:"tree_size,omitempty"` Signature *sigpb.DigitallySigned `protobuf:"bytes,4,opt,name=signature" json:"signature,omitempty"` - LogId int64 `protobuf:"varint,5,opt,name=log_id,json=logId" json:"log_id,omitempty"` TreeRevision int64 `protobuf:"varint,6,opt,name=tree_revision,json=treeRevision" json:"tree_revision,omitempty"` + // key_hint is a hint to identify the public key for signature verification. + // key_hint is not authenticated and may be incorrect or missing, in which + // case all known public keys may be used to verify the signature. + // When directly communicating with a Trillian gRPC server, the key_hint will + // typically contain the LogID encoded as a big-endian 64-bit integer; + // however, in other contexts the key_hint is likely to have different + // contents (e.g. it could be a GUID, a URL + TreeID, or it could be + // derived from the public key itself). + KeyHint []byte `protobuf:"bytes,7,opt,name=key_hint,json=keyHint,proto3" json:"key_hint,omitempty"` } func (m *SignedLogRoot) Reset() { *m = SignedLogRoot{} } @@ -446,18 +454,18 @@ func (m *SignedLogRoot) GetSignature() *sigpb.DigitallySigned { return nil } -func (m *SignedLogRoot) GetLogId() int64 { +func (m *SignedLogRoot) GetTreeRevision() int64 { if m != nil { - return m.LogId + return m.TreeRevision } return 0 } -func (m *SignedLogRoot) GetTreeRevision() int64 { +func (m *SignedLogRoot) GetKeyHint() []byte { if m != nil { - return m.TreeRevision + return m.KeyHint } - return 0 + return nil } // SignedMapRoot represents a commitment by a Map to a particular tree. @@ -536,72 +544,73 @@ func init() { func init() { proto.RegisterFile("trillian.proto", fileDescriptor3) } var fileDescriptor3 = []byte{ - // 1057 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x56, 0x5b, 0x6f, 0xe2, 0xc6, - 0x17, 0x8f, 0x81, 0x80, 0x39, 0x5c, 0xe2, 0x4c, 0x6e, 0x0e, 0x2b, 0xfd, 0x97, 0x7f, 0x5a, 0xa9, - 0x69, 0x1e, 0xc8, 0x2e, 0x6d, 0x22, 0x55, 0xfb, 0x50, 0x39, 0xc1, 0x09, 0x90, 0x04, 0xd0, 0xd8, - 0xdd, 0x6a, 0xf3, 0x62, 0x0d, 0x78, 0x6a, 0xac, 0xc5, 0xd8, 0xb2, 0x87, 0xd5, 0x7a, 0x9f, 0xfb, - 0x52, 0xb5, 0x1f, 0xb3, 0x5f, 0xa3, 0x52, 0x35, 0x63, 0x9b, 0x10, 0xd2, 0xbd, 0xa8, 0xea, 0x4b, - 0x32, 