Fixes

transparency-dev · Apr 11, 2024 · 043c733 · 043c733
1 parent 7be98ba
commit 043c733
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 3 deletions.
diff --git a/note/note_rfc6962.go b/note/note_rfc6962.go
@@ -105,7 +105,11 @@ func RFC6962STHToCheckpoint(j []byte, v note.Verifier) ([]byte, error) {
 	sigBytes = append(sigBytes, sth.TreeHeadSignature...)
 	sigLine := fmt.Sprintf("\u2014 %s %s", logName, base64.StdEncoding.EncodeToString(sigBytes))
 
-	return []byte(fmt.Sprintf("%s\n%s\n", body, sigLine)), nil
+	n := []byte(fmt.Sprintf("%s\n%s\n", body, sigLine))
+	if _, err := note.Open(n, note.VerifierList(v)); err != nil {
+		return nil, err
+	}
+	return n, nil
 }
 
 func rfc6962Keyhash(name string, logID [32]byte) uint32 {
@@ -168,7 +172,7 @@ func verifyRFC6962(key crypto.PublicKey) func([]byte, string, []byte) bool {
 		sigLen := binary.BigEndian.Uint16(sig)
 		sig = sig[2:] // Slice off length bytes
 
-		// All that rremains should be the signature bytes themselves, and nothing more.
+		// All that remains should be the signature bytes themselves, and nothing more.
 		if len(sig) != int(sigLen) {
 			return false
 		}

diff --git a/note/note_rfc6962_test.go b/note/note_rfc6962_test.go
@@ -116,7 +116,7 @@ func TestVerify(t *testing.T) {
 	}
 }
 
-func TestRFC6962ToNote(t *testing.T) {
+func TestRFC6962STHToCheckpoint(t *testing.T) {
 	for _, test := range []struct {
 		name     string
 		sth      []byte
@@ -127,6 +127,16 @@ func TestRFC6962ToNote(t *testing.T) {
 			name:     "works",
 			sth:      []byte(`{"tree_size":1267285836,"timestamp":1711642477482,"sha256_root_hash":"SHySaYoaGIV5oCMANTytRfUjfzXb7wvO9xQiGkDJlfQ=","tree_head_signature":"BAMARzBFAiAQWbsL/MbJdeR4jk8xYKWDBDGHyDcntBim9Jr1BvwPnAIhAMedQo0YuBo+ajNd9xyVOMvhOdVAeJYgOhBLQn8rca94"}`),
 			verifier: "ct.googleapis.com/logs/us1/argon2024+7deb49d0+BTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABB25bKnLaZTFXOa2pgO70rjcVEMXKJkMBgFQHZ1kwFlGK9zIAx0FtC2oCfeZQe0E++VXuiYE9hFSzhRlOy92K8A=",
+		}, {
+			name:     "invalid JSON",
+			sth:      []byte(`Bananas are cool : {"tree_size":1267285836,"timestamp":1711642477482,"sha256_root_hash":"SHySaYoaGIV5oCMANTytRfUjfzXb7wvO9xQiGkDJlfQ=","tree_head_signature":"BAMARzBFAiAQWbsL/MbJdeR4jk8xYKWDBDGHyDcntBim9Jr1BvwPnAIhAMedQo0YuBo+ajNd9xyVOMvhOdVAeJYgOhBLQn8rca94"}`),
+			verifier: "ct.googleapis.com/logs/us1/argon2024+7deb49d0+BTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABB25bKnLaZTFXOa2pgO70rjcVEMXKJkMBgFQHZ1kwFlGK9zIAx0FtC2oCfeZQe0E++VXuiYE9hFSzhRlOy92K8A=",
+			wantErr:  true,
+		}, {
+			name:     "invalid STH",
+			sth:      []byte(`{"tree_size":1267285836,"timestamp":1711642477482,"sha256_root_hash":"SHySaYoaGIV5oCMANTytRfUjfzXb7wvO9xQiGkDJlfQ=","tree_head_signature":"BananaSignature"}`),
+			verifier: "ct.googleapis.com/logs/us1/argon2024+7deb49d0+BTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABB25bKnLaZTFXOa2pgO70rjcVEMXKJkMBgFQHZ1kwFlGK9zIAx0FtC2oCfeZQe0E++VXuiYE9hFSzhRlOy92K8A=",
+			wantErr:  true,
 		},
 	} {
 		t.Run(test.name, func(t *testing.T) {
@@ -139,6 +149,9 @@ func TestRFC6962ToNote(t *testing.T) {
 			if gotErr := err != nil; gotErr != test.wantErr {
 				t.Fatalf("Got err %q, wantErr: %t", err, test.wantErr)
 			}
+			if test.wantErr {
+				return
+			}
 			n, err := note.Open(nRaw, note.VerifierList(v))
 			if err != nil {
 				t.Fatalf("Failed to open note: %v", err)