diff --git a/crypto/hashers.go b/crypto/hashers.go deleted file mode 100644 index ea805bed9b..0000000000 --- a/crypto/hashers.go +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright 2016 Google Inc. All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package crypto - -import ( - "crypto" - _ "crypto/sha256" // Register the SHA256 algorithm - "fmt" - - "github.com/google/trillian" -) - -var hashLookup = map[trillian.HashAlgorithm]crypto.Hash{ - trillian.HashAlgorithm_SHA256: crypto.SHA256, -} - -var reverseHashLookup = map[crypto.Hash]trillian.HashAlgorithm{ - crypto.SHA256: trillian.HashAlgorithm_SHA256, -} - -// LookupHash returns the go crypto hash algorithm associated with the trillian hash enum. -func LookupHash(hash trillian.HashAlgorithm) (crypto.Hash, error) { - hasher, ok := hashLookup[hash] - if !ok { - return 0, fmt.Errorf("unsupported hash algorithm %v", hash) - } - return hasher, nil -} diff --git a/crypto/key_manager.go b/crypto/key_manager.go index 02a5d2c9cf..156940f0f5 100644 --- a/crypto/key_manager.go +++ b/crypto/key_manager.go @@ -25,7 +25,7 @@ import ( "io/ioutil" "github.com/golang/glog" - "github.com/google/trillian" + "github.com/google/trillian/crypto/sigpb" ) // KeyManager loads and holds our private and public keys. Should support ECDSA and RSA keys. @@ -38,9 +38,9 @@ type KeyManager interface { // manager. Signer() (crypto.Signer, error) // SignatureAlgorithm returns the value that identifies the signature algorithm. - SignatureAlgorithm() trillian.SignatureAlgorithm + SignatureAlgorithm() sigpb.DigitallySigned_SignatureAlgorithm // HashAlgorithm returns the type of hash that will be used for signing with this key. - HashAlgorithm() trillian.HashAlgorithm + HashAlgorithm() crypto.Hash // GetPublicKey returns the public key previously loaded. It is an error to call this // before a public key has been loaded GetPublicKey() (crypto.PublicKey, error) @@ -54,7 +54,7 @@ type KeyManager interface { // PEM file. type PEMKeyManager struct { serverPrivateKey crypto.PrivateKey - signatureAlgorithm trillian.SignatureAlgorithm + signatureAlgorithm sigpb.DigitallySigned_SignatureAlgorithm serverPublicKey crypto.PublicKey rawPublicKey []byte } @@ -71,15 +71,15 @@ func (k PEMKeyManager) NewPEMKeyManager(key crypto.PrivateKey) *PEMKeyManager { } // SignatureAlgorithm identifies the signature algorithm used by this key manager. -func (k PEMKeyManager) SignatureAlgorithm() trillian.SignatureAlgorithm { +func (k PEMKeyManager) SignatureAlgorithm() sigpb.DigitallySigned_SignatureAlgorithm { return k.signatureAlgorithm } // HashAlgorithm identifies the hash algorithm used to sign objects. -func (k PEMKeyManager) HashAlgorithm() trillian.HashAlgorithm { +func (k PEMKeyManager) HashAlgorithm() crypto.Hash { // TODO: Save the hash algorithm in the key serialization. // Return a default hash algorithm for now. - return trillian.HashAlgorithm_SHA256 + return crypto.SHA256 } // LoadPrivateKey loads a private key from a PEM encoded string, decrypting it if necessary @@ -172,29 +172,29 @@ func (k PEMKeyManager) GetRawPublicKey() ([]byte, error) { return k.rawPublicKey, nil } -func parsePrivateKey(key []byte) (crypto.PrivateKey, trillian.SignatureAlgorithm, error) { +func parsePrivateKey(key []byte) (crypto.PrivateKey, sigpb.DigitallySigned_SignatureAlgorithm, error) { // Our two ways of reading keys are ParsePKCS1PrivateKey and ParsePKCS8PrivateKey. // And ParseECPrivateKey. Our three ways of parsing keys are ... I'll come in again. if key, err := x509.ParsePKCS1PrivateKey(key); err == nil { - return key, trillian.SignatureAlgorithm_RSA, nil + return key, sigpb.DigitallySigned_RSA, nil } if key, err := x509.ParsePKCS8PrivateKey(key); err == nil { switch key := key.(type) { case *ecdsa.PrivateKey: - return key, trillian.SignatureAlgorithm_ECDSA, nil + return key, sigpb.DigitallySigned_ECDSA, nil case *rsa.PrivateKey: - return key, trillian.SignatureAlgorithm_RSA, nil + return key, sigpb.DigitallySigned_RSA, nil default: - return nil, trillian.SignatureAlgorithm_ANONYMOUS, fmt.Errorf("unknown private key type: %T", key) + return nil, sigpb.DigitallySigned_ANONYMOUS, fmt.Errorf("unknown private key type: %T", key) } } var err error if key, err := x509.ParseECPrivateKey(key); err == nil { - return key, trillian.SignatureAlgorithm_ECDSA, nil + return key, sigpb.DigitallySigned_ECDSA, nil } glog.Warningf("error parsing EC key: %s", err) - return nil, trillian.SignatureAlgorithm_ANONYMOUS, errors.New("could not parse private key") + return nil, sigpb.DigitallySigned_ANONYMOUS, errors.New("could not parse private key") } // LoadPasswordProtectedPrivateKey initializes and returns a new KeyManager using a PEM encoded diff --git a/crypto/mock_key_manager.go b/crypto/mock_key_manager.go index 3d0080e2bf..ead3bc757d 100644 --- a/crypto/mock_key_manager.go +++ b/crypto/mock_key_manager.go @@ -6,7 +6,7 @@ package crypto import ( crypto "crypto" gomock "github.com/golang/mock/gomock" - trillian "github.com/google/trillian" + sigpb "github.com/google/trillian/crypto/sigpb" ) // Mock of KeyManager interface @@ -52,9 +52,9 @@ func (_mr *_MockKeyManagerRecorder) GetRawPublicKey() *gomock.Call { return _mr.mock.ctrl.RecordCall(_mr.mock, "GetRawPublicKey") } -func (_m *MockKeyManager) HashAlgorithm() trillian.HashAlgorithm { +func (_m *MockKeyManager) HashAlgorithm() crypto.Hash { ret := _m.ctrl.Call(_m, "HashAlgorithm") - ret0, _ := ret[0].(trillian.HashAlgorithm) + ret0, _ := ret[0].(crypto.Hash) return ret0 } @@ -62,9 +62,9 @@ func (_mr *_MockKeyManagerRecorder) HashAlgorithm() *gomock.Call { return _mr.mock.ctrl.RecordCall(_mr.mock, "HashAlgorithm") } -func (_m *MockKeyManager) SignatureAlgorithm() trillian.SignatureAlgorithm { +func (_m *MockKeyManager) SignatureAlgorithm() sigpb.DigitallySigned_SignatureAlgorithm { ret := _m.ctrl.Call(_m, "SignatureAlgorithm") - ret0, _ := ret[0].(trillian.SignatureAlgorithm) + ret0, _ := ret[0].(sigpb.DigitallySigned_SignatureAlgorithm) return ret0 } diff --git a/crypto/signer.go b/crypto/signer.go index 2f40688b14..dc6c177173 100644 --- a/crypto/signer.go +++ b/crypto/signer.go @@ -24,6 +24,7 @@ import ( "github.com/benlaurie/objecthash/go/objecthash" "github.com/golang/glog" "github.com/google/trillian" + "github.com/google/trillian/crypto/sigpb" ) // Constants used as map keys when building input for ObjectHash. They must not be changed @@ -34,48 +35,62 @@ const ( mapKeyTreeSize string = "TreeSize" ) +var ( + signerHashLookup = map[sigpb.DigitallySigned_HashAlgorithm]crypto.Hash{ + sigpb.DigitallySigned_SHA256: crypto.SHA256, + } + reverseSignerHashLookup = map[crypto.Hash]sigpb.DigitallySigned_HashAlgorithm{ + crypto.SHA256: sigpb.DigitallySigned_SHA256, + } +) + // Signer is responsible for signing log-related data and producing the appropriate // application specific signature objects. type Signer struct { - hasher crypto.Hash + hash crypto.Hash signer crypto.Signer - sigAlgorithm trillian.SignatureAlgorithm + sigAlgorithm sigpb.DigitallySigned_SignatureAlgorithm } // NewSigner creates a new Signer wrapping up a hasher and a signer. For the moment // we only support SHA256 hashing and either ECDSA or RSA signing but this is not enforced // here. -func NewSigner(hashAlgo trillian.HashAlgorithm, sigAlgo trillian.SignatureAlgorithm, signer crypto.Signer) *Signer { - h, ok := hashLookup[hashAlgo] +func NewSigner(hash crypto.Hash, sigAlgo sigpb.DigitallySigned_SignatureAlgorithm, signer crypto.Signer) *Signer { + _, ok := reverseSignerHashLookup[hash] if !ok { // TODO(gbelvin): return error from Signer. panic("unsupported hash algorithm") } - return &Signer{h, signer, sigAlgo} + return &Signer{ + hash: hash, + signer: signer, + sigAlgorithm: sigAlgo, + } } // Sign obtains a signature after first hashing the input data. -func (s Signer) Sign(data []byte) (trillian.DigitallySigned, error) { - h := s.hasher.New() +func (s Signer) Sign(data []byte) (sigpb.DigitallySigned, error) { + h := s.hash.New() h.Write(data) digest := h.Sum(nil) - if len(digest) != s.hasher.Size() { - return trillian.DigitallySigned{}, fmt.Errorf("hasher returned unexpected digest length: %d, %d", - len(digest), s.hasher.Size()) + if len(digest) != s.hash.Size() { + return sigpb.DigitallySigned{}, fmt.Errorf("hasher returned unexpected digest length: %d, %d", + len(digest), s.hash.Size()) } - sig, err := s.signer.Sign(rand.Reader, digest, s.hasher) + sig, err := s.signer.Sign(rand.Reader, digest, s.hash) if err != nil { - return trillian.DigitallySigned{}, err + return sigpb.DigitallySigned{}, err } - return trillian.DigitallySigned{ + return sigpb.DigitallySigned{ SignatureAlgorithm: s.sigAlgorithm, - HashAlgorithm: reverseHashLookup[s.hasher], - Signature: sig}, nil + HashAlgorithm: reverseSignerHashLookup[s.hash], + Signature: sig, + }, nil } func (s Signer) hashRoot(root trillian.SignedLogRoot) []byte { @@ -95,13 +110,13 @@ func (s Signer) hashRoot(root trillian.SignedLogRoot) []byte { // SignLogRoot updates a log root to include a signature from the crypto signer this object // was created with. Signatures