0xe7, 0xfc, 0x2e, 0x73, 0x8e, 0xe7, 0x8c, 0x31, 0xd4, 0x59, 0xe8, 0xce, 0x66, 0x2e, 0x99, - 0xb7, 0x82, 0xd0, 0x67, 0x3e, 0x92, 0xb3, 0xb8, 0xd1, 0x98, 0x84, 0x71, 0xc0, 0xfc, 0xd3, 0xb7, - 0x34, 0x8e, 0x82, 0x71, 0xfa, 0x2f, 0x61, 0x35, 0xd4, 0x14, 0x8b, 0x5c, 0x27, 0x18, 0x27, 0x7f, - 0x53, 0xe4, 0xd0, 0xf1, 0x7d, 0x67, 0x46, 0x4f, 0x45, 0x34, 0x5e, 0xfc, 0x72, 0x4a, 0xe6, 0x71, - 0x0a, 0xfd, 0x6f, 0x1d, 0xb2, 0x17, 0x21, 0x61, 0xae, 0x9f, 0x6e, 0xdd, 0x78, 0xbe, 0x8e, 0x33, - 0xd7, 0xa3, 0x11, 0x23, 0x5e, 0x90, 0x10, 0x8e, 0x7e, 0x2b, 0x41, 0xc1, 0x0c, 0x29, 0x45, 0x07, - 0x50, 0x62, 0x21, 0xa5, 0x96, 0x6b, 0xab, 0x52, 0x53, 0x3a, 0xce, 0xe3, 0x22, 0x0f, 0x7b, 0x36, - 0x6a, 0x03, 0x08, 0x20, 0x62, 0x84, 0x51, 0x35, 0xd7, 0x94, 0x8e, 0xeb, 0xed, 0x9d, 0xd6, 0xb2, - 0x45, 0x2e, 0x36, 0x38, 0x84, 0xcb, 0x2c, 0x5b, 0xa2, 0x53, 0x10, 0x81, 0xc5, 0xe2, 0x80, 0xaa, - 0x79, 0x21, 0x41, 0x8f, 0x25, 0x66, 0x1c, 0x50, 0x2c, 0xb3, 0x74, 0x85, 0x5e, 0x41, 0x6d, 0x4a, - 0xa2, 0xa9, 0x15, 0xb1, 0x90, 0x30, 0xea, 0xc4, 0x6a, 0x41, 0x88, 0xf6, 0x1f, 0x44, 0x5d, 0x12, - 0x4d, 0x8d, 0x14, 0xc5, 0xd5, 0xe9, 0x4a, 0x84, 0x6e, 0xa0, 0x2e, 0xc4, 0x64, 0xe6, 0xf8, 0xa1, - 0xcb, 0xa6, 0x9e, 0xba, 0x29, 0xd4, 0x5f, 0xb7, 0x92, 0xa7, 0xd8, 0x71, 0x1d, 0x97, 0x91, 0xd9, - 0x2c, 0x36, 0x5c, 0x67, 0x4e, 0x6d, 0x61, 0xa5, 0x65, 0x5c, 0x2c, 0x36, 0x5e, 0x86, 0xe8, 0x1e, - 0x76, 0x22, 0xd7, 0x99, 0x13, 0xb6, 0x08, 0xe9, 0x8a, 0x63, 0x51, 0x38, 0x7e, 0xfb, 0x11, 0x47, - 0x23, 0x53, 0x3c, 0xd8, 0xa2, 0xe8, 0x49, 0x0e, 0xfd, 0x1f, 0xaa, 0xb6, 0x1b, 0x05, 0x33, 0x12, - 0x5b, 0x73, 0xe2, 0x51, 0x55, 0x6e, 0x4a, 0xc7, 0x65, 0x5c, 0x49, 0x73, 0x03, 0xe2, 0x51, 0xd4, - 0x84, 0x8a, 0x4d, 0xa3, 0x49, 0xe8, 0x06, 0xfc, 0x14, 0xd5, 0x72, 0xca, 0x78, 0x48, 0xa1, 0x33, - 0xa8, 0x04, 0xa1, 0xfb, 0x8e, 0x30, 0x6a, 0xbd, 0xa5, 0xb1, 0x5a, 0x6d, 0x4a, 0xc7, 0x95, 0xf6, - 0x6e, 0x2b, 0x39, 0xe8, 0x56, 0x76, 0xd0, 0x2d, 0x6d, 0x1e, 0x63, 0x48, 0x89, 0x37, 0x34, 0x46, - 0x3f, 0x82, 0x12, 0x31, 0x3f, 0x24, 0x0e, 0xb5, 0x22, 0xca, 0x98, 0x3b, 0x77, 0x22, 0xb5, 0xf6, - 0x09, 0xed, 0x56, 0xca, 0x36, 0x52, 0x32, 0x7a, 0x01, 0x10, 0x2c, 0xc6, 0x33, 0x77, 0x22, 0xb6, - 0xad, 0x0b, 0xe9, 0x76, 0x2b, 0x1d, 0xe1, 0x91, 0x40, 0x6e, 0x68, 0x8c, 0xcb, 0x41, 0xb6, 0x44, - 0x3a, 0x6c, 0x7b, 0xe4, 0xbd, 0x15, 0xfa, 0x3e, 0xb3, 0xb2, 0xb9, 0x54, 0xb7, 0x84, 0xf0, 0xf0, - 0xc9, 0x9e, 0x9d, 0x94, 0x80, 0xb7, 0x3c, 0xf2, 0x1e, 0xfb, 0x3e, 0xcb, 0x12, 0xe8, 0x15, 0x54, - 0x26, 0x21, 0xe5, 0xfd, 0xf2, 0xe1, 0x55, 0x15, 0x61, 0xd0, 0x78, 0x62, 0x60, 0x66, 0x93, 0x8d, - 0x21, 0xa1, 0xf3, 0x04, 0x17, 0x2f, 0x02, 0x7b, 0x29, 0xde, 0xfe, 0xbc, 0x38, 0xa1, 0x0b, 0xb1, - 0x0a, 0x25, 0x9b, 0xce, 0x28, 0xa3, 0xb6, 0xba, 0xd3, 0x94, 0x8e, 0x65, 0x9c, 0x85, 0xdc, 0x36, - 0x59, 0x26, 0xb6, 0xbb, 0x9f, 0xb7, 0x4d, 0xe8, 0x3c, 0xd1, 0x2f, 0xc8, 0x48, 0xd9, 0xe9, 0x17, - 0xe4, 0x92, 0x22, 0xf7, 0x0b, 0x32, 0x28, 0x95, 0x7e, 0x41, 0xae, 0x28, 0xd5, 0xa3, 0x3f, 0x24, - 0xd8, 0x4d, 0x06, 0x4a, 0x9f, 0xb3, 0x30, 0x5e, 0x8a, 0xd1, 0x37, 0xb0, 0xb5, 0xbc, 0xb7, 0xd6, - 0x9c, 0xcc, 0xfd, 0x28, 0xbd, 0xa3, 0xf5, 0x65, 0x7a, 0xc0, 0xb3, 0x68, 0x0f, 0x8a, 0x33, 0xdf, - 0xe1, 0x77, 0x38, 0x27, 0xf0, 0xcd, 0x99, 0xef, 0xf4, 0x6c, 0xf4, 0x3d, 0x94, 0x97, 0xd3, 0x28, - 0xae, 0x63, 0xa5, 0xbd, 0xff, 0xcf, 0x93, 0x8c, 0x1f, 0x88, 0x47, 0x7f, 0x4a, 0x50, 0x4b, 0xb2, - 0xb7, 0xbe, 0xc3, 0x4f, 0xe4, 0xcb, 0xeb, 0x78, 0x06, 0x65, 0x71, 0xea, 0xfc, 0x6a, 0x89, 0x52, - 0xaa, 0x58, 0xe6, 0x09, 0x7e, 0xf3, 0x38, 0x98, 0xbc, 0x50, 0xdc, 0x0f, 0x49, 0x35, 0xf9, 0xe4, - 0x45, 0x60, 0xb8, 0x1f, 0xe8, 0xe3, 0x52, 0x0b, 0x5f, 0x58, 0xea, 0x4a, 0xdf, 0x9b, 0xab, 0x7d, - 0x7f, 0x05, 0x35, 0xb1, 0x53, 0x48, 0xdf, 0xb9, 0x11, 0x1f, 0xbe, 0xa2, 0x40, 0xab, 0x3c, 0x89, - 0xd3, 0xdc, 0xd1, 0x5f, 0xcb, 0x36, 0xef, 0x48, 0xf0, 0x1f, 0xb6, 0xf9, 0xaf, 0x3b, 0xf1, 0x48, - 0xb0, 0xd2, 0x89, 0x47, 0x82, 0x9e, 0xcd, 0xdf, 0x1c, 0x3c, 0xbd, 0xd6, 0x48, 0xc5, 0x23, 0x41, - 0xd6, 0x07, 0x7a, 0x01, 0xb2, 0x47, 0x19, 0xb1, 0x09, 0x23, 0x6a, 0xe9, 0x13, 0x17, 0x7b, 0xc9, - 0xea, 0x17, 0xe4, 0xbc, 0x52, 0x38, 0xe9, 0x40, 0x2d, 0x3d, 0xdf, 0x2b, 0x3f, 0xf4, 0x08, 0x43, - 0xcf, 0xe0, 0xe0, 0x76, 0x78, 0x6d, 0xe1, 0xe1, 0xd0, 0xb4, 0xae, 0x86, 0xf8, 0x4e, 0x33, 0xad, - 0x9f, 0x06, 0x37, 0x83, 0xe1, 0xcf, 0x03, 0x65, 0x03, 0xed, 0x03, 0x5a, 0x07, 0x5f, 0xbf, 0x54, - 0x24, 0xee, 0x92, 0x3e, 0xbe, 0x07, 0x97, 0x3b, 0x6d, 0xf4, 0x71, 0x97, 0x75, 0x50, 0xb8, 0xfc, - 0x2a, 0x41, 0x75, 0xf5, 0x45, 0x8f, 0x0e, 0x61, 0x2f, 0x55, 0x59, 0x5d, 0xcd, 0xe8, 0x5a, 0x86, - 0x89, 0x35, 0x53, 0xbf, 0x7e, 0xa3, 0x6c, 0x20, 0x04, 0x75, 0x7c, 0x75, 0x79, 0xfe, 0xc3, 0x79, - 0xdb, 0x32, 0xba, 0x5a, 0xfb, 0xec, 0x5c, 0x91, 0xd0, 0x0e, 0x6c, 0x99, 0xba, 0x61, 0x5a, 0xdc, - 0x9c, 0xf3, 0x75, 0xac, 0xe4, 0xb8, 0xc7, 0xf0, 0xa2, 0xaf, 0x5f, 0x9a, 0xd6, 0x1a, 0x3f, 0x8f, - 0xf6, 0x60, 0xfb, 0x72, 0x38, 0xe8, 0xdd, 0x18, 0x3c, 0x75, 0xf6, 0xb2, 0x6d, 0xf1, 0x74, 0xe1, - 0xe4, 0x77, 0x09, 0xca, 0xcb, 0xdf, 0x35, 0x5e, 0x6c, 0x56, 0x83, 0x89, 0x75, 0xdd, 0x32, 0x4c, - 0xcd, 0xd4, 0x95, 0x0d, 0x04, 0x50, 0xd4, 0x2e, 0xcd, 0xde, 0x6b, 0x5d, 0x91, 0xf8, 0xfa, 0x0a, - 0x0f, 0xef, 0xf5, 0x81, 0x92, 0x43, 0xcf, 0xe1, 0xa0, 0xa3, 0x8f, 0xb0, 0x7e, 0xa9, 0x99, 0x7a, - 0xc7, 0x32, 0x86, 0x57, 0xa6, 0xd5, 0xd1, 0x6f, 0x75, 0x53, 0xef, 0x28, 0xf9, 0x46, 0x4e, 0x96, - 0xd6, 0x08, 0x5d, 0x0d, 0x77, 0x96, 0x84, 0x82, 0x20, 0x54, 0x41, 0xee, 0x60, 0xad, 0x37, 0xe8, - 0x0d, 0xae, 0x95, 0xcd, 0x93, 0x6b, 0x90, 0xb3, 0x5f, 0x4c, 0x5e, 0xf0, 0xa3, 0x5a, 0xcc, 0x37, - 0x23, 0x5e, 0x4a, 0x09, 0xf2, 0xb7, 0xc3, 0x6b, 0x45, 0xe2, 0x8b, 0x3b, 0x6d, 0xa4, 0xe4, 0xf8, - 0xd3, 0x19, 0x61, 0x7d, 0x88, 0x3b, 0x3a, 0xd6, 0x3b, 0x16, 0x07, 0xf3, 0x17, 0x5d, 0x38, 0x9c, - 0xf8, 0x5e, 0x36, 0x14, 0x8f, 0x3f, 0x52, 0x2e, 0x6a, 0x66, 0x1a, 0x8f, 0x78, 0x38, 0x92, 0xee, - 0x1b, 0x8e, 0xcb, 0xa6, 0x8b, 0x71, 0x6b, 0xe2, 0x7b, 0xa7, 0xe9, 0x57, 0x44, 0x26, 0x19, 0x17, - 0x85, 0xe6, 0xbb, 0xbf, 0x03, 0x00, 0x00, 0xff, 0xff, 0x3e, 0xa3, 0xc0, 0x2c, 0xea, 0x08, 0x00, - 0x00, + // 1082 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x56, 0x4b, 0x6f, 0xdb, 0x46, + 0x10, 0x0e, 0x25, 0x5a, 0xa2, 0x46, 0x0f, 0xd3, 0xeb, 0x38, 0xa1, 0x15, 0xa0, 0x51, 0xdd, 0x02, + 0x75, 0x73, 0x90, 0x13, 0xb5, 0x09, 0x50, 0xe4, 0x50, 0x30, 0x16, 0x6d, 0x49, 0xb6, 0x25, 0x61, + 0xc9, 0xa6, 0x48, 0x2e, 0xc4, 0x4a, 0xdc, 0x52, 0x84, 0xc5, 0x07, 0xc8, 0x55, 0x10, 0xe6, 0xdc, + 0x4b, 0xd1, 0xfe, 0xd6, 0xfe, 0x83, 0x02, 0xc5, 0x2e, 0x1f, 0x8e, 0x95, 0xa6, 0x09, 0x8a, 0x5e, + 0xa4, 0x9d, 0x99, 0xef, 0xfb, 0x76, 0x86, 0x33, 0xbb, 0x24, 0x74, 0x58, 0xec, 0xad, 0xd7, 0x1e, + 0x09, 0xfa, 0x51, 0x1c, 0xb2, 