From d305a1330936a055b25581eba23b645dba2d5a9b Mon Sep 17 00:00:00 2001 From: Al Cutter Date: Wed, 18 Sep 2024 12:05:30 +0100 Subject: [PATCH] Drop TLS dep entirely (#150) --- go.mod | 3 --- go.sum | 13 ----------- note/note_rfc6962.go | 51 +++++++++++++++++++++++++------------------- 3 files changed, 29 insertions(+), 38 deletions(-) diff --git a/go.mod b/go.mod index 1c0844f..b31a9d1 100644 --- a/go.mod +++ b/go.mod @@ -5,9 +5,6 @@ go 1.22.0 toolchain go1.22.6 require ( - github.com/cisco/go-tls-syntax v0.0.0-20200617162716-46b0cfb76b9b github.com/google/go-cmp v0.6.0 golang.org/x/mod v0.21.0 ) - -require gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 6c37683..37a1d79 100644 --- a/go.sum +++ b/go.sum @@ -1,17 +1,4 @@ -github.com/cisco/go-tls-syntax v0.0.0-20200617162716-46b0cfb76b9b h1:Ves2turKTX7zruivAcUOQg155xggcbv3suVdbKCBQNM= -github.com/cisco/go-tls-syntax v0.0.0-20200617162716-46b0cfb76b9b/go.mod h1:0AZAV7lYvynZQ5ErHlGMKH+4QYMyNCFd+AiL9MlrCYA= -github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= -gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/note/note_rfc6962.go b/note/note_rfc6962.go index cead14d..02c78b5 100644 --- a/note/note_rfc6962.go +++ b/note/note_rfc6962.go @@ -29,7 +29,6 @@ import ( "strings" "time" - tls "github.com/cisco/go-tls-syntax" "golang.org/x/mod/sumdb/note" ) @@ -266,37 +265,31 @@ func formatRFC6962STH(t uint64, msg []byte) (string, []byte, error) { return lines[0], input, nil } -// Version represents the Version enum from section 3.2: -// -// enum { v1(0), (255) } Version; -type version uint8 // tls:"maxval:255" - // CT Version constants from section 3.2. const ( - V1 version = 0 + V1 uint8 = 0 ) -// ~ignatureType differentiates STH signatures from SCT signatures, see section 3.2. -// -// enum { certificate_timestamp(0), tree_hash(1), (255) } SignatureType; -type signatureType uint8 // tls:"maxval:255" - // SignatureType constants from section 3.2. const ( - treeHashSignatureType signatureType = 1 + treeHashSignatureType uint8 = 1 ) -// sha256Hash represents the output from the SHA256 hash function. -type sha256Hash [sha256.Size]byte - // treeHeadSignature holds the data over which the signature in an STH is // generated; see section 3.5 type treeHeadSignature struct { - Version version `tls:"maxval:255"` - SignatureType signatureType `tls:"maxval:255"` // == TreeHashSignatureType - Timestamp uint64 - TreeSize uint64 - SHA256RootHash sha256Hash + // Version represents the Version enum from section 3.2: + // + // enum { v1(0), (255) } Version; + Version uint8 + // SignatureType differentiates STH signatures from SCT signatures, see section 3.2. + // + // enum { certificate_timestamp(0), tree_hash(1), (255) } SignatureType; + SignatureType uint8 + Timestamp uint64 + TreeSize uint64 + // sha256Hash represents the output from the SHA256 hash function. + SHA256RootHash [sha256.Size]byte } // Marshal serializes the passed in STH into the correct @@ -309,7 +302,21 @@ func (s treeHeadSignature) Marshal() ([]byte, error) { } s.SignatureType = treeHashSignatureType - return tls.Marshal(s) + // This is technically TLS encoded, but since all fields are of known size it boils down to + // just the raw bytes. + b := make([]byte, 2+8+8+32) + i := 0 + b[i] = byte(s.Version) + i++ + b[i] = byte(treeHashSignatureType) + i++ + binary.BigEndian.PutUint64(b[i:], s.Timestamp) + i += 8 + binary.BigEndian.PutUint64(b[i:], s.TreeSize) + i += 8 + copy(b[i:], s.SHA256RootHash[:]) + + return b, nil default: return nil, fmt.Errorf("unsupported STH version %d", s.Version) }