use objecthash on a fixed JSON format of the root. -func (s Signer) SignLogRoot(root trillian.SignedLogRoot) (trillian.DigitallySigned, error) { +func (s Signer) SignLogRoot(root trillian.SignedLogRoot) (sigpb.DigitallySigned, error) { objectHash := s.hashRoot(root) signature, err := s.Sign(objectHash[:]) if err != nil { glog.Warningf("Signer failed to sign root: %v", err) - return trillian.DigitallySigned{}, err + return sigpb.DigitallySigned{}, err } return signature, nil diff --git a/crypto/signer_test.go b/crypto/signer_test.go index 0059407593..1c2815dde3 100644 --- a/crypto/signer_test.go +++ b/crypto/signer_test.go @@ -24,6 +24,7 @@ import ( "github.com/golang/mock/gomock" "github.com/google/trillian" + "github.com/google/trillian/crypto/sigpb" "github.com/google/trillian/testonly" ) @@ -67,10 +68,10 @@ func TestSigner(t *testing.T) { t.Fatalf("Failed to sign: %s", err) } - if got, want := sig.HashAlgorithm, trillian.HashAlgorithm_SHA256; got != want { + if got, want := sig.HashAlgorithm, sigpb.DigitallySigned_SHA256; got != want { t.Fatalf("Hash alg incorrect, got %v expected %d", got, want) } - if got, want := sig.SignatureAlgorithm, trillian.SignatureAlgorithm_RSA; got != want { + if got, want := sig.SignatureAlgorithm, sigpb.DigitallySigned_RSA; got != want { t.Fatalf("Sig alg incorrect, got %v expected %v", got, want) } if got, want := []byte(result), sig.Signature; !bytes.Equal(got, want) { @@ -141,14 +142,15 @@ func TestSignLogRoot(t *testing.T) { t.Fatalf("Got %v, but expected unmodified signed root %v", root, expected) } // And signature is correct - expectedSignature := trillian.DigitallySigned{SignatureAlgorithm: trillian.SignatureAlgorithm_RSA, - HashAlgorithm: trillian.HashAlgorithm_SHA256, - Signature: []byte("echo")} + expectedSignature := sigpb.DigitallySigned{ + SignatureAlgorithm: sigpb.DigitallySigned_RSA, + HashAlgorithm: sigpb.DigitallySigned_SHA256, + Signature: []byte("echo")} if !reflect.DeepEqual(signature, expectedSignature) { t.Fatalf("Got %v, but expected %v", signature, expectedSignature) } } func createTestSigner(mock *MockSigner) *Signer { - return NewSigner(trillian.HashAlgorithm_SHA256, trillian.SignatureAlgorithm_RSA, mock) + return NewSigner(crypto.SHA256, sigpb.DigitallySigned_RSA, mock) } diff --git a/crypto/sigpb/gen.go b/crypto/sigpb/gen.go new file mode 100644 index 0000000000..12ecb7f396 --- /dev/null +++ b/crypto/sigpb/gen.go @@ -0,0 +1,17 @@ +// Copyright 2016 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package sigpb + +//go:generate protoc -I=. --go_out=:. sigpb.proto diff --git a/crypto/sigpb/sigpb.pb.go b/crypto/sigpb/sigpb.pb.go new file mode 100644 index 0000000000..5123bece59 --- /dev/null +++ b/crypto/sigpb/sigpb.pb.go @@ -0,0 +1,156 @@ +// Code generated by protoc-gen-go. +// source: sigpb.proto +// DO NOT EDIT! + +/* +Package sigpb is a generated protocol buffer package. + +It is generated from these files: + sigpb.proto + +It has these top-level messages: + DigitallySigned +*/ +package sigpb + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package + +// HashAlgorithm defines the approved methods for object hashing. +// +// Supported hash algorithms. The numbering space is the same as for TLS, +// given in RFC 5246 s7.4.1.4.1 and at: +// http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18 +type DigitallySigned_HashAlgorithm int32 + +const ( + // No hash algorithm is used. + DigitallySigned_NONE DigitallySigned_HashAlgorithm = 0 + // SHA256 is used. + DigitallySigned_SHA256 DigitallySigned_HashAlgorithm = 4 +) + +var DigitallySigned_HashAlgorithm_name = map[int32]string{ + 0: "NONE", + 4: "SHA256", +} +var DigitallySigned_HashAlgorithm_value = map[string]int32{ + "NONE": 0, + "SHA256": 4, +} + +func (x DigitallySigned_HashAlgorithm) String() string { + return proto.EnumName(DigitallySigned_HashAlgorithm_name, int32(x)) +} +func (DigitallySigned_HashAlgorithm) EnumDescriptor() ([]byte, []int) { + return fileDescriptor0, []int{0, 0} +} + +// SignatureAlgorithm defines the algorithm used to sign the object. +// +// Supported signature algorithms. The numbering space is the same as for TLS, +// given in RFC 5246 s7.4.1.4.1 and at: +// http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16 +type DigitallySigned_SignatureAlgorithm int32 + +const ( + // Anonymous signature scheme. + DigitallySigned_ANONYMOUS DigitallySigned_SignatureAlgorithm = 0 + // RSA signature scheme. + DigitallySigned_RSA DigitallySigned_SignatureAlgorithm = 1 + // ECDSA signature scheme. + DigitallySigned_ECDSA DigitallySigned_SignatureAlgorithm = 3 +) + +var DigitallySigned_SignatureAlgorithm_name = map[int32]string{ + 0: "ANONYMOUS", + 1: "RSA", + 3: "ECDSA", +} +var DigitallySigned_SignatureAlgorithm_value = map[string]int32{ + "ANONYMOUS": 0, + "RSA": 1, + "ECDSA": 3, +} + +func (x DigitallySigned_SignatureAlgorithm) String() string { + return proto.EnumName(DigitallySigned_SignatureAlgorithm_name, int32(x)) +} +func (DigitallySigned_SignatureAlgorithm) EnumDescriptor() ([]byte, []int) { + return fileDescriptor0, []int{0, 1} +} + +// Protocol buffer encoding of the TLS DigitallySigned type, from RFC 5246 §4.7. +type DigitallySigned struct { + // hash_algorithm contains the hash algorithm used. + HashAlgorithm DigitallySigned_HashAlgorithm `protobuf:"varint,1,opt,name=hash_algorithm,json=hashAlgorithm,enum=sigpb.DigitallySigned_HashAlgorithm" json:"hash_algorithm,omitempty"` + // sig_algorithm contains the signing algorithm used. + SignatureAlgorithm DigitallySigned_SignatureAlgorithm `protobuf:"varint,2,opt,name=signature_algorithm,json=signatureAlgorithm,enum=sigpb.DigitallySigned_SignatureAlgorithm" json:"signature_algorithm,omitempty"` + // signature contains the object signature. + Signature []byte `protobuf:"bytes,3,opt,name=signature,proto3" json:"signature,omitempty"` +} + +func (m *DigitallySigned) Reset() { *m = DigitallySigned{} } +func (m *DigitallySigned) String() string { return proto.CompactTextString(m) } +func (*DigitallySigned) ProtoMessage() {} +func (*DigitallySigned) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} } + +func (m *DigitallySigned) GetHashAlgorithm() DigitallySigned_HashAlgorithm { + if m != nil { + return m.HashAlgorithm + } + return DigitallySigned_NONE +} + +func (m *DigitallySigned) GetSignatureAlgorithm() DigitallySigned_SignatureAlgorithm { + if m != nil { + return m.SignatureAlgorithm + } + return DigitallySigned_ANONYMOUS +} + +func (m *DigitallySigned) GetSignature() []byte { + if m != nil { + return m.Signature + } + return nil +} + +func init() { + proto.RegisterType((*DigitallySigned)(nil), "sigpb.DigitallySigned") + proto.RegisterEnum("sigpb.DigitallySigned_HashAlgorithm", DigitallySigned_HashAlgorithm_name, DigitallySigned_HashAlgorithm_value) + proto.RegisterEnum("sigpb.DigitallySigned_SignatureAlgorithm", DigitallySigned_SignatureAlgorithm_name, DigitallySigned_SignatureAlgorithm_value) +} + +func init() { proto.RegisterFile("sigpb.proto", fileDescriptor0) } + +var fileDescriptor0 = []byte{ + // 226 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xe2, 0xe2, 0x2e, 0xce, 0x4c, 0x2f, + 0x48, 0xd2, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x05, 0x73, 0x94, 0x76, 0x30, 0x71, 0xf1, + 0xbb, 0x64, 0xa6, 0x67, 0x96, 0x24, 0xe6, 0xe4, 0x54, 0x06, 0x67, 0xa6, 0xe7, 0xa5, 0xa6, 0x08, + 0x79, 0x73, 0xf1, 0x65, 0x24, 0x16, 0x67, 0xc4, 0x27, 0xe6, 0xa4, 0xe7, 0x17, 0x65, 0x96, 0x64, + 0xe4, 0x4a, 0x30, 0x2a, 0x30, 0x6a, 0xf0, 0x19, 0xa9, 0xe8, 0x41, 0x0c, 0x40, 0x53, 0xaf, 0xe7, + 0x91, 0x58, 0x9c, 0xe1, 0x08, 0x53, 0x1b, 0xc4, 0x9b, 0x81, 0xcc, 0x15, 0x8a, 0xe2, 0x12, 0x2e, + 0xce, 0x4c, 0xcf, 0x4b, 0x2c, 0x29, 0x2d, 0x4a, 0x45, 0x32, 0x91, 0x09, 0x6c, 0xa2, 0x26, 0x0e, + 0x13, 0x83, 0x61, 0x3a, 0x10, 0xc6, 0x0a, 0x15, 0x63, 0x88, 0x09, 0xc9, 0x70, 0x71, 0xc2, 0x45, + 0x25, 0x98, 0x15, 0x18, 0x35, 0x78, 0x82, 0x10, 0x02, 0x4a, 0xaa, 0x5c, 0xbc, 0x28, 0x2e, 0x13, + 0xe2, 0xe0, 0x62, 0xf1, 0xf3, 0xf7, 0x73, 0x15, 0x60, 0x10, 0xe2, 0xe2, 0x62, 0x0b, 0xf6, 0x70, + 0x34, 0x32, 0x35, 0x13, 0x60, 0x51, 0x32, 0xe7, 0x12, 0xc2, 0xb4, 0x4e, 0x88, 0x97, 0x8b, 0xd3, + 0xd1, 0xcf, 0xdf, 0x2f, 0xd2, 0xd7, 0x3f, 0x34, 0x58, 0x80, 0x41, 0x88, 0x9d, 0x8b, 0x39, 0x28, + 0xd8, 0x51, 0x80, 0x51, 0x88, 0x93, 0x8b, 0xd5, 0xd5, 0xd9, 0x25, 0xd8, 0x51, 0x80, 0x39, 0x89, + 0x0d, 0x1c, 0x90, 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0x6f, 0x3a, 0x4c, 0x9a, 0x57, 0x01, + 0x00, 0x00, +} diff --git a/crypto/sigpb/sigpb.proto b/crypto/sigpb/sigpb.proto new file mode 100644 index 0000000000..4df20cd5f8 --- /dev/null +++ b/crypto/sigpb/sigpb.proto @@ -0,0 +1,53 @@ +// Copyright 2016 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package sigpb; + +// Protocol buffer encoding of the TLS DigitallySigned type, from RFC 5246 §4.7. +message DigitallySigned { + // HashAlgorithm defines the approved methods for object hashing. + // + // Supported hash algorithms. The numbering space is the same as for TLS, + // given in RFC 5246 s7.4.1.4.1 and at: + // http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18 + enum HashAlgorithm { + // No hash algorithm is used. + NONE = 0; + // SHA256 is used. + SHA256 = 4; + } + + // SignatureAlgorithm defines the algorithm used to sign the object. + // + // Supported signature algorithms. The numbering space is the same as for TLS, + // given in RFC 5246 s7.4.1.4.1 and at: + // http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16 + enum SignatureAlgorithm { + // Anonymous signature scheme. + ANONYMOUS = 0; + // RSA signature scheme. + RSA = 1; + // ECDSA signature scheme. + ECDSA = 3; + } + + // hash_algorithm contains the hash algorithm used. + HashAlgorithm hash_algorithm = 1; + // sig_algorithm contains the signing algorithm used. + SignatureAlgorithm signature_algorithm = 2; + // signature contains the object signature. + bytes signature = 3; +} diff --git a/crypto/verifier.go b/crypto/verifier.go index 8ad1f5f8fa..a2af844026 100644 --- a/crypto/verifier.go +++ b/crypto/verifier.go @@ -23,20 +23,20 @@ import ( "fmt" "math/big" - "github.com/google/trillian" + "github.com/google/trillian/crypto/sigpb" ) // ErrVerify occurs whenever signature verification fails. var ErrVerify = errors.New("signature verification failed") // Verify cryptographically verifies the output of Signer. -func Verify(pub crypto.PublicKey, data []byte, sig trillian.DigitallySigned) error { +func Verify(pub crypto.PublicKey, data []byte, sig sigpb.DigitallySigned) error { sigAlgo := sig.SignatureAlgorithm // Recompute digest - hasher, err := LookupHash(sig.HashAlgorithm) - if err != nil { - return err + hasher, ok := signerHashLookup[sig.HashAlgorithm] + if !ok { + return fmt.Errorf("unsupported hash algorithm %v", hasher) } h := hasher.New() h.Write(data) @@ -45,12 +45,12 @@ func Verify(pub crypto.PublicKey, data []byte, sig trillian.DigitallySigned) err // Verify signature algo type switch key := pub.(type) { case *ecdsa.PublicKey: - if sigAlgo != trillian.SignatureAlgorithm_ECDSA { + if sigAlgo != sigpb.DigitallySigned_ECDSA { return fmt.Errorf("signature algorithm does not match public key") } return verifyECDSA(key, digest, sig.Signature) case *rsa.PublicKey: - if sigAlgo != trillian.SignatureAlgorithm_RSA { + if sigAlgo != sigpb.DigitallySigned_RSA { return fmt.Errorf("signature algorithm does not match public key") } return verifyRSA(key, digest, sig.Signature, hasher, hasher) diff --git a/crypto/verifier_test.go b/crypto/verifier_test.go index cd571b06c8..958008ad56 100644 --- a/crypto/verifier_test.go +++ b/crypto/verifier_test.go @@ -15,9 +15,10 @@ package crypto import ( + "crypto" "testing" - "github.com/google/trillian" + "github.com/google/trillian/crypto/sigpb" "github.com/google/trillian/testonly" ) @@ -34,12 +35,12 @@ func TestSignVerify(t *testing.T) { for _, test := range []struct { PEM string password string - HashAlgo trillian.HashAlgorithm - SigAlgo trillian.SignatureAlgorithm + HashAlgo crypto.Hash + SigAlgo sigpb.DigitallySigned_SignatureAlgorithm }{ - {privPEM, "", trillian.HashAlgorithm_SHA256, trillian.SignatureAlgorithm_ECDSA}, + {privPEM, "", crypto.SHA256, sigpb.DigitallySigned_ECDSA}, {testonly.DemoPrivateKey, testonly.DemoPrivateKeyPass, - trillian.HashAlgorithm_SHA256, trillian.SignatureAlgorithm_ECDSA}, + crypto.SHA256, sigpb.DigitallySigned_ECDSA}, } { km := NewPEMKeyManager() diff --git a/examples/ct/handlers_test.go b/examples/ct/handlers_test.go index cbe07835f6..3d73f1df4a 100644 --- a/examples/ct/handlers_test.go +++ b/examples/ct/handlers_test.go @@ -18,6 +18,7 @@ import ( "bufio" "bytes" "context" + gocrypto "crypto" "crypto/sha256" "encoding/hex" "encoding/json" @@ -38,6 +39,7 @@ import ( "github.com/google/certificate-transparency/go/x509" "github.com/google/trillian" "github.com/google/trillian/crypto" + spb "github.com/google/trillian/crypto/sigpb" "github.com/google/trillian/examples/ct/testonly" "github.com/google/trillian/mockclient" "github.com/google/trillian/util" @@ -103,8 +105,8 @@ func setupTest(t *testing.T, pemRoots []string) handlerTestInfo { info.mockCtrl = gomock.NewController(t) info.km = crypto.NewMockKeyManager(info.mockCtrl) info.km.EXPECT().GetRawPublicKey().AnyTimes().Return([]byte("key"), nil) - info.km.EXPECT().SignatureAlgorithm().AnyTimes().Return(trillian.SignatureAlgorithm_ECDSA) - info.km.EXPECT().HashAlgorithm().AnyTimes().Return(trillian.HashAlgorithm_SHA256) + info.km.EXPECT().SignatureAlgorithm().AnyTimes().Return(spb.DigitallySigned_ECDSA) + info.km.EXPECT().HashAlgorithm().AnyTimes().Return(gocrypto.SHA256) info.client = mockclient.NewMockTrillianLogClient(info.mockCtrl) info.roots = NewPEMCertPool() for _, pemRoot := range pemRoots { diff --git a/examples/ct/structures_test.go b/examples/ct/structures_test.go index 8f1a2eb5bd..3c1321ef8b 100644 --- a/examples/ct/structures_test.go +++ b/examples/ct/structures_test.go @@ -15,6 +15,7 @@ package ct import ( + gocrypto "crypto" "encoding/hex" "reflect" "testing" @@ -23,8 +24,8 @@ import ( "github.com/golang/mock/gomock" ct "github.com/google/certificate-transparency/go" "github.com/google/certificate-transparency/go/tls" - "github.com/google/trillian" "github.com/google/trillian/crypto" + spb "github.com/google/trillian/crypto/sigpb" ) var fixedTime = time.Date(2017, 9, 7, 12, 15, 23, 0, time.UTC) @@ -108,8 +109,8 @@ func TestSerializeLogEntry(t *testing.T) { func setupMockKeyManager(ctrl *gomock.Controller, toSign []byte) *crypto.MockKeyManager { mockKeyManager := setupMockKeyManagerForSth(ctrl, toSign) mockKeyManager.EXPECT().GetRawPublicKey().AnyTimes().Return([]byte("key"), nil) - mockKeyManager.EXPECT().SignatureAlgorithm().AnyTimes().Return(trillian.SignatureAlgorithm_ECDSA) - mockKeyManager.EXPECT().HashAlgorithm().AnyTimes().Return(trillian.HashAlgorithm_SHA256) + mockKeyManager.EXPECT().SignatureAlgorithm().AnyTimes().Return(spb.DigitallySigned_ECDSA) + mockKeyManager.EXPECT().HashAlgorithm().AnyTimes().Return(gocrypto.SHA256) return mockKeyManager } diff --git a/log/sequencer.go b/log/sequencer.go index c86d545e7d..a41d1b4266 100644 --- a/log/sequencer.go +++ b/log/sequencer.go @@ -24,6 +24,7 @@ import ( "github.com/golang/glog" "github.com/google/trillian" "github.com/google/trillian/crypto" + "github.com/google/trillian/crypto/sigpb" "github.com/google/trillian/merkle" "github.com/google/trillian/storage" "github.com/google/trillian/util" @@ -147,11 +148,11 @@ func (s Sequencer) initMerkleTreeFromStorage(ctx context.Context, currentRoot tr return s.buildMerkleTreeFromStorageAtRoot(ctx, currentRoot, tx) } -func (s Sequencer) createRootSignature(ctx context.Context, root trillian.SignedLogRoot) (trillian.DigitallySigned, error) { +func (s Sequencer) createRootSignature(ctx context.Context, root trillian.SignedLogRoot) (sigpb.DigitallySigned, error) { signer, err := s.keyManager.Signer() if err != nil { glog.Warningf("%s: key manager failed to create crypto.Signer: %v", util.LogIDPrefix(ctx), err) - return trillian.DigitallySigned{}, err + return sigpb.DigitallySigned{}, err } trillianSigner := crypto.NewSigner(s.keyManager.HashAlgorithm(), s.keyManager.SignatureAlgorithm(), signer) @@ -159,7 +160,7 @@ func (s Sequencer) createRootSignature(ctx context.Context, root trillian.Signed signature, err := trillianSigner.SignLogRoot(root) if err != nil { glog.Warningf("%s: signer failed to sign root: %v", util.LogIDPrefix(ctx), err) - return trillian.DigitallySigned{}, err + return sigpb.DigitallySigned{}, err } return signature, nil diff --git a/log/sequencer_test.go b/log/sequencer_test.go index a7b98533b5..c3ea0caf9a 100644 --- a/log/sequencer_test.go +++ b/log/sequencer_test.go @@ -25,6 +25,7 @@ import ( "github.com/golang/mock/gomock" "github.com/google/trillian" "github.com/google/trillian/crypto" + "github.com/google/trillian/crypto/sigpb" "github.com/google/trillian/storage" "github.com/google/trillian/testonly" "github.com/google/trillian/util" @@ -56,9 +57,9 @@ var expectedSignedRoot = trillian.SignedLogRoot{ TreeRevision: 6, TreeSize: 17, LogId: 0, - Signature: &trillian.DigitallySigned{ - SignatureAlgorithm: trillian.SignatureAlgorithm_ECDSA, - HashAlgorithm: trillian.HashAlgorithm_SHA256, + Signature: &sigpb.DigitallySigned{ + SignatureAlgorithm: sigpb.DigitallySigned_ECDSA, + HashAlgorithm: sigpb.DigitallySigned_SHA256, Signature: []byte("signed"), }, } @@ -70,9 +71,9 @@ var expectedSignedRoot16 = trillian.SignedLogRoot{ TreeSize: 16, RootHash: testRoot16.RootHash, LogId: 0, - Signature: &trillian.DigitallySigned{ - SignatureAlgorithm: trillian.SignatureAlgorithm_ECDSA, - HashAlgorithm: trillian.HashAlgorithm_SHA256, + Signature: &sigpb.DigitallySigned{ + SignatureAlgorithm: sigpb.DigitallySigned_ECDSA, + HashAlgorithm: sigpb.DigitallySigned_SHA256, Signature: []byte("signed"), }, } @@ -84,9 +85,9 @@ var expectedSignedRoot0 = trillian.SignedLogRoot{ TreeRevision: 1, TreeSize: 0, LogId: 0, - Signature: &trillian.DigitallySigned{ - SignatureAlgorithm: trillian.SignatureAlgorithm_ECDSA, - HashAlgorithm: trillian.HashAlgorithm_SHA256, + Signature: &sigpb.DigitallySigned{ + SignatureAlgorithm: sigpb.DigitallySigned_ECDSA, + HashAlgorithm: sigpb.DigitallySigned_SHA256, Signature: []byte("signed"), }, } @@ -219,10 +220,10 @@ func createTestContext(ctrl *gomock.Controller, params testParameters) (testCont if params.setupSigner { mockSigner := crypto.NewMockSigner(ctrl) - mockKeyManager.EXPECT().HashAlgorithm().AnyTimes().Return(trillian.HashAlgorithm_SHA256) + mockKeyManager.EXPECT().HashAlgorithm().AnyTimes().Return(gocrypto.SHA256) mockSigner.EXPECT().Sign(gomock.Any(), params.dataToSign, gocrypto.SHA256).AnyTimes().Return(params.signingResult, params.signingError) mockKeyManager.EXPECT().Signer().AnyTimes().Return(mockSigner, params.keyManagerError) - mockKeyManager.EXPECT().SignatureAlgorithm().AnyTimes().Return(trillian.SignatureAlgorithm_ECDSA) + mockKeyManager.EXPECT().SignatureAlgorithm().AnyTimes().Return(sigpb.DigitallySigned_ECDSA) } sequencer := NewSequencer(testonly.Hasher, util.FakeTimeSource{FakeTime: fakeTimeForTest}, mockStorage, mockKeyManager) diff --git a/server/sequencer_manager_test.go b/server/sequencer_manager_test.go index 317756c25d..8e55d103f8 100644 --- a/server/sequencer_manager_test.go +++ b/server/sequencer_manager_test.go @@ -23,6 +23,7 @@ import ( "github.com/golang/mock/gomock" "github.com/google/trillian" "github.com/google/trillian/crypto" + "github.com/google/trillian/crypto/sigpb" "github.com/google/trillian/extension" "github.com/google/trillian/storage" "github.com/google/trillian/testonly" @@ -47,9 +48,9 @@ var testRoot0 = trillian.SignedLogRoot{ TreeRevision: 0, LogId: testLogID1, RootHash: []byte{}, - Signature: &trillian.DigitallySigned{ - HashAlgorithm: trillian.HashAlgorithm_SHA256, - SignatureAlgorithm: trillian.SignatureAlgorithm_ECDSA, + Signature: &sigpb.DigitallySigned{ + HashAlgorithm: sigpb.DigitallySigned_SHA256, + SignatureAlgorithm: sigpb.DigitallySigned_ECDSA, }, } var updatedNodes0 = []storage.Node{{NodeID: storage.NodeID{Path: []uint8{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, PrefixLenBits: 64, PathLenBits: 64}, Hash: testonly.MustDecodeBase64("bjQLnP+zepicpUTmu3gKLHiQHT+zNzh2hRGjBhevoB0="), NodeRevision: 1}} @@ -58,9 +59,9 @@ var updatedRoot = trillian.SignedLogRoot{ TimestampNanos: fakeTime.UnixNano(), RootHash: []byte{110, 52, 11, 156, 255, 179, 122, 152, 156, 165, 68, 230, 187, 120, 10, 44, 120, 144, 29, 63, 179, 55, 56, 118, 133, 17, 163, 6, 23, 175, 160, 29}, TreeSize: 1, - Signature: &trillian.DigitallySigned{ - HashAlgorithm: trillian.HashAlgorithm_SHA256, - SignatureAlgorithm: trillian.SignatureAlgorithm_ECDSA, + Signature: &sigpb.DigitallySigned{ + HashAlgorithm: sigpb.DigitallySigned_SHA256, + SignatureAlgorithm: sigpb.DigitallySigned_ECDSA, Signature: []byte("signed"), }, TreeRevision: 1, @@ -76,8 +77,8 @@ func TestSequencerManagerNothingToDo(t *testing.T) { mockStorage := storage.NewMockLogStorage(mockCtrl) mockKeyManager := crypto.NewMockKeyManager(mockCtrl) - mockKeyManager.EXPECT().SignatureAlgorithm().AnyTimes().Return(trillian.SignatureAlgorithm_ECDSA) - mockKeyManager.EXPECT().HashAlgorithm().AnyTimes().Return(trillian.HashAlgorithm_SHA256) + mockKeyManager.EXPECT().SignatureAlgorithm().AnyTimes().Return(sigpb.DigitallySigned_ECDSA) + mockKeyManager.EXPECT().HashAlgorithm().AnyTimes().Return(gocrypto.SHA256) registry := extension.NewMockRegistry(mockCtrl) registry.EXPECT().GetLogStorage().Return(mockStorage, nil) @@ -100,8 +101,8 @@ func TestSequencerManagerSingleLogNoLeaves(t *testing.T) { mockTx.EXPECT().LatestSignedLogRoot().Return(testRoot0, nil) mockTx.EXPECT().DequeueLeaves(50, fakeTime).Return([]trillian.LogLeaf{}, nil) mockKeyManager := crypto.NewMockKeyManager(mockCtrl) - mockKeyManager.EXPECT().SignatureAlgorithm().AnyTimes().Return(trillian.SignatureAlgorithm_ECDSA) - mockKeyManager.EXPECT().HashAlgorithm().AnyTimes().Return(trillian.HashAlgorithm_SHA256) + mockKeyManager.EXPECT().SignatureAlgorithm().AnyTimes().Return(sigpb.DigitallySigned_ECDSA) + mockKeyManager.EXPECT().HashAlgorithm().AnyTimes().Return(gocrypto.SHA256) registry := extension.NewMockRegistry(mockCtrl) registry.EXPECT().GetLogStorage().Return(mockStorage, nil) @@ -117,8 +118,8 @@ func TestSequencerManagerSingleLogOneLeaf(t *testing.T) { mockStorage := storage.NewMockLogStorage(mockCtrl) mockTx := storage.NewMockLogTreeTX(mockCtrl) mockKeyManager := crypto.NewMockKeyManager(mockCtrl) - mockKeyManager.EXPECT().SignatureAlgorithm().AnyTimes().Return(trillian.SignatureAlgorithm_ECDSA) - mockKeyManager.EXPECT().HashAlgorithm().AnyTimes().Return(trillian.HashAlgorithm_SHA256) + mockKeyManager.EXPECT().SignatureAlgorithm().AnyTimes().Return(sigpb.DigitallySigned_ECDSA) + mockKeyManager.EXPECT().HashAlgorithm().AnyTimes().Return(gocrypto.SHA256) var logID int64 = 1 // Set up enough mockery to be able to sequence. We don't test all the error paths diff --git a/server/vmap/trillian_map_server.go b/server/vmap/trillian_map_server.go index 205ff7c353..d2165a022e 100644 --- a/server/vmap/trillian_map_server.go +++ b/server/vmap/trillian_map_server.go @@ -19,6 +19,7 @@ import ( "github.com/golang/glog" "github.com/google/trillian" + spb "github.com/google/trillian/crypto/sigpb" "github.com/google/trillian/extension" "github.com/google/trillian/merkle" "github.com/google/trillian/storage" @@ -195,7 +196,7 @@ func (t *TrillianMapServer) SetLeaves(ctx context.Context, req *trillian.SetMapL MapRevision: tx.WriteRevision(), Metadata: req.MapperData, // TODO(al): Actually sign stuff, etc! - Signature: &trillian.DigitallySigned{}, + Signature: &spb.DigitallySigned{}, } // TODO(al): need an smtWriter.Rollback() or similar I think. diff --git a/storage/mysql/admin_storage.go b/storage/mysql/admin_storage.go index a522678904..ec02205a41 100644 --- a/storage/mysql/admin_storage.go +++ b/storage/mysql/admin_storage.go @@ -21,6 +21,7 @@ import ( "time" "github.com/google/trillian" + spb "github.com/google/trillian/crypto/sigpb" "github.com/google/trillian/storage" "golang.org/x/net/context" ) @@ -171,13 +172,13 @@ func readTree(row row) (*trillian.Tree, error) { } else { return nil, fmt.Errorf("unknown HashStrategy: %v", hashStrategy) } - if ha, ok := trillian.HashAlgorithm_value[hashAlgorithm]; ok { - tree.HashAlgorithm = trillian.HashAlgorithm(ha) + if ha, ok := spb.DigitallySigned_HashAlgorithm_value[hashAlgorithm]; ok { + tree.HashAlgorithm = spb.DigitallySigned_HashAlgorithm(ha) } else { return nil, fmt.Errorf("unknown HashAlgorithm: %v", hashAlgorithm) } - if sa, ok := trillian.SignatureAlgorithm_value[signatureAlgorithm]; ok { - tree.SignatureAlgorithm = trillian.SignatureAlgorithm(sa) + if sa, ok := spb.DigitallySigned_SignatureAlgorithm_value[signatureAlgorithm]; ok { + tree.SignatureAlgorithm = spb.DigitallySigned_SignatureAlgorithm(sa) } else { return nil, fmt.Errorf("unknown SignatureAlgorithm: %v", signatureAlgorithm) } diff --git a/storage/mysql/log_storage.go b/storage/mysql/log_storage.go index 44a5740332..c2f4cdea6d 100644 --- a/storage/mysql/log_storage.go +++ b/storage/mysql/log_storage.go @@ -31,6 +31,7 @@ import ( "github.com/golang/glog" "github.com/golang/protobuf/proto" "github.com/google/trillian" + spb "github.com/google/trillian/crypto/sigpb" "github.com/google/trillian/merkle" "github.com/google/trillian/storage" "github.com/google/trillian/storage/cache" @@ -432,7 +433,7 @@ func (t *logTreeTX) LatestSignedLogRoot() (trillian.SignedLogRoot, error) { func (t *logTreeTX) fetchLatestRoot() (trillian.SignedLogRoot, error) { var timestamp, treeSize, treeRevision int64 var rootHash, rootSignatureBytes []byte - var rootSignature trillian.DigitallySigned + var rootSignature spb.DigitallySigned err := t.tx.QueryRow( selectLatestSignedLogRootSQL, t.treeID).Scan( diff --git a/storage/mysql/log_storage_test.go b/storage/mysql/log_storage_test.go index e584e9e86a..8dc25b58e1 100644 --- a/storage/mysql/log_storage_test.go +++ b/storage/mysql/log_storage_test.go @@ -28,6 +28,7 @@ import ( _ "github.com/go-sql-driver/mysql" "github.com/golang/protobuf/proto" "github.com/google/trillian" + spb "github.com/google/trillian/crypto/sigpb" "github.com/google/trillian/storage" "reflect" ) @@ -715,7 +716,7 @@ func TestLatestSignedLogRoot(t *testing.T) { defer tx.Rollback() // TODO: Tidy up the log id as it looks silly chained 3 times like this - root := trillian.SignedLogRoot{LogId: logID.logID, TimestampNanos: 98765, TreeSize: 16, TreeRevision: 5, RootHash: []byte(dummyHash), Signature: &trillian.DigitallySigned{Signature: []byte("notempty")}} + root := trillian.SignedLogRoot{LogId: logID.logID, TimestampNanos: 98765, TreeSize: 16, TreeRevision: 5, RootHash: []byte(dummyHash), Signature: &spb.DigitallySigned{Signature: []byte("notempty")}} if err := tx.StoreSignedLogRoot(root); err != nil { t.Fatalf("Failed to store signed root: %v", err) @@ -747,7 +748,7 @@ func TestDuplicateSignedLogRoot(t *testing.T) { defer commit(tx, t) // TODO: Tidy up the log id as it looks silly chained 3 times like this - root := trillian.SignedLogRoot{LogId: logID.logID, TimestampNanos: 98765, TreeSize: 16, TreeRevision: 5, RootHash: []byte(dummyHash), Signature: &trillian.DigitallySigned{Signature: []byte("notempty")}} + root := trillian.SignedLogRoot{LogId: logID.logID, TimestampNanos: 98765, TreeSize: 16, TreeRevision: 5, RootHash: []byte(dummyHash), Signature: &spb.DigitallySigned{Signature: []byte("notempty")}} if err := tx.StoreSignedLogRoot(root); err != nil { t.Fatalf("Failed to store signed root: %v", err) @@ -768,14 +769,14 @@ func TestLogRootUpdate(t *testing.T) { tx := beginLogTx(s, logID, t) // TODO: Tidy up the log id as it looks silly chained 3 times like this - root := trillian.SignedLogRoot{LogId: logID.logID, TimestampNanos: 98765, TreeSize: 16, TreeRevision: 5, RootHash: []byte(dummyHash), Signature: &trillian.DigitallySigned{Signature: []byte("notempty")}} + root := trillian.SignedLogRoot{LogId: logID.logID, TimestampNanos: 98765, TreeSize: 16, TreeRevision: 5, RootHash: []byte(dummyHash), Signature: &spb.DigitallySigned{Signature: []byte("notempty")}} if err := tx.StoreSignedLogRoot(root); err != nil { t.Fatalf("Failed to store signed root: %v", err) } // TODO: Tidy up the log id as it looks silly chained 3 times like this - root2 := trillian.SignedLogRoot{LogId: logID.logID, TimestampNanos: 98766, TreeSize: 16, TreeRevision: 6, RootHash: []byte(dummyHash), Signature: &trillian.DigitallySigned{Signature: []byte("notempty")}} + root2 := trillian.SignedLogRoot{LogId: logID.logID, TimestampNanos: 98766, TreeSize: 16, TreeRevision: 6, RootHash: []byte(dummyHash), Signature: &spb.DigitallySigned{Signature: []byte("notempty")}} if err := tx.StoreSignedLogRoot(root2); err != nil { t.Fatalf("Failed to store signed root: %v", err) diff --git a/storage/mysql/map_storage.go b/storage/mysql/map_storage.go index f05851d97a..8735133b33 100644 --- a/storage/mysql/map_storage.go +++ b/storage/mysql/map_storage.go @@ -21,6 +21,7 @@ import ( "github.com/golang/glog" "github.com/golang/protobuf/proto" "github.com/google/trillian" + spb "github.com/google/trillian/crypto/sigpb" "github.com/google/trillian/merkle" "github.com/google/trillian/storage" "github.com/google/trillian/storage/cache" @@ -217,7 +218,7 @@ func (m *mapTreeTX) Get(revision int64, indexes [][]byte) ([]trillian.MapLeaf, e func (m *mapTreeTX) LatestSignedMapRoot() (trillian.SignedMapRoot, error) { var timestamp, mapRevision int64 var rootHash, rootSignatureBytes []byte - var rootSignature trillian.DigitallySigned + var rootSignature spb.DigitallySigned var mapperMetaBytes []byte var mapperMeta *trillian.MapperMetadata diff --git a/storage/mysql/map_storage_test.go b/storage/mysql/map_storage_test.go index 84d73f7af0..cec9b830ea 100644 --- a/storage/mysql/map_storage_test.go +++ b/storage/mysql/map_storage_test.go @@ -21,6 +21,7 @@ import ( "github.com/golang/protobuf/proto" "github.com/google/trillian" + spb "github.com/google/trillian/crypto/sigpb" "github.com/google/trillian/storage" ) @@ -126,7 +127,7 @@ func TestMapRootUpdate(t *testing.T) { TimestampNanos: 98765, MapRevision: 5, RootHash: []byte(dummyHash), - Signature: &trillian.DigitallySigned{Signature: []byte("notempty")}, + Signature: &spb.DigitallySigned{Signature: []byte("notempty")}, } if err := tx.StoreSignedMapRoot(root); err != nil { @@ -139,7 +140,7 @@ func TestMapRootUpdate(t *testing.T) { TimestampNanos: 98766, MapRevision: 6, RootHash: []byte(dummyHash), - Signature: &trillian.DigitallySigned{Signature: []byte("notempty")}, + Signature: &spb.DigitallySigned{Signature: []byte("notempty")}, } if err := tx.StoreSignedMapRoot(root2); err != nil { @@ -347,7 +348,7 @@ func TestLatestSignedMapRoot(t *testing.T) { defer tx.Rollback() // TODO: Tidy up the map id as it looks silly chained 3 times like this - root := trillian.SignedMapRoot{MapId: mapID.mapID, TimestampNanos: 98765, MapRevision: 5, RootHash: []byte(dummyHash), Signature: &trillian.DigitallySigned{Signature: []byte("notempty")}} + root := trillian.SignedMapRoot{MapId: mapID.mapID, TimestampNanos: 98765, MapRevision: 5, RootHash: []byte(dummyHash), Signature: &spb.DigitallySigned{Signature: []byte("notempty")}} if err := tx.StoreSignedMapRoot(root); err != nil { t.Fatalf("Failed to store signed root: %v", err) @@ -382,7 +383,7 @@ func TestDuplicateSignedMapRoot(t *testing.T) { defer tx.Commit() // TODO: Tidy up the map id as it looks silly chained 3 times like this - root := trillian.SignedMapRoot{MapId: mapID.mapID, TimestampNanos: 98765, MapRevision: 5, RootHash: []byte(dummyHash), Signature: &trillian.DigitallySigned{Signature: []byte("notempty")}} + root := trillian.SignedMapRoot{MapId: mapID.mapID, TimestampNanos: 98765, MapRevision: 5, RootHash: []byte(dummyHash), Signature: &spb.DigitallySigned{Signature: []byte("notempty")}} if err := tx.StoreSignedMapRoot(root); err != nil { t.Fatalf("Failed to store signed map root: %v", err) diff --git a/storage/testonly/admin_storage_tester.go b/storage/testonly/admin_storage_tester.go index dbbf44fc49..fbbdadb204 100644 --- a/storage/testonly/admin_storage_tester.go +++ b/storage/testonly/admin_storage_tester.go @@ -20,6 +20,7 @@ import ( "testing" "github.com/google/trillian" + spb "github.com/google/trillian/crypto/sigpb" "github.com/google/trillian/storage" ) @@ -29,8 +30,8 @@ var ( TreeState: trillian.TreeState_ACTIVE, TreeType: trillian.TreeType_LOG, HashStrategy: trillian.HashStrategy_RFC_6962, - HashAlgorithm: trillian.HashAlgorithm_SHA256, - SignatureAlgorithm: trillian.SignatureAlgorithm_ECDSA, + HashAlgorithm: spb.DigitallySigned_SHA256, + SignatureAlgorithm: spb.DigitallySigned_ECDSA, DuplicatePolicy: trillian.DuplicatePolicy_DUPLICATES_NOT_ALLOWED, DisplayName: "Llamas Log", Description: "Registry of publicly-owned llamas", @@ -41,8 +42,8 @@ var ( TreeState: trillian.TreeState_ACTIVE, TreeType: trillian.TreeType_MAP, HashStrategy: trillian.HashStrategy_RFC_6962, - HashAlgorithm: trillian.HashAlgorithm_SHA256, - SignatureAlgorithm: trillian.SignatureAlgorithm_ECDSA, + HashAlgorithm: spb.DigitallySigned_SHA256, + SignatureAlgorithm: spb.DigitallySigned_ECDSA, DuplicatePolicy: trillian.DuplicatePolicy_DUPLICATES_ALLOWED, DisplayName: "Llamas Map", Description: "Key Transparency map for all your digital llama needs.", diff --git a/storage/tree_validation.go b/storage/tree_validation.go index 0f75076db1..e3738a3ab1 100644 --- a/storage/tree_validation.go +++ b/storage/tree_validation.go @@ -18,6 +18,7 @@ import ( "fmt" "github.com/google/trillian" + "github.com/google/trillian/crypto/sigpb" ) const ( @@ -37,9 +38,9 @@ func ValidateTreeForCreation(tree *trillian.Tree) error { return fmt.Errorf("invalid tree_type: %s", tree.TreeType) case tree.HashStrategy == trillian.HashStrategy_UNKNOWN_HASH_STRATEGY: return fmt.Errorf("invalid hash_strategy: %s", tree.HashStrategy) - case tree.HashAlgorithm == trillian.HashAlgorithm_NONE: + case tree.HashAlgorithm == sigpb.DigitallySigned_NONE: return fmt.Errorf("invalid hash_algorithm: %s", tree.HashStrategy) - case tree.SignatureAlgorithm == trillian.SignatureAlgorithm_ANONYMOUS: + case tree.SignatureAlgorithm == sigpb.DigitallySigned_ANONYMOUS: return fmt.Errorf("invalid signature_algorithm: %s", tree.HashStrategy) case tree.DuplicatePolicy == trillian.DuplicatePolicy_UNKNOWN_DUPLICATE_POLICY: return fmt.Errorf("invalid duplicate_policy: %s", tree.HashStrategy) diff --git a/storage/tree_validation_test.go b/storage/tree_validation_test.go index 7de27a81c1..3e9dd45357 100644 --- a/storage/tree_validation_test.go +++ b/storage/tree_validation_test.go @@ -18,6 +18,7 @@ import ( "testing" "github.com/google/trillian" + "github.com/google/trillian/crypto/sigpb" ) func TestValidateTreeForCreation(t *testing.T) { @@ -43,10 +44,10 @@ func TestValidateTreeForCreation(t *testing.T) { invalidHashStrategy.HashStrategy = trillian.HashStrategy_UNKNOWN_HASH_STRATEGY invalidHashAlgorithm := newTree() - invalidHashAlgorithm.HashAlgorithm = trillian.HashAlgorithm_NONE + invalidHashAlgorithm.HashAlgorithm = sigpb.DigitallySigned_NONE invalidSignatureAlgorithm := newTree() - invalidSignatureAlgorithm.SignatureAlgorithm = trillian.SignatureAlgorithm_ANONYMOUS + invalidSignatureAlgorithm.SignatureAlgorithm = sigpb.DigitallySigned_ANONYMOUS invalidDuplicatePolicy := newTree() invalidDuplicatePolicy.DuplicatePolicy = trillian.DuplicatePolicy_UNKNOWN_DUPLICATE_POLICY @@ -92,8 +93,8 @@ func newTree() *trillian.Tree { TreeState: trillian.TreeState_ACTIVE, TreeType: trillian.TreeType_LOG, HashStrategy: trillian.HashStrategy_RFC_6962, - HashAlgorithm: trillian.HashAlgorithm_SHA256, - SignatureAlgorithm: trillian.SignatureAlgorithm_ECDSA, + HashAlgorithm: sigpb.DigitallySigned_SHA256, + SignatureAlgorithm: sigpb.DigitallySigned_ECDSA, DuplicatePolicy: trillian.DuplicatePolicy_DUPLICATES_NOT_ALLOWED, DisplayName: "Llamas Log", Description: "Registry of publicly-owned llamas", diff --git a/trillian.pb.go b/trillian.pb.go index a1f4bb00ec..4ed7f9928b 100644 --- a/trillian.pb.go +++ b/trillian.pb.go @@ -7,36 +7,13 @@ package trillian import proto "github.com/golang/protobuf/proto" import fmt "fmt" import math "math" +import sigpb "github.com/google/trillian/crypto/sigpb" // Reference imports to suppress errors if they are not otherwise used. var _ = proto.Marshal var _ = fmt.Errorf