0x10, 0x29, 0x85, 0xdd, 0xed, 0x2e, 0xe3, 0x34, 0x62, 0xe1, 0xc9, + 0x35, 0x4d, 0x93, 0x68, 0x91, 0xff, 0x65, 0xa8, 0xae, 0x96, 0xc7, 0x12, 0xcf, 0x8d, 0x16, 0xd9, + 0x6f, 0x1e, 0x39, 0x74, 0xc3, 0xd0, 0x5d, 0xd3, 0x13, 0x61, 0x2d, 0x36, 0xbf, 0x9c, 0x90, 0x20, + 0xcd, 0x43, 0x5f, 0x6c, 0x87, 0x9c, 0x4d, 0x4c, 0x98, 0x17, 0xe6, 0x5b, 0x77, 0x1f, 0x6e, 0xc7, + 0x99, 0xe7, 0xd3, 0x84, 0x11, 0x3f, 0xca, 0x00, 0x47, 0xbf, 0xd5, 0x41, 0xb6, 0x62, 0x4a, 0xd1, + 0x7d, 0xa8, 0xb3, 0x98, 0x52, 0xdb, 0x73, 0x34, 0xa9, 0x27, 0x1d, 0x57, 0x71, 0x8d, 0x9b, 0x63, + 0x07, 0x0d, 0x00, 0x44, 0x20, 0x61, 0x84, 0x51, 0xad, 0xd2, 0x93, 0x8e, 0x3b, 0x83, 0xfd, 0x7e, + 0x59, 0x22, 0x27, 0x9b, 0x3c, 0x84, 0x1b, 0xac, 0x58, 0xa2, 0x13, 0x10, 0x86, 0xcd, 0xd2, 0x88, + 0x6a, 0x55, 0x41, 0x41, 0xb7, 0x29, 0x56, 0x1a, 0x51, 0xac, 0xb0, 0x7c, 0x85, 0x9e, 0x43, 0x7b, + 0x45, 0x92, 0x95, 0x9d, 0xb0, 0x98, 0x30, 0xea, 0xa6, 0x9a, 0x2c, 0x48, 0xf7, 0x6e, 0x48, 0x23, + 0x92, 0xac, 0xcc, 0x3c, 0x8a, 0x5b, 0xab, 0xf7, 0x2c, 0x74, 0x01, 0x1d, 0x41, 0x26, 0x6b, 0x37, + 0x8c, 0x3d, 0xb6, 0xf2, 0xb5, 0x1d, 0xc1, 0xfe, 0xba, 0x9f, 0x3d, 0xc5, 0xa1, 0xe7, 0x7a, 0x8c, + 0xac, 0xd7, 0xa9, 0xe9, 0xb9, 0x01, 0x75, 0x84, 0x94, 0x5e, 0x60, 0xb1, 0xd8, 0xb8, 0x34, 0xd1, + 0x6b, 0xd8, 0x4f, 0x3c, 0x37, 0x20, 0x6c, 0x13, 0xd3, 0xf7, 0x14, 0x6b, 0x42, 0xf1, 0xdb, 0x8f, + 0x28, 0x9a, 0x05, 0xe3, 0x46, 0x16, 0x25, 0x1f, 0xf8, 0xd0, 0x97, 0xd0, 0x72, 0xbc, 0x24, 0x5a, + 0x93, 0xd4, 0x0e, 0x88, 0x4f, 0x35, 0xa5, 0x27, 0x1d, 0x37, 0x70, 0x33, 0xf7, 0x4d, 0x89, 0x4f, + 0x51, 0x0f, 0x9a, 0x0e, 0x4d, 0x96, 0xb1, 0x17, 0xf1, 0x2e, 0x6a, 0x8d, 0x1c, 0x71, 0xe3, 0x42, + 0x4f, 0xa1, 0x19, 0xc5, 0xde, 0x1b, 0xc2, 0xa8, 0x7d, 0x4d, 0x53, 0xad, 0xd5, 0x93, 0x8e, 0x9b, + 0x83, 0xbb, 0xfd, 0xac, 0xd1, 0xfd, 0xa2, 0xd1, 0x7d, 0x3d, 0x48, 0x31, 0xe4, 0xc0, 0x0b, 0x9a, + 0xa2, 0x1f, 0x41, 0x4d, 0x58, 0x18, 0x13, 0x97, 0xda, 0x09, 0x65, 0xcc, 0x0b, 0xdc, 0x44, 0x6b, + 0xff, 0x0b, 0x77, 0x37, 0x47, 0x9b, 0x39, 0x18, 0x3d, 0x06, 0x88, 0x36, 0x8b, 0xb5, 0xb7, 0x14, + 0xdb, 0x76, 0x04, 0x75, 0xaf, 0x9f, 0x8f, 0xf0, 0x5c, 0x44, 0x2e, 0x68, 0x8a, 0x1b, 0x51, 0xb1, + 0x44, 0x06, 0xec, 0xf9, 0xe4, 0xad, 0x1d, 0x87, 0x21, 0xb3, 0x8b, 0xb9, 