Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Drop dep on the certificate-transparency-go repo #125

Merged
merged 3 commits into from
Jun 10, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ go 1.21.0
toolchain go1.22.3

require (
github.com/google/certificate-transparency-go v1.2.1
github.com/cisco/go-tls-syntax v0.0.0-20200617162716-46b0cfb76b9b
github.com/google/go-cmp v0.6.0
golang.org/x/mod v0.18.0
)

require golang.org/x/crypto v0.23.0 // indirect
require gopkg.in/yaml.v3 v3.0.1 // indirect
17 changes: 13 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
@@ -1,8 +1,17 @@
github.com/google/certificate-transparency-go v1.2.1 h1:4iW/NwzqOqYEEoCBEFP+jPbBXbLqMpq3CifMyOnDUME=
github.com/google/certificate-transparency-go v1.2.1/go.mod h1:bvn/ytAccv+I6+DGkqpvSsEdiVGramgaSC6RD3tEmeE=
github.com/cisco/go-tls-syntax v0.0.0-20200617162716-46b0cfb76b9b h1:Ves2turKTX7zruivAcUOQg155xggcbv3suVdbKCBQNM=
github.com/cisco/go-tls-syntax v0.0.0-20200617162716-46b0cfb76b9b/go.mod h1:0AZAV7lYvynZQ5ErHlGMKH+4QYMyNCFd+AiL9MlrCYA=
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
56 changes: 53 additions & 3 deletions note/note_rfc6962.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ import (
"strings"
"time"

ct "github.com/google/certificate-transparency-go"
tls "github.com/cisco/go-tls-syntax"
"golang.org/x/mod/sumdb/note"
)

Expand Down Expand Up @@ -253,14 +253,64 @@ func formatRFC6962STH(t uint64, msg []byte) (string, []byte, error) {
rootHash := [32]byte{}
copy(rootHash[:], root)

sth := ct.SignedTreeHead{
sth := treeHeadSignature{
Version: V1,
TreeSize: size,
Timestamp: t,
SHA256RootHash: rootHash,
}
input, err := ct.SerializeSTHSignatureInput(sth)
input, err := sth.Marshal()
if err != nil {
return "", nil, err
}
return lines[0], input, nil
}

// Version represents the Version enum from section 3.2:
//
// enum { v1(0), (255) } Version;
type version uint8 // tls:"maxval:255"

// CT Version constants from section 3.2.
const (
V1 version = 0
)

// ~ignatureType differentiates STH signatures from SCT signatures, see section 3.2.
//
// enum { certificate_timestamp(0), tree_hash(1), (255) } SignatureType;
type signatureType uint8 // tls:"maxval:255"

// SignatureType constants from section 3.2.
const (
treeHashSignatureType signatureType = 1
)

// sha256Hash represents the output from the SHA256 hash function.
type sha256Hash [sha256.Size]byte

// treeHeadSignature holds the data over which the signature in an STH is
// generated; see section 3.5
type treeHeadSignature struct {
Version version `tls:"maxval:255"`
SignatureType signatureType `tls:"maxval:255"` // == TreeHashSignatureType
Timestamp uint64
TreeSize uint64
SHA256RootHash sha256Hash
}

// Marshal serializes the passed in STH into the correct
// format for signing.
func (s treeHeadSignature) Marshal() ([]byte, error) {
switch s.Version {
case V1:
if len(s.SHA256RootHash) != crypto.SHA256.Size() {
return nil, fmt.Errorf("invalid TreeHash length, got %d expected %d", len(s.SHA256RootHash), crypto.SHA256.Size())
}
s.SignatureType = treeHashSignatureType

return tls.Marshal(s)
default:
return nil, fmt.Errorf("unsupported STH version %d", s.Version)
}
}
Loading