var _ = math.Inf -// Supported hash algorithms. The numbering space is the same as for TLS, -// given in RFC 5246 s7.4.1.4.1 and at: -// http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18 -type HashAlgorithm int32 - -const ( - HashAlgorithm_NONE HashAlgorithm = 0 - HashAlgorithm_SHA256 HashAlgorithm = 4 -) - -var HashAlgorithm_name = map[int32]string{ - 0: "NONE", - 4: "SHA256", -} -var HashAlgorithm_value = map[string]int32{ - "NONE": 0, - "SHA256": 4, -} - -func (x HashAlgorithm) String() string { - return proto.EnumName(HashAlgorithm_name, int32(x)) -} -func (HashAlgorithm) EnumDescriptor() ([]byte, []int) { return fileDescriptor1, []int{0} } - // Defines the way empty / node / leaf hashes are constructed incorporating // preimage protection, which can be application specific. type HashStrategy int32 @@ -62,34 +39,7 @@ var HashStrategy_value = map[string]int32{ func (x HashStrategy) String() string { return proto.EnumName(HashStrategy_name, int32(x)) } -func (HashStrategy) EnumDescriptor() ([]byte, []int) { return fileDescriptor1, []int{1} } - -// Supported signature algorithms. The numbering space is the same as for TLS, -// given in RFC 5246 s7.4.1.4.1 and at: -// http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16 -type SignatureAlgorithm int32 - -const ( - SignatureAlgorithm_ANONYMOUS SignatureAlgorithm = 0 - SignatureAlgorithm_RSA SignatureAlgorithm = 1 - SignatureAlgorithm_ECDSA SignatureAlgorithm = 3 -) - -var SignatureAlgorithm_name = map[int32]string{ - 0: "ANONYMOUS", - 1: "RSA", - 3: "ECDSA", -} -var SignatureAlgorithm_value = map[string]int32{ - "ANONYMOUS": 0, - "RSA": 1, - "ECDSA": 3, -} - -func (x SignatureAlgorithm) String() string { - return proto.EnumName(SignatureAlgorithm_name, int32(x)) -} -func (SignatureAlgorithm) EnumDescriptor() ([]byte, []int) { return fileDescriptor1, []int{2} } +func (HashStrategy) EnumDescriptor() ([]byte, []int) { return fileDescriptor1, []int{0} } // State of the tree. type TreeState int32 @@ -132,7 +82,7 @@ var TreeState_value = map[string]int32{ func (x TreeState) String() string { return proto.EnumName(TreeState_name, int32(x)) } -func (TreeState) EnumDescriptor() ([]byte, []int) { return fileDescriptor1, []int{3} } +func (TreeState) EnumDescriptor() ([]byte, []int) { return fileDescriptor1, []int{1} } // Type of the tree. type TreeType int32 @@ -161,7 +111,7 @@ var TreeType_value = map[string]int32{ func (x TreeType) String() string { return proto.EnumName(TreeType_name, int32(x)) } -func (TreeType) EnumDescriptor() ([]byte, []int) { return fileDescriptor1, []int{4} } +func (TreeType) EnumDescriptor() ([]byte, []int) { return fileDescriptor1, []int{2} } // Duplicate policy of a tree. type DuplicatePolicy int32 @@ -190,7 +140,7 @@ var DuplicatePolicy_value = map[string]int32{ func (x DuplicatePolicy) String() string { return proto.EnumName(DuplicatePolicy_name, int32(x)) } -func (DuplicatePolicy) EnumDescriptor() ([]byte, []int) { return fileDescriptor1, []int{5} } +func (DuplicatePolicy) EnumDescriptor() ([]byte, []int) { return fileDescriptor1, []int{3} } // Represents a tree, which may be either a verifiable log or map. // Readonly attributes are assigned at tree creation, after which they may not @@ -213,10 +163,10 @@ type Tree struct { HashStrategy HashStrategy `protobuf:"varint,4,opt,name=hash_strategy,json=hashStrategy,enum=trillian.HashStrategy" json:"hash_strategy,omitempty"` // Hash algorithm to be used by the tree. // Readonly. - HashAlgorithm HashAlgorithm `protobuf:"varint,5,opt,name=hash_algorithm,json=hashAlgorithm,enum=trillian.HashAlgorithm" json:"hash_algorithm,omitempty"` + HashAlgorithm sigpb.DigitallySigned_HashAlgorithm `protobuf:"varint,5,opt,name=hash_algorithm,json=hashAlgorithm,enum=sigpb.DigitallySigned_HashAlgorithm" json:"hash_algorithm,omitempty"` // Signature algorithm to be used by the tree. // Readonly. - SignatureAlgorithm SignatureAlgorithm `protobuf:"varint,6,opt,name=signature_algorithm,json=signatureAlgorithm,enum=trillian.SignatureAlgorithm" json:"signature_algorithm,omitempty"` + SignatureAlgorithm sigpb.DigitallySigned_SignatureAlgorithm `protobuf:"varint,6,opt,name=signature_algorithm,json=signatureAlgorithm,enum=sigpb.DigitallySigned_SignatureAlgorithm" json:"signature_algorithm,omitempty"` // Duplicate policy to be used by the tree. // Readonly. DuplicatePolicy DuplicatePolicy `protobuf:"varint,7,opt,name=duplicate_policy,json=duplicatePolicy,enum=trillian.DuplicatePolicy" json:"duplicate_policy,omitempty"` @@ -267,18 +217,18 @@ func (m *Tree) GetHashStrategy() HashStrategy { return HashStrategy_UNKNOWN_HASH_STRATEGY } -func (m *Tree) GetHashAlgorithm() HashAlgorithm { +func (m *Tree) GetHashAlgorithm() sigpb.DigitallySigned_HashAlgorithm { if m != nil { return m.HashAlgorithm } - return HashAlgorithm_NONE + return sigpb.DigitallySigned_NONE } -func (m *Tree) GetSignatureAlgorithm() SignatureAlgorithm { +func (m *Tree) GetSignatureAlgorithm() sigpb.DigitallySigned_SignatureAlgorithm { if m != nil { return m.SignatureAlgorithm } - return SignatureAlgorithm_ANONYMOUS + return sigpb.DigitallySigned_ANONYMOUS } func (m *Tree) GetDuplicatePolicy() DuplicatePolicy { @@ -316,50 +266,16 @@ func (m *Tree) GetUpdateTimeMillisSinceEpoch() int64 { return 0 } -// Protocol buffer encoding of the TLS DigitallySigned type, from -// RFC 5246 s4.7. -type DigitallySigned struct { - SignatureAlgorithm SignatureAlgorithm `protobuf:"varint,1,opt,name=signature_algorithm,json=signatureAlgorithm,enum=trillian.SignatureAlgorithm" json:"signature_algorithm,omitempty"` - HashAlgorithm HashAlgorithm `protobuf:"varint,2,opt,name=hash_algorithm,json=hashAlgorithm,enum=trillian.HashAlgorithm" json:"hash_algorithm,omitempty"` - Signature []byte `protobuf:"bytes,3,opt,name=signature,proto3" json:"signature,omitempty"` -} - -func (m *DigitallySigned) Reset() { *m = DigitallySigned{} } -func (m *DigitallySigned) String() string { return proto.CompactTextString(m) } -func (*DigitallySigned) ProtoMessage() {} -func (*DigitallySigned) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{1} } - -func (m *DigitallySigned) GetSignatureAlgorithm() SignatureAlgorithm { - if m != nil { - return m.SignatureAlgorithm - } - return SignatureAlgorithm_ANONYMOUS -} - -func (m *DigitallySigned) GetHashAlgorithm() HashAlgorithm { - if m != nil { - return m.HashAlgorithm - } - return HashAlgorithm_NONE -} - -func (m *DigitallySigned) GetSignature() []byte { - if m != nil { - return m.Signature - } - return nil -} - type SignedEntryTimestamp struct { - TimestampNanos int64 `protobuf:"varint,1,opt,name=timestamp_nanos,json=timestampNanos" json:"timestamp_nanos,omitempty"` - LogId int64 `protobuf:"varint,2,opt,name=log_id,json=logId" json:"log_id,omitempty"` - Signature *DigitallySigned `protobuf:"bytes,3,opt,name=signature" json:"signature,omitempty"` + TimestampNanos int64 `protobuf:"varint,1,opt,name=timestamp_nanos,json=timestampNanos" json:"timestamp_nanos,omitempty"` + LogId int64 `protobuf:"varint,2,opt,name=log_id,json=logId" json:"log_id,omitempty"` + Signature *sigpb.DigitallySigned `protobuf:"bytes,3,opt,name=signature" json:"signature,omitempty"` } func (m *SignedEntryTimestamp) Reset() { *m = SignedEntryTimestamp{} } func (m *SignedEntryTimestamp) String() string { return proto.CompactTextString(m) } func (*SignedEntryTimestamp) ProtoMessage() {} -func (*SignedEntryTimestamp) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{2} } +func (*SignedEntryTimestamp) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{1} } func (m *SignedEntryTimestamp) GetTimestampNanos() int64 { if m != nil { @@ -375,7 +291,7 @@ func (m *SignedEntryTimestamp) GetLogId() int64 { return 0 } -func (m *SignedEntryTimestamp) GetSignature() *DigitallySigned { +func (m *SignedEntryTimestamp) GetSignature() *sigpb.DigitallySigned { if m != nil { return m.Signature } @@ -390,15 +306,15 @@ type SignedLogRoot struct { // TreeSize is the number of entries in the tree. TreeSize int64 `protobuf:"varint,3,opt,name=tree_size,json=treeSize" json:"tree_size,omitempty"` // TODO(al): define serialized format for the signature scheme. - Signature *DigitallySigned `protobuf:"bytes,4,opt,name=signature" json:"signature,omitempty"` - LogId int64 `protobuf:"varint,5,opt,name=log_id,json=logId" json:"log_id,omitempty"` - TreeRevision int64 `protobuf:"varint,6,opt,name=tree_revision,json=treeRevision" json:"tree_revision,omitempty"` + Signature *sigpb.DigitallySigned `protobuf:"bytes,4,opt,name=signature" json:"signature,omitempty"` + LogId int64 `protobuf:"varint,5,opt,name=log_id,json=logId" json:"log_id,omitempty"` + TreeRevision int64 `protobuf:"varint,6,opt,name=tree_revision,json=treeRevision" json:"tree_revision,omitempty"` } func (m *SignedLogRoot) Reset() { *m = SignedLogRoot{} } func (m *SignedLogRoot) String() string { return proto.CompactTextString(m) } func (*SignedLogRoot) ProtoMessage() {} -func (*SignedLogRoot) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{3} } +func (*SignedLogRoot) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{2} } func (m *SignedLogRoot) GetTimestampNanos() int64 { if m != nil { @@ -421,7 +337,7 @@ func (m *SignedLogRoot) GetTreeSize() int64 { return 0 } -func (m *SignedLogRoot) GetSignature() *DigitallySigned { +func (m *SignedLogRoot) GetSignature() *sigpb.DigitallySigned { if m != nil { return m.Signature } @@ -451,7 +367,7 @@ type MapperMetadata struct { func (m *MapperMetadata) Reset() { *m = MapperMetadata{} } func (m *MapperMetadata) String() string { return proto.CompactTextString(m) } func (*MapperMetadata) ProtoMessage() {} -func (*MapperMetadata) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{4} } +func (*MapperMetadata) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{3} } func (m *MapperMetadata) GetSourceLogId() []byte { if m != nil { @@ -480,15 +396,15 @@ type SignedMapRoot struct { RootHash []byte `protobuf:"bytes,2,opt,name=root_hash,json=rootHash,proto3" json:"root_hash,omitempty"` Metadata *MapperMetadata `protobuf:"bytes,3,opt,name=metadata" json:"metadata,omitempty"` // TODO(al): define serialized format for the signature scheme. - Signature *DigitallySigned `protobuf:"bytes,4,opt,name=signature" json:"signature,omitempty"` - MapId int64 `protobuf:"varint,5,opt,name=map_id,json=mapId" json:"map_id,omitempty"` - MapRevision int64 `protobuf:"varint,6,opt,name=map_revision,json=mapRevision" json:"map_revision,omitempty"` + Signature *sigpb.DigitallySigned `protobuf:"bytes,4,opt,name=signature" json:"signature,omitempty"` + MapId int64 `protobuf:"varint,5,opt,name=map_id,json=mapId" json:"map_id,omitempty"` + MapRevision int64 `protobuf:"varint,6,opt,name=map_revision,json=mapRevision" json:"map_revision,omitempty"` } func (m *SignedMapRoot) Reset() { *m = SignedMapRoot{} } func (m *SignedMapRoot) String() string { return proto.CompactTextString(m) } func (*SignedMapRoot) ProtoMessage() {} -func (*SignedMapRoot) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{5} } +func (*SignedMapRoot) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{4} } func (m *SignedMapRoot) GetTimestampNanos() int64 { if m != nil { @@ -511,7 +427,7 @@ func (m *SignedMapRoot) GetMetadata() *MapperMetadata { return nil } -func (m *SignedMapRoot) GetSignature() *DigitallySigned { +func (m *SignedMapRoot) GetSignature() *sigpb.DigitallySigned { if m != nil { return m.Signature } @@ -534,14 +450,11 @@ func (m *SignedMapRoot) GetMapRevision() int64 { func init() { proto.RegisterType((*Tree)(nil), "trillian.Tree") - proto.RegisterType((*DigitallySigned)(nil), "trillian.DigitallySigned") proto.RegisterType((*SignedEntryTimestamp)(nil), "trillian.SignedEntryTimestamp") proto.RegisterType((*SignedLogRoot)(nil), "trillian.SignedLogRoot") proto.RegisterType((*MapperMetadata)(nil), "trillian.MapperMetadata") proto.RegisterType((*SignedMapRoot)(nil), "trillian.SignedMapRoot") - proto.RegisterEnum("trillian.HashAlgorithm", HashAlgorithm_name, HashAlgorithm_value) proto.RegisterEnum("trillian.HashStrategy", HashStrategy_name, HashStrategy_value) - proto.RegisterEnum("trillian.SignatureAlgorithm", SignatureAlgorithm_name, SignatureAlgorithm_value) proto.RegisterEnum("trillian.TreeState", TreeState_name, TreeState_value) proto.RegisterEnum("trillian.TreeType", TreeType_name, TreeType_value) proto.RegisterEnum("trillian.DuplicatePolicy", DuplicatePolicy_name, DuplicatePolicy_value) @@ -550,63 +463,61 @@ func init() { func init() { proto.RegisterFile("trillian.proto", fileDescriptor1) } var fileDescriptor1 = []byte{ - // 922 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xac, 0x56, 0xdd, 0x6e, 0xe3, 0x44, - 0x14, 0xae, 0x93, 0x34, 0x4d, 0x4e, 0x7e, 0x6a, 0x66, 0x69, 0xd7, 0xbb, 0x5b, 0x41, 0x09, 0x42, - 0x54, 0xb9, 0x58, 0xa4, 0x2e, 0xb4, 0x42, 0x08, 0x24, 0x93, 0xb8, 0x9b, 0x88, 0xc4, 0x8e, 0x6c, - 0x97, 0x55, 0xb9, 0x19, 0x0d, 0xf1, 0x90, 0x8c, 0x64, 0xc7, 0xb3, 0xf6, 0x04, 0x29, 0xfb, 0x12, - 0xbc, 0x0f, 0x17, 0xbc, 0x0c, 0x17, 0xbc, 0x05, 0x42, 0x33, 0xb6, 0x93, 0xb8, 0x05, 0xb4, 0xfc, - 0xdc, 0xcd, 0xf9, 0xce, 0x77, 0xbe, 0x39, 0x73, 0xce, 0x19, 0x8f, 0xa1, 0x2b, 0x12, 0x16, 0x86, - 0x8c, 0xac, 0x9e, 0xf3, 0x24, 0x16, 0x31, 0x6a, 0x14, 0x76, 0xef, 0xd7, 0x1a, 0xd4, 0xfc, 0x84, - 0x52, 0xf4, 0x18, 0x8e, 0x44, 0x42, 0x29, 0x66, 0x81, 0xa1, 0x9d, 0x6b, 0x17, 0x55, 0xb7, 0x2e, - 0xcd, 0x71, 0x80, 0x2e, 0x01, 0x94, 0x23, 0x15, 0x44, 0x50, 0xa3, 0x72, 0xae, 0x5d, 0x74, 0x2f, - 0x1f, 0x3d, 0xdf, 0x0a, 0xca, 0x60, 0x4f, 0xba, 0xdc, 0xa6, 0x28, 0x96, 0xe8, 0x13, 0x50, 0x06, - 0x16, 0x1b, 0x4e, 0x8d, 0xaa, 0x0a, 0x41, 0xe5, 0x10, 0x7f, 0xc3, 0xa9, 0xdb, 0x10, 0xf9, 0x0a, - 0x7d, 0x01, 0x9d, 0x25, 0x49, 0x97, 0x38, 0x15, 0x09, 0x11, 0x74, 0xb1, 0x31, 0x6a, 0x2a, 0xe8, - 0x74, 0x17, 0x34, 0x22, 0xe9, 0xd2, 0xcb, 0xbd, 0x6e, 0x7b, 0xb9, 0x67, 0xa1, 0xaf, 0xa0, 0xab, - 0x82, 0x49, 0xb8, 0x88, 0x13, 0x26, 0x96, 0x91, 0x71, 0xa8, 0xa2, 0x1f, 0x97, 0xa3, 0xcd, 0xc2, - 0xed, 0xaa, 0xbd, 0xb6, 0x26, 0x9a, 0xc2, 0xa3, 0x94, 0x2d, 0x56, 0x44, 0xac, 0x13, 0xba, 0x27, - 0x52, 0x57, 0x22, 0x67, 0x3b, 0x11, 0xaf, 0x20, 0xed, 0x94, 0x50, 0xfa, 0x00, 0x43, 0x43, 0xd0, - 0x83, 0x35, 0x0f, 0xd9, 0x9c, 0x08, 0x8a, 0x79, 0x1c, 0xb2, 0xf9, 0xc6, 0x38, 0x52, 0x5a, 0x4f, - 0x76, 0x5a, 0xc3, 0x82, 0x31, 0x53, 0x04, 0xf7, 0x38, 0x28, 0x03, 0xe8, 0x03, 0x68, 0x07, 0x2c, - 0xe5, 0x21, 0xd9, 0xe0, 0x15, 0x89, 0xa8, 0xd1, 0x38, 0xd7, 0x2e, 0x9a, 0x6e, 0x2b, 0xc7, 0x6c, - 0x12, 0x51, 0x74, 0x0e, 0xad, 0x80, 0xa6, 0xf3, 0x84, 0x71, 0xc1, 0xe2, 0x95, 0xd1, 0xcc, 0x19, - 0x3b, 0x08, 0x7d, 0x0d, 0xef, 0xcd, 0x13, 0x2a, 0xf3, 0x10, 0x2c, 0xa2, 0x38, 0x92, 0x9b, 0xa7, - 0x38, 0x65, 0xab, 0x39, 0xc5, 0x94, 0xc7, 0xf3, 0xa5, 0x01, 0xaa, 0xd7, 0x4f, 0x33, 0x96, 0xcf, - 0x22, 0x3a, 0x55, 0x1c, 0x4f, 0x52, 0x2c, 0xc9, 0x90, 0x1a, 0x6b, 0x1e, 0xfc, 0x9d, 0x46, 0x2b, - 0xd3, 0xc8, 0x58, 0x7f, 0xa6, 0xd1, 0xfb, 0x45, 0x83, 0xe3, 0x21, 0x5b, 0x30, 0x41, 0xc2, 0x70, - 0x23, 0xcb, 0x48, 0x83, 0xbf, 0xaa, 0xba, 0xf6, 0x2f, 0xab, 0xfe, 0x70, 0x08, 0x2a, 0xff, 0x68, - 0x08, 0xce, 0xa0, 0xb9, 0x55, 0x55, 0x23, 0xdb, 0x76, 0x77, 0x40, 0xef, 0x27, 0x0d, 0xde, 0xcd, - 0xf2, 0xb6, 0x56, 0x22, 0xd9, 0xc8, 0x43, 0xa6, 0x82, 0x44, 0x1c, 0x7d, 0x0c, 0xc7, 0xa2, 0x30, - 0xf0, 0x8a, 0xac, 0xe2, 0x34, 0xbf, 0x3e, 0xdd, 0x2d, 0x6c, 0x4b, 0x14, 0x9d, 0x40, 0x3d, 0x8c, - 0x17, 0xf2, 0x7a, 0x55, 0x94, 0xff, 0x30, 0x8c, 0x17, 0xe3, 0x00, 0x5d, 0xdf, 0xdf, 0xb6, 0x55, - 0x9a, 0x92, 0x72, 0xcd, 0xf6, 0x33, 0xfa, 0x4d, 0x83, 0x4e, 0x86, 0x4e, 0xe2, 0x85, 0x1b, 0xc7, - 0xe2, 0xed, 0x53, 0x79, 0x06, 0xcd, 0x24, 0x8e, 0x05, 0x96, 0x05, 0x50, 0xd9, 0xb4, 0xdd, 0x86, - 0x04, 0x64, 0x7d, 0xa4, 0x33, 0xbb, 0xee, 0xec, 0x4d, 0x96, 0x50, 0x35, 0xbb, 0xa6, 0x1e, 0x7b, - 0x43, 0xcb, 0xd9, 0xd6, 0xde, 0x3e, 0xdb, 0xbd, 0xd3, 0x1f, 0xee, 0x9f, 0xfe, 0x43, 0xe8, 0xa8, - 0xcd, 0x12, 0xfa, 0x23, 0x4b, 0xe5, 0x0c, 0xd7, 0x95, 0xb7, 0x2d, 0x41, 0x37, 0xc7, 0x7a, 0x3f, - 0x6b, 0xd0, 0x9d, 0x12, 0xce, 0x69, 0x32, 0xa5, 0x82, 0x04, 0x44, 0x10, 0xd4, 0x83, 0x4e, 0x1a, - 0xaf, 0x93, 0x39, 0xc5, 0xb9, 0xaa, 0xa6, 0x4e, 0xd1, 0xca, 0xc0, 0x89, 0xd2, 0xfe, 0x12, 0x9e, - 0x2d, 0xd9, 0x62, 0x49, 0x53, 0x81, 0x7f, 0x58, 0x87, 0xe1, 0x06, 0xcf, 0xe3, 0x88, 0x87, 0x54, - 0xd0, 0x00, 0xa7, 0xf4, 0x75, 0xde, 0x05, 0x23, 0xa7, 0xdc, 0x48, 0xc6, 0xa0, 0x20, 0x78, 0xf4, - 0x35, 0xb2, 0xe0, 0xfd, 0x22, 0x9c, 0x93, 0x44, 0x30, 0xf2, 0x50, 0x22, 0xab, 0xce, 0x59, 0x4e, - 0x9b, 0x15, 0xac, 0x7d, 0x99, 0xde, 0xef, 0xdb, 0x36, 0x4d, 0x09, 0xff, 0x1f, 0xdb, 0xf4, 0x29, - 0x34, 0xa2, 0xbc, 0x1a, 0xf9, 0xd8, 0x18, 0xbb, 0x46, 0x94, 0xab, 0xe5, 0x6e, 0x99, 0xff, 0xa9, - 0x7f, 0x11, 0xe1, 0x7b, 0xfd, 0x8b, 0x08, 0x1f, 0x07, 0xf2, 0x23, 0x25, 0xe1, 0x7b, 0xed, 0x6b, - 0x45, 0x84, 0x17, 0xdd, 0xeb, 0x7f, 0x04, 0x9d, 0xd2, 0xbd, 0x43, 0x0d, 0xa8, 0xd9, 0x8e, 0x6d, - 0xe9, 0x07, 0x08, 0xa0, 0xee, 0x8d, 0xcc, 0xcb, 0xcf, 0xae, 0xf4, 0x5a, 0xff, 0x1a, 0xda, 0xfb, - 0x5f, 0x78, 0xf4, 0x04, 0x4e, 0x6e, 0xed, 0x6f, 0x6c, 0xe7, 0x95, 0x8d, 0x47, 0xa6, 0x37, 0xc2, - 0x9e, 0xef, 0x9a, 0xbe, 0xf5, 0xf2, 0x4e, 0x3f, 0x40, 0x6d, 0x68, 0xb8, 0x37, 0x03, 0x7c, 0xf5, - 0xf9, 0xd5, 0xa5, 0xae, 0xf5, 0xaf, 0x01, 0x3d, 0xfc, 0x42, 0xa0, 0x0e, 0x34, 0x4d, 0xdb, 0xb1, - 0xef, 0xa6, 0xce, 0xad, 0xa7, 0x1f, 0xa0, 0x23, 0xa8, 0xba, 0x9e, 0xa9, 0x6b, 0xa8, 0x09, 0x87, - 0xd6, 0x60, 0xe8, 0x99, 0x7a, 0xb5, 0x8f, 0xa1, 0xb9, 0x7d, 0xbb, 0xd0, 0x29, 0xa0, 0x62, 0x3b, - 0xdf, 0xb5, 0x2c, 0xec, 0xf9, 0xa6, 0x9f, 0xa7, 0x68, 0x0e, 0xfc, 0xf1, 0xb7, 0x96, 0xae, 0xc9, - 0xf5, 0x8d, 0xeb, 0x7c, 0x67, 0xd9, 0x7a, 0x05, 0xe9, 0xd0, 0xf6, 0x9c, 0x1b, 0x1f, 0x0f, 0xad, - 0x89, 0xe5, 0x5b, 0x43, 0xbd, 0x2a, 0x91, 0x91, 0xe9, 0x0e, 0xb7, 0x48, 0xad, 0xff, 0x02, 0x1a, - 0xc5, 0x4b, 0x87, 0x4e, 0xe0, 0x9d, 0x92, 0xbe, 0x7f, 0x37, 0xb3, 0xb2, 0xbc, 0x26, 0xce, 0x4b, - 0x5d, 0x93, 0x8b, 0xa9, 0x39, 0xd3, 0x2b, 0xfd, 0x39, 0x1c, 0xdf, 0x7b, 0x1a, 0xd0, 0x19, 0x18, - 0x45, 0xec, 0xf0, 0x76, 0x36, 0x19, 0x0f, 0x4c, 0xdf, 0xc2, 0x33, 0x67, 0x32, 0x1e, 0xc8, 0x6a, - 0x3c, 0x85, 0xd3, 0x2d, 0xea, 0x61, 0xdb, 0xf1, 0xb1, 0x39, 0x99, 0x38, 0xaf, 0xac, 0xa1, 0xae, - 0xc9, 0x53, 0xed, 0xf9, 0x0a, 0xbc, 0xf2, 0x7d, 0x5d, 0xfd, 0x05, 0xbc, 0xf8, 0x23, 0x00, 0x00, - 0xff, 0xff, 0xa5, 0x21, 0xa0, 0xda, 0x17, 