0xd4, 0x76, 0x05, 0xf1, + 0xf0, 0x83, 0x3d, 0x87, 0x39, 0x00, 0xef, 0xfa, 0xe4, 0x2d, 0x0e, 0x43, 0x56, 0x38, 0xd0, 0x73, + 0x68, 0x2e, 0x63, 0xca, 0xeb, 0xe5, 0xc3, 0xab, 0xa9, 0x42, 0xa0, 0xfb, 0x81, 0x80, 0x55, 0x4c, + 0x36, 0x86, 0x0c, 0xce, 0x1d, 0x9c, 0xbc, 0x89, 0x9c, 0x92, 0xbc, 0xf7, 0x69, 0x72, 0x06, 0x17, + 0x64, 0x0d, 0xea, 0x0e, 0x5d, 0x53, 0x46, 0x1d, 0x6d, 0xbf, 0x27, 0x1d, 0x2b, 0xb8, 0x30, 0xb9, + 0x6c, 0xb6, 0xcc, 0x64, 0xef, 0x7e, 0x5a, 0x36, 0x83, 0x73, 0xc7, 0x44, 0x56, 0x90, 0xba, 0x3f, + 0x91, 0x95, 0xba, 0xaa, 0x4c, 0x64, 0x05, 0xd4, 0xe6, 0x44, 0x56, 0x9a, 0x6a, 0xeb, 0xe8, 0x0f, + 0x09, 0xee, 0x66, 0x03, 0x65, 0x04, 0x2c, 0x4e, 0x4b, 0x32, 0xfa, 0x06, 0x76, 0xcb, 0x73, 0x6b, + 0x07, 0x24, 0x08, 0x93, 0xfc, 0x8c, 0x76, 0x4a, 0xf7, 0x94, 0x7b, 0xd1, 0x01, 0xd4, 0xd6, 0xa1, + 0xcb, 0xcf, 0x70, 0x45, 0xc4, 0x77, 0xd6, 0xa1, 0x3b, 0x76, 0xd0, 0xf7, 0xd0, 0x28, 0xa7, 0x51, + 0x1c, 0xc7, 0xe6, 0xe0, 0xde, 0x3f, 0x4f, 0x32, 0xbe, 0x01, 0x1e, 0xfd, 0x29, 0x41, 0x3b, 0xf3, + 0x5e, 0x86, 0x2e, 0xef, 0xc8, 0xe7, 0xe7, 0xf1, 0x00, 0x1a, 0xa2, 0xeb, 0xfc, 0x68, 0x89, 0x54, + 0x5a, 0x58, 0xe1, 0x0e, 0x7e, 0xf2, 0x78, 0x30, 0xbb, 0x50, 0xbc, 0x77, 0x59, 0x36, 0xd5, 0xec, + 0x22, 0x30, 0xbd, 0x77, 0xf4, 0x76, 0xaa, 0xf2, 0x67, 0xa6, 0x8a, 0xbe, 0x82, 0xb6, 0x90, 0x8c, + 0xe9, 0x1b, 0x2f, 0xe1, 0x53, 0x56, 0x13, 0xb2, 0x2d, 0xee, 0xc4, 0xb9, 0x0f, 0x1d, 0x82, 0x72, + 0x4d, 0x53, 0x7b, 0xe5, 0x05, 0x4c, 0xab, 0x8b, 0x9c, 0xea, 0xd7, 0x34, 0x1d, 0x79, 0x01, 0x9b, + 0xc8, 0xca, 0x8e, 0x5a, 0x3b, 0xfa, 0xab, 0x2c, 0xf8, 0x8a, 0x44, 0xff, 0x63, 0xc1, 0xff, 0xad, + 0xa6, 0x03, 0xa8, 0xf9, 0x24, 0xe2, 0xbd, 0xdc, 0xc9, 0x7a, 0xe9, 0x93, 0x68, 0xec, 0xf0, 0x3b, + 0x84, 0xbb, 0xb7, 0x2a, 0x6d, 0xfa, 0x24, 0x2a, 0x0b, 0x7d, 0x0c, 0x8a, 0x4f, 0x19, 0x71, 0x08, + 0x23, 0xa2, 0xd0, 0x8f, 0x1d, 0xf1, 0x12, 0x35, 0x91, 0x95, 0xaa, 0x2a, 0x3f, 0x1a, 0x42, 0x3b, + 0xef, 0xf4, 0x59, 0x18, 0xfb, 0x84, 0xa1, 0x07, 0x70, 0xff, 0x72, 0x76, 0x6e, 0xe3, 0xd9, 0xcc, + 0xb2, 0xcf, 0x66, 0xf8, 0x4a, 0xb7, 0xec, 0x9f, 0xa6, 0x17, 0xd3, 0xd9, 0xcf, 0x53, 0xf5, 0x0e, + 0xba, 0x07, 0x68, 0x3b, 0xf8, 0xf2, 0x89, 0x2a, 0x71, 0x95, 0xfc, 0xf1, 0xdd, 0xa8, 0x5c, 0xe9, + 0xf3, 0x8f, 0xab, 