Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for verifying Sunlight checkpoints #99

Merged
merged 12 commits into from
Apr 15, 2024

Conversation

AlCutter
Copy link
Collaborator

@AlCutter AlCutter commented Mar 28, 2024

This PR adds support for verifying sunlight style checkpoints.

It provides:

  • A helper to create a note Verifier string from RFC6962 log URL & public keys
  • A note.Verifier implementation of the sunlight RFC6962 0x05 signature scheme
  • A function which can convert RFC6962 JSON formatted Signed Tree Head structures directly to sunlight signed checkpoint format.

TODO: figure out best way to avoid the dep on ct-go #105

@AlCutter AlCutter requested review from jiggoha and phbnf March 28, 2024 16:41
@AlCutter AlCutter requested a review from a team as a code owner March 28, 2024 16:41
@AlCutter AlCutter force-pushed the solar_signature branch 4 times, most recently from ffad4c5 to c99d6d7 Compare March 28, 2024 16:57
Copy link

codecov bot commented Mar 28, 2024

Codecov Report

Attention: Patch coverage is 66.92913% with 42 lines in your changes are missing coverage. Please review.

Project coverage is 76.99%. Comparing base (fa00c16) to head (dbdce9e).
Report is 22 commits behind head on main.

Files Patch % Lines
note/note_rfc6962.go 66.40% 24 Missing and 18 partials ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main      #99      +/-   ##
==========================================
- Coverage   82.57%   76.99%   -5.58%     
==========================================
  Files           5        6       +1     
  Lines         241      313      +72     
==========================================
+ Hits          199      241      +42     
- Misses         30       42      +12     
- Partials       12       30      +18     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

note/note_rfc6962.go Show resolved Hide resolved
note/note_rfc6962.go Show resolved Hide resolved
note/note_rfc6962.go Show resolved Hide resolved
note/note_rfc6962_test.go Show resolved Hide resolved
note/note_rfc6962_test.go Outdated Show resolved Hide resolved
note/note_rfc6962_test.go Show resolved Hide resolved
Copy link

@FiloSottile FiloSottile left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BTW, is there a way to hide Codecov complaints? They are extremely distracting.

}

// NewRFC6962Verifier creates a note verifier for Sunlight/RFC6962 checkpoint signatures.
func NewRFC6962Verifier(vkey string) (note.Verifier, error) {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have one of these, named just the same, in an (for now) untagged version of the Sunlight module.

https://pkg.go.dev/filippo.io/sunlight@main#NewRFC6962Verifier

What do you think of it? Would it make sense to import it from here?

A key difference is that it allows extracting/validating the timestamp, which I think is critical for verification.

I didn't make a string encoding for it though. Should we specify those?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aha, I was trying to do this "clean room" from the spec :)

In general I really like the string vkey idea; it makes it very easy to poke through configs in existing code (e.g. the witness), so I'm all up for specifying for all the note-compatible verifiers we're cooking up!

On the extracting the timestamp, the way I was going to go was the same as I've done here for TimestampCoSigv1: https://github.com/transparency-dev/formats/blob/main/note/note_cosigv1.go#L116-L127

Passing the call-back in at verifier c'tor time means that in apps like the witness you can't really create verifiers out at "config parsing" time (with corresponding error handling there) and then pass them down into other funcs/modules without adding some other complexity around how you pass that callback in too. It also means that the verifier is no longer safe to use from multiple go-routines.

It "feels good" to have the timestamp extracted during verification available, but OTOH, since note.Note already has a mechanism to convey which sigs (if any) were verified, I figured it's probably ok to have the application logic which relies on those signatures then go and explicitly extract the "extra" info present in them. Any malicious code which could modify/insert/remove entries from the note.Sigs[] immediately after the note.Open() returns can also probably just nobble the signature verification/timestamp extraction itself, or the callback and its side effects, etc.

wdyt?

note/note_rfc6962.go Show resolved Hide resolved
note/note_rfc6962.go Show resolved Hide resolved
note/note_rfc6962.go Outdated Show resolved Hide resolved
@AlCutter AlCutter force-pushed the solar_signature branch 2 times, most recently from 4856457 to 043c733 Compare April 11, 2024 11:56
@codecov-commenter
Copy link

Codecov Report

Attention: Patch coverage is 66.92913% with 42 lines in your changes are missing coverage. Please review.

Project coverage is 76.99%. Comparing base (fa00c16) to head (dc192e9).
Report is 23 commits behind head on main.

Files Patch % Lines
note/note_rfc6962.go 66.40% 24 Missing and 18 partials ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main      #99      +/-   ##
==========================================
- Coverage   82.57%   76.99%   -5.58%     
==========================================
  Files           5        6       +1     
  Lines         241      313      +72     
==========================================
+ Hits          199      241      +42     
- Misses         30       42      +12     
- Partials       12       30      +18     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@@ -3,6 +3,9 @@ module github.com/transparency-dev/formats
go 1.21

require (
github.com/google/certificate-transparency-go v1.1.8
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed, please open an issue about this dependency. Copying out the CT bits we need is reasonable as a solution. We worked very hard to keep the number of deps for this repo to a minimum. This now implicitly depends on trillian, which is a big dependency load that was a prime part of the motivation towards creating these smaller repos.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

return v, nil
}

// SignedTreeHead represents the structure returned by the get-sth CT method
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: signedTreeHead (lower case s).

Passim.

// rfc6962LogName returns a sunlight checkpoint compatible log name from the
// passed in CT log root URL.
//
// "For example, a log with submission prefix https://rome.ct.example.com/2024h1/ will use rome.ct.example.com/2024h1 as the checkpoint origin line"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The quotes around this sentence have me asking a lot of questions. I suspect it's an accident. If not, it needs an attribution.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Linked to Sunlight spec

@AlCutter AlCutter merged commit 3372d76 into transparency-dev:main Apr 15, 2024
8 checks passed
@AlCutter AlCutter deleted the solar_signature branch April 15, 2024 15:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants