-
Notifications
You must be signed in to change notification settings - Fork 3.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Brian DeHamer <[email protected]>
- Loading branch information
Showing
15 changed files
with
207 additions
and
224 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
"use strict"; | ||
var __importDefault = (this && this.__importDefault) || function (mod) { | ||
return (mod && mod.__esModule) ? mod : { "default": mod }; | ||
}; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.verifyMerkleInclusion = void 0; | ||
/* | ||
Copyright 2023 The Sigstore Authors. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
const crypto_1 = __importDefault(require("crypto")); | ||
const error_1 = require("../../error"); | ||
const RFC6962_LEAF_HASH_PREFIX = Buffer.from([0x00]); | ||
const RFC6962_NODE_HASH_PREFIX = Buffer.from([0x01]); | ||
function verifyMerkleInclusion(entry) { | ||
const inclusionProof = entry.inclusionProof; | ||
if (!inclusionProof) { | ||
throw new error_1.VerificationError('tlog entry has no inclusion proof'); | ||
} | ||
const logIndex = BigInt(inclusionProof.logIndex); | ||
const treeSize = BigInt(inclusionProof.treeSize); | ||
if (logIndex < 0n || logIndex >= treeSize) { | ||
throw new error_1.VerificationError('invalid inclusion proof index'); | ||
} | ||
// Figure out which subset of hashes corresponds to the inner and border | ||
// nodes | ||
const { inner, border } = decompInclProof(logIndex, treeSize); | ||
if (inclusionProof.hashes.length !== inner + border) { | ||
throw new error_1.VerificationError('invalid inclusion proof length'); | ||
} | ||
const innerHashes = inclusionProof.hashes.slice(0, inner); | ||
const borderHashes = inclusionProof.hashes.slice(inner); | ||
// The entry's hash is the leaf hash | ||
const leafHash = hashLeaf(entry.canonicalizedBody); | ||
// Chain the hashes belonging to the inner and border portions | ||
const calculatedHash = chainBorderRight(chainInner(leafHash, innerHashes, logIndex), borderHashes); | ||
// Calculated hash should match the root hash in the inclusion proof | ||
return bufferEqual(calculatedHash, inclusionProof.rootHash); | ||
} | ||
exports.verifyMerkleInclusion = verifyMerkleInclusion; | ||
// Breaks down inclusion proof for a leaf at the specified index in a tree of | ||
// the specified size. The split point is where paths to the index leaf and | ||
// the (size - 1) leaf diverge. Returns lengths of the bottom and upper proof | ||
// parts. | ||
function decompInclProof(index, size) { | ||
const inner = innerProofSize(index, size); | ||
const border = onesCount(index >> BigInt(inner)); | ||
return { inner, border }; | ||
} | ||
// Computes a subtree hash for a node on or below the tree's right border. | ||
// Assumes the provided proof hashes are ordered from lower to higher levels | ||
// and seed is the initial hash of the node specified by the index. | ||
function chainInner(seed, hashes, index) { | ||
return hashes.reduce((acc, h, i) => { | ||
if ((index >> BigInt(i)) & BigInt(1)) { | ||
return hashChildren(h, acc); | ||
} | ||
else { | ||
return hashChildren(acc, h); | ||
} | ||
}, seed); | ||
} | ||
// Computes a subtree hash for nodes along the tree's right border. | ||
function chainBorderRight(seed, hashes) { | ||
return hashes.reduce((acc, h) => hashChildren(h, acc), seed); | ||
} | ||
function innerProofSize(index, size) { | ||
return (index ^ (size - BigInt(1))).toString(2).length; | ||
} | ||
// Counts the number of ones in the binary representation of the given number. | ||
// https://en.wikipedia.org/wiki/Hamming_weight | ||
function onesCount(x) { | ||
return x.toString(2).split('1').length - 1; | ||
} | ||
// Hashing logic according to RFC6962. | ||
// https://datatracker.ietf.org/doc/html/rfc6962#section-2 | ||
function hashChildren(left, right) { | ||
const hasher = crypto_1.default.createHash('sha256'); | ||
hasher.update(RFC6962_NODE_HASH_PREFIX); | ||
hasher.update(left); | ||
hasher.update(right); | ||
return hasher.digest(); | ||
} | ||
function hashLeaf(leaf) { | ||
const hasher = crypto_1.default.createHash('sha256'); | ||
hasher.update(RFC6962_LEAF_HASH_PREFIX); | ||
hasher.update(leaf); | ||
return hasher.digest(); | ||
} | ||
function bufferEqual(a, b) { | ||
try { | ||
return crypto_1.default.timingSafeEqual(a, b); | ||
} | ||
catch { | ||
/* istanbul ignore next */ | ||
return false; | ||
} | ||
} |
Oops, something went wrong.