0x6c, 0x07, 0x85, 0xca, 0xaf, 0x12, 0xb4, 0xde, 0xbf, 0xf2, 0xd1, 0x21, 0x1c, + 0xe4, 0x2c, 0x7b, 0xa4, 0x9b, 0x23, 0xdb, 0xb4, 0xb0, 0x6e, 0x19, 0xe7, 0xaf, 0xd4, 0x3b, 0x08, + 0x41, 0x07, 0x9f, 0x9d, 0x3e, 0xfb, 0xe1, 0xd9, 0xc0, 0x36, 0x47, 0xfa, 0xe0, 0xe9, 0x33, 0x55, + 0x42, 0xfb, 0xb0, 0x6b, 0x19, 0xa6, 0x65, 0x73, 0x71, 0x8e, 0x37, 0xb0, 0x5a, 0xe1, 0x1a, 0xb3, + 0x17, 0x13, 0xe3, 0xd4, 0xb2, 0xb7, 0xf0, 0x55, 0x74, 0x00, 0x7b, 0xa7, 0xb3, 0xe9, 0xf8, 0xc2, + 0xe4, 0xae, 0xa7, 0x4f, 0x06, 0x36, 0x77, 0xcb, 0x8f, 0x7e, 0x97, 0xa0, 0x51, 0xbe, 0xe1, 0x78, + 0xb2, 0x45, 0x0e, 0x16, 0x36, 0x0c, 0xdb, 0xb4, 0x74, 0xcb, 0x50, 0xef, 0x20, 0x80, 0x9a, 0x7e, + 0x6a, 0x8d, 0x5f, 0x1a, 0xaa, 0xc4, 0xd7, 0x67, 0x78, 0xf6, 0xda, 0x98, 0xaa, 0x15, 0xf4, 0x10, + 0xee, 0x0f, 0x8d, 0x39, 0x36, 0x4e, 0x75, 0xcb, 0x18, 0xda, 0xe6, 0xec, 0xcc, 0xb2, 0x87, 0xc6, + 0xa5, 0x61, 0x19, 0x43, 0xb5, 0xda, 0xad, 0x28, 0xd2, 0x16, 0x60, 0xa4, 0xe3, 0x61, 0x09, 0x90, + 0x05, 0xa0, 0x05, 0xca, 0x10, 0xeb, 0xe3, 0xe9, 0x78, 0x7a, 0xae, 0xee, 0x3c, 0x3a, 0x07, 0xa5, + 0x78, 0x77, 0xf2, 0x84, 0x6f, 0xe5, 0x62, 0xbd, 0x9a, 0xf3, 0x54, 0xea, 0x50, 0xbd, 0x9c, 0x9d, + 0xab, 0x12, 0x5f, 0x5c, 0xe9, 0x73, 0xb5, 0xc2, 0x9f, 0xce, 0x1c, 0x1b, 0x33, 0x3c, 0x34, 0xb0, + 0x31, 0xb4, 0x79, 0xb0, 0xfa, 0x62, 0x04, 0x87, 0xcb, 0xd0, 0x2f, 0x86, 0xe2, 0xf6, 0xe7, 0xca, + 0x8b, 0xb6, 0x95, 0xdb, 0x73, 0x6e, 0xce, 0xa5, 0xd7, 0x5d, 0xd7, 0x63, 0xab, 0xcd, 0xa2, 0xbf, + 0x0c, 0xfd, 0x93, 0xfc, 0x7b, 0xa2, 0xa0, 0x2c, 0x6a, 0x82, 0xf3, 0xdd, 0xdf, 0x01, 0x00, 0x00, + 0xff, 0xff, 0x00, 0xc9, 0xa2, 0x26, 0xf4, 0x08, 0x00, 0x00, } diff --git a/trillian.proto b/trillian.proto index c897cf423a..4f72b557e3 100644 --- a/trillian.proto +++ b/trillian.proto @@ -217,8 +217,17 @@ message SignedLogRoot { int64 tree_size = 3; sigpb.DigitallySigned signature = 4; - int64 log_id = 5; + reserved 5; // log_id is associated with the public key that validates signature. int64 tree_revision = 6; + // key_hint is a hint to identify the public key for signature verification. + // key_hint is not authenticated and may be incorrect or missing, in which + // case all known public keys may be used to verify the signature. + // When