0x08, 0x00, 0x00, + // 881 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xac, 0x55, 0xdd, 0x6e, 0xdb, 0x36, + 0x14, 0xae, 0x6c, 0xd7, 0xb1, 0x8f, 0x1d, 0x47, 0x63, 0x97, 0x4c, 0x4d, 0x8b, 0x2d, 0xf3, 0x06, + 0x2c, 0xcb, 0x45, 0x0c, 0x24, 0x45, 0x87, 0x61, 0xd8, 0x85, 0x67, 0x2b, 0x8d, 0x51, 0xff, 0x41, + 0x52, 0x57, 0xb4, 0x37, 0x04, 0x23, 0x71, 0x32, 0x01, 0xc9, 0x64, 0x25, 0x7a, 0x80, 0xfa, 0x0c, + 0x7b, 0xa2, 0x3d, 0xcf, 0xde, 0x62, 0x18, 0x30, 0x90, 0xfa, 0xb1, 0xdd, 0x76, 0x43, 0x31, 0xec, + 0xc6, 0x20, 0xbf, 0xf3, 0x7d, 0x9f, 0xce, 0xe1, 0x39, 0xa4, 0xa1, 0x27, 0x13, 0x16, 0x45, 0x8c, + 0xac, 0x2f, 0x45, 0xc2, 0x25, 0x47, 0xad, 0x72, 0x7f, 0x7a, 0x1d, 0x32, 0xb9, 0xda, 0xdc, 0x5d, + 0xfa, 0x3c, 0x1e, 0x84, 0x9c, 0x87, 0x11, 0x1d, 0x94, 0xb1, 0x81, 0x9f, 0x64, 0x42, 0xf2, 0x41, + 0xca, 0x42, 0x71, 0x97, 0xff, 0xe6, 0xf2, 0xfe, 0x5f, 0x0d, 0x68, 0x78, 0x09, 0xa5, 0xe8, 0x33, + 0x38, 0x90, 0x09, 0xa5, 0x98, 0x05, 0x96, 0x71, 0x66, 0x9c, 0xd7, 0x9d, 0xa6, 0xda, 0x4e, 0x02, + 0x74, 0x05, 0xa0, 0x03, 0xa9, 0x24, 0x92, 0x5a, 0xb5, 0x33, 0xe3, 0xbc, 0x77, 0xf5, 0xe0, 0xb2, + 0xca, 0x42, 0x89, 0x5d, 0x15, 0x72, 0xda, 0xb2, 0x5c, 0xa2, 0x01, 0xe8, 0x0d, 0x96, 0x99, 0xa0, + 0x56, 0x5d, 0x4b, 0xd0, 0xbe, 0xc4, 0xcb, 0x04, 0x75, 0x5a, 0xb2, 0x58, 0xa1, 0x1f, 0xe0, 0x70, + 0x45, 0xd2, 0x15, 0x4e, 0x65, 0x42, 0x24, 0x0d, 0x33, 0xab, 0xa1, 0x45, 0x27, 0x5b, 0xd1, 0x2d, + 0x49, 0x57, 0x6e, 0x11, 0x75, 0xba, 0xab, 0x9d, 0x1d, 0x7a, 0x0e, 0x3d, 0x2d, 0x26, 0x51, 0xc8, + 0x13, 0x26, 0x57, 0xb1, 0x75, 0x5f, 0xab, 0xbf, 0xbe, 0xcc, 0x2b, 0x1d, 0xb3, 0x90, 0x49, 0x12, + 0x45, 0x99, 0xcb, 0xc2, 0x35, 0x0d, 0xb4, 0xd5, 0xb0, 0xe4, 0x3a, 0xfa, 0xc3, 0xd5, 0x16, 0xbd, + 0x86, 0x07, 0x29, 0x0b, 0xd7, 0x44, 0x6e, 0x12, 0xba, 0xe3, 0xd8, 0xd4, 0x8e, 0xdf, 0xfe, 0x83, + 0xa3, 0x5b, 0x2a, 0xb6, 0xb6, 0x28, 0x7d, 0x0f, 0x43, 0x63, 0x30, 0x83, 0x8d, 0x88, 0x98, 0x4f, + 0x24, 0xc5, 0x82, 0x47, 0xcc, 0xcf, 0xac, 0x03, 0x6d, 0xfc, 0x70, 0x5b, 0xe8, 0xb8, 0x64, 0x2c, + 0x35, 0xc1, 0x39, 0x0a, 0xf6, 0x01, 0xf4, 0x25, 0x74, 0x03, 0x96, 0x8a, 0x88, 0x64, 0x78, 0x4d, + 0x62, 0x6a, 0xb5, 0xce, 0x8c, 0xf3, 0xb6, 0xd3, 0x29, 0xb0, 0x39, 0x89, 0x29, 0x3a, 0x83, 0x4e, + 0x40, 0x53, 0x3f, 0x61, 0x42, 0x32, 0xbe, 0xb6, 0xda, 0x05, 0x63, 0x0b, 0xa1, 0x9f, 0xe0, 0x73, + 0x3f, 0xa1, 0x2a, 0x0f, 0xc9, 0x62, 0x8a, 0x63, 0xf5, 0xf1, 0x14, 0xa7, 0x6c, 0xed, 0x53, 0x4c, + 0x05, 0xf7, 0x57, 0x16, 0xe8, 0x29, 0x38, 0xcd, 0x59, 0x1e, 0x8b, 0xe9, 0x4c, 0x73, 0x5c, 0x45, + 0xb1, 0x15, 0x43, 0x79, 0x6c, 0x44, 0xf0, 0x6f, 0x1e, 0x9d, 0xdc, 0x23, 0x67, 0x7d, 0xc8, 0xa3, + 0xff, 0x9b, 0x01, 0x9f, 0xe6, 0x87, 0x68, 0xaf, 0x65, 0x92, 0x29, 0x4e, 0x2a, 0x49, 0x2c, 0xd0, + 0x37, 0x70, 0x24, 0xcb, 0x0d, 0x5e, 0x93, 0x35, 0x4f, 0x8b, 0xb9, 0xec, 0x55, 0xf0, 0x5c, 0xa1, + 0xe8, 0x18, 0x9a, 0x11, 0x0f, 0xd5, 0xdc, 0xd6, 0x74, 0xfc, 0x7e, 0xc4, 0xc3, 0x49, 0x80, 0x9e, + 0x40, 0xbb, 0xea, 0x80, 0x1e, 0xc1, 0xce, 0xd5, 0xc9, 0x87, 0xbb, 0xe7, 0x6c, 0x89, 0xfd, 0x3f, + 0x0c, 0x38, 0xcc, 0xd1, 0x29, 0x0f, 0x1d, 0xce, 0xe5, 0xc7, 0xe7, 0xf1, 0x08, 0xda, 0x09, 0xe7, + 0x12, 0xab, 0x71, 0xd2, 0xa9, 0x74, 0x9d, 0x96, 0x02, 0xd4, 0xb4, 0xa9, 0x60, 0x7e, 0x89, 0xd8, + 0xdb, 0x3c, 0x9b, 0x7a, 0x3e, 0xfc, 0x2e, 0x7b, 0x4b, 0xf7, 0x53, 0x6d, 0x7c, 0x64, 0xaa, 0x3b, + 0x75, 0xdf, 0xdf, 0xad, 0xfb, 0x2b, 0x38, 0xd4, 0x5f, 0x4a, 0xe8, 0xaf, 0x2c, 0x55, 0xcd, 0x6f, + 0xea, 0x68, 0x57, 0x81, 0x4e, 0x81, 0xf5, 0x7f, 0x37, 0xa0, 0x37, 0x23, 0x42, 0xd0, 0x64, 0x46, + 0x25, 0x09, 0x88, 0x24, 0xa8, 0x0f, 0x87, 0x29, 0xdf, 0x24, 0x3e, 0xc5, 0x85, 0xab, 0xa1, 0x4b, + 0xe8, 0xe4, 0xe0, 0x54, 0x7b, 0xff, 0x08, 0x8f, 0x56, 0x2c, 0x5c, 0xd1, 0x54, 0xe2, 0x5f, 0x36, + 0x51, 0x94, 0x61, 0x9f, 0xc7, 0x22, 0xa2, 0x92, 0x06, 0x38, 0xa5, 0x6f, 0x8a, 0xf3, 0xb7, 0x0a, + 0xca, 0x8d, 0x62, 0x8c, 0x4a, 0x82, 0x4b, 0xdf, 0x20, 0x1b, 0xbe, 0x28, 0xe5, 0x82, 0x24, 0x92, + 0x91, 0xf7, 0x2d, 0xf2, 0xa3, 0x79, 0x5c, 0xd0, 0x96, 0x25, 0x6b, 0xd7, 0xa6, 0xff, 0x67, 0xd5, + 0xa3, 0x19, 0x11, 0xff, 0x63, 0x8f, 0x9e, 0x40, 0x2b, 0x2e, 0x4e, 0xa3, 0x18, 0x18, 0x6b, 0x7b, + 0x2b, 0xf7, 0x4f, 0xcb, 0xa9, 0x98, 0xff, 0xbd, 0x79, 0x31, 0x11, 0x3b, 0xcd, 0x8b, 0x89, 0x98, + 0x04, 0xea, 0x6a, 0x2b, 0xf8, 0x9d, 0xde, 0x75, 0x62, 0x22, 0xca, 0xd6, 0x5d, 0x7c, 0x07, 0xdd, + 0xdd, 0xa7, 0x10, 0x3d, 0x84, 0xe3, 0x17, 0xf3, 0xe7, 0xf3, 0xc5, 0xcb, 0x39, 0xbe, 0x1d, 0xba, + 0xb7, 0xd8, 0xf5, 0x9c, 0xa1, 0x67, 0x3f, 0x7b, 0x65, 0xde, 0x43, 0x5d, 0x68, 0x39, 0x37, 0x23, + 0xfc, 0xf4, 0xfb, 0xa7, 0x57, 0xa6, 0x71, 0x81, 0xa1, 0x5d, 0xbd, 0xd5, 0xe8, 0x04, 0x50, 0xa9, + 0xf2, 0x1c, 0xdb, 0xc6, 0xae, 0x37, 0xf4, 0x6c, 0xf3, 0x1e, 0x02, 0x68, 0x0e, 0x47, 0xde, 0xe4, + 0x67, 0xdb, 0x34, 0xd4, 0xfa, 0xc6, 0x59, 0xbc, 0xb6, 0xe7, 0x66, 0x0d, 0x99, 0xd0, 0x75, 0x17, + 0x37, 0x1e, 0x1e, 0xdb, 0x53, 0xdb, 0xb3, 0xc7, 0x66, 0x5d, 0x21, 0xb7, 0x43, 0x67, 0x5c, 0x21, + 0x8d, 0x8b, 0x6b, 0x68, 0x95, 0x2f, 0x3b, 0x3a, 0x86, 0x4f, 0xf6, 0xfc, 0xbd, 0x57, 0x4b, 0x65, + 0x7f, 0x00, 0xf5, 0xe9, 0xe2, 0x99, 0x69, 0xa8, 0xc5, 0x6c, 0xb8, 0x34, 0x6b, 0x17, 0x3e, 0x1c, + 0xbd, 0xf3, 0xe0, 0xa1, 0xc7, 0x60, 0x95, 0xda, 0xf1, 0x8b, 0xe5, 0x74, 0x32, 0x1a, 0x7a, 0x36, + 0x5e, 0x2e, 0xa6, 0x93, 0x91, 0x2a, 0xea, 0x14, 0x4e, 0x2a, 0xd4, 0xc5, 0xf3, 0x85, 0x87, 0x87, + 0xd3, 0xe9, 0xe2, 0xa5, 0x3d, 0x36, 0x0d, 0x55, 0xd5, 0x4e, 0xac, 0xc4, 0x6b, 0x77, 0x4d, 0xfd, + 0x5f, 0x77, 0xfd, 0x77, 0x00, 0x00, 0x00, 0xff, 0xff, 0x1d, 0x3f, 0x34, 0x38, 0x3c, 0x07, 0x00, + 0x00, } diff --git a/trillian.proto b/trillian.proto index 4a3b1b1baf..27e85e392c 100644 --- a/trillian.proto +++ b/trillian.proto @@ -1,18 +1,26 @@ +// Copyright 2016 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + syntax = "proto3"; package trillian; +import "github.com/google/trillian/crypto/sigpb/sigpb.proto"; + // What goes in here? // Things which are exposed through the public trillian APIs. -// Supported hash algorithms. The numbering space is the same as for TLS, -// given in RFC 5246 s7.4.1.4.1 and at: -// http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18 -enum HashAlgorithm { - NONE = 0; - SHA256 = 4; -} - // Defines the way empty / node / leaf hashes are constructed incorporating // preimage protection, which can be application specific. enum HashStrategy { @@ -25,15 +33,6 @@ enum HashStrategy { RFC_6962 = 1; } -// Supported signature algorithms. The numbering space is the same as for TLS, -// given in RFC 5246 s7.4.1.4.1 and at: -// http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16 -enum SignatureAlgorithm { - ANONYMOUS = 0; - RSA = 1; - ECDSA = 3; -} - // State of the tree. enum TreeState { // Tree state cannot be determined. Included to enable detection of @@ -110,11 +109,11 @@ message Tree { // Hash algorithm to be used by the tree. // Readonly. - HashAlgorithm hash_algorithm = 5; + sigpb.DigitallySigned.HashAlgorithm hash_algorithm = 5; // Signature algorithm to be used by the tree. // Readonly. - SignatureAlgorithm signature_algorithm = 6; + sigpb.DigitallySigned.SignatureAlgorithm signature_algorithm = 6; // Duplicate policy to be used by the tree. // Readonly. @@ -137,18 +136,10 @@ message Tree { int64 update_time_millis_since_epoch = 11; } -// Protocol buffer encoding of the TLS DigitallySigned type, from -// RFC 5246 s4.7. -message DigitallySigned { - SignatureAlgorithm signature_algorithm = 1; - HashAlgorithm hash_algorithm = 2; - bytes signature = 3; -} - message SignedEntryTimestamp { int64 timestamp_nanos = 1; int64 log_id = 2; - DigitallySigned signature = 3; + sigpb.DigitallySigned signature = 3; } // SignedLogRoot represents a commitment by a Log to a particular tree. @@ -159,7 +150,7 @@ message SignedLogRoot { // TreeSize is the number of entries in the tree. int64 tree_size = 3; // TODO(al): define serialized format for the signature scheme. - DigitallySigned signature = 4; + sigpb.DigitallySigned signature = 4; int64 log_id = 5; int64 tree_revision = 6; @@ -177,7 +168,7 @@ message SignedMapRoot { bytes root_hash = 2; MapperMetadata metadata = 3; // TODO(al): define serialized format for the signature scheme. - DigitallySigned signature = 4; + sigpb.DigitallySigned signature = 4; int64 map_id = 5; int64 map_revision = 6; diff --git a/trillian_api.pb.go b/trillian_api.pb.go index 6d9613f44b..f831505312 100644 --- a/trillian_api.pb.go +++ b/trillian_api.pb.go @@ -42,7 +42,6 @@ It has these top-level messages: GetSignedMapRootRequest GetSignedMapRootResponse Tree - DigitallySigned SignedEntryTimestamp SignedLogRoot MapperMetadata diff --git a/vmap/toy/vmap_toy.go b/vmap/toy/vmap_toy.go index 73f7176c4e..3db5b53832 100644 --- a/vmap/toy/vmap_toy.go +++ b/vmap/toy/vmap_toy.go @@ -24,6 +24,7 @@ import ( "github.com/golang/glog" "github.com/google/trillian" + spb "github.com/google/trillian/crypto/sigpb" "github.com/google/trillian/merkle" "github.com/google/trillian/storage" "github.com/google/trillian/storage/mysql" @@ -123,7 +124,7 @@ func main() { RootHash: root, MapId: mapID, MapRevision: tx.WriteRevision(), - Signature: &trillian.DigitallySigned{}, + Signature: &spb.DigitallySigned{}, }); err != nil { glog.Exitf("Failed to store SMH: %v", err) }