directly communicating with a Trillian gRPC server, the key_hint will + // typically contain the LogID encoded as a big-endian 64-bit integer; + // however, in other contexts the key_hint is likely to have different + // contents (e.g. it could be a GUID, a URL + TreeID, or it could be + // derived from the public key itself). + bytes key_hint = 7; } // SignedMapRoot represents a commitment by a Map to a particular tree. diff --git a/types/logroot.go b/types/logroot.go index f92112e7c3..c10e881e97 100644 --- a/types/logroot.go +++ b/types/logroot.go @@ -85,3 +85,22 @@ func (l *LogRootV1) MarshalBinary() ([]byte, error) { V1: l, }) } + +// SerializeKeyHint returns a byte slice with logID serialized as a big endian uint64. +func SerializeKeyHint(logID int64) []byte { + hint := make([]byte, 8) + binary.BigEndian.PutUint64(hint, uint64(logID)) + return hint +} + +// ParseKeyHint converts a keyhint into a keyID. +func ParseKeyHint(hint []byte) (int64, error) { + if len(hint) != 8 { + return 0, fmt.Errorf("hint is %v bytes, want %v", len(hint), 4) + } + keyID := int64(binary.BigEndian.Uint64(hint)) + if keyID < 0 { + return 0, fmt.Errorf("hint %x is negative", keyID) + } + return keyID, nil +} diff --git a/types/logroot_test.go b/types/logroot_test.go index 1d9d9e0960..1c4ff02805 100644 --- a/types/logroot_test.go +++ b/types/logroot_test.go @@ -84,3 +84,25 @@ func MustMarshalLogRoot(root *LogRootV1) []byte { } return b } + +func TestKeyHint(t *testing.T) { + for _, tc := range []struct { + hint []byte + want int64 + wantErr bool + }{ + {hint: SerializeKeyHint(4), want: 4}, + {hint: SerializeKeyHint(3561657513447883733), want: 3561657513447883733}, + {hint: []byte{0, 0, 0, 0, 0, 0, 0, 4}, want: 4}, + {hint: []byte{0xff, 0, 0, 0, 0, 0, 4}, want: 0, wantErr: true}, // Integer overflow + {hint: []byte{0, 0, 0, 0, 0, 0, 0, 4, 0}, want: 0, wantErr: true}, // Wrong byte len + } { + logID, err := ParseKeyHint(tc.hint) + if got, want := err != nil, tc.wantErr; got != want { + t.Errorf("ParseKeyHint(%v): %v, wantErr: %v", tc.hint, err, want) + } + if got, want := logID, tc.want; got != want { + t.Errorf("ParseKeyHint(%v): %v, want: %v", tc.hint, got, want) + } + } +}