Convert evidence to a list

- Use a list for evidence instead of a single value. This should allow
  evidence to be used more broadly than for X.509 chains in the future:
  (see davidben/merkle-tree-certs#23).
- Use lazy parsing for X.509 chain evidence.

Unrelated:
- Rename http/server.go functions for consistency with cli.

Author: lukevalenta

ca/ca.go

@@ -552,7 +552,7 @@ func (ca *Handle) CertificateFor(a mtc.Assertion) (*mtc.BikeshedCertificate, err
 var errShortCircuit = errors.New("short circuit")
 
 // Returns the evidence for an issued assertion
-func (ca *Handle) EvidenceFor(a mtc.Assertion) (*mtc.Evidence, error) {
+func (ca *Handle) EvidenceFor(a mtc.Assertion) (*mtc.EvidenceList, error) {
 	aa := a.Abridge()
 	var key [mtc.HashLen]byte
 	err := aa.Key(key[:])
@@ -568,7 +568,7 @@ func (ca *Handle) EvidenceFor(a mtc.Assertion) (*mtc.Evidence, error) {
 		return nil, fmt.Errorf("no assertion with key %x on record", key)
 	}
 
-	var ev *mtc.Evidence
+	var el *mtc.EvidenceList
 	evFile, err := ca.evFileFor(res.Batch)
 	if err != nil {
 		return nil, err
@@ -577,15 +577,15 @@ func (ca *Handle) EvidenceFor(a mtc.Assertion) (*mtc.Evidence, error) {
 	if err != nil {
 		return nil, err
 	}
-	err = mtc.UnmarshalEvidenceEntries(evFile, func(_ int, ev2 *mtc.Evidence) error {
-		ev = ev2
+	err = mtc.UnmarshalEvidenceLists(evFile, func(_ int, el2 *mtc.EvidenceList) error {
+		el = el2
 		return errShortCircuit
 	})
 	if err != errShortCircuit {
 		return nil, err
 	}
 
-	return ev, nil
+	return el, nil
 }
 
 // Search for AbridgedAssertions's batch/seqno/offset/evidence_offset by key.

ca/index.go

@@ -187,7 +187,7 @@ func ComputeIndex(aaReader, evReader io.Reader, w io.Writer) error {
 	})
 
 	seqno = uint64(0)
-	err = mtc.UnmarshalEvidenceEntries(evReader, func(offset int, _ *mtc.Evidence) error {
+	err = mtc.UnmarshalEvidenceLists(evReader, func(offset int, _ *mtc.EvidenceList) error {
 		entries[seqno].evidenceOffset = uint64(offset)
 		seqno++
 		return nil

cmd/mtc/main.go

@@ -189,7 +189,7 @@ func assertionRequestFromFlagsUnchecked(cc *cli.Context) (*mtc.AssertionRequest,
 
 	var (
 		a      mtc.Assertion
-		e      mtc.Evidence
+		el     mtc.EvidenceList
 		scheme mtc.SignatureScheme
 	)
 
@@ -250,8 +250,11 @@ func assertionRequestFromFlagsUnchecked(cc *cli.Context) (*mtc.AssertionRequest,
 			return nil, fmt.Errorf("from-x509: %s", err)
 		}
 
-		e.Type = mtc.X509ChainEvidenceType
-		e.Info = mtc.X509ChainEvidenceInfo(certs)
+		ev, err := mtc.NewX509ChainEvidence(certs)
+		if err != nil {
+			return nil, err
+		}
+		el = append(el, ev)
 	}
 
 	// Setting any claim will overwrite those suggested by the
@@ -342,7 +345,7 @@ func assertionRequestFromFlagsUnchecked(cc *cli.Context) (*mtc.AssertionRequest,
 
 	return &mtc.AssertionRequest{
 		Assertion: a,
-		Evidence:  e,
+		Evidence:  el,
 		Checksum:  checksum,
 	}, nil
 }
@@ -498,7 +501,10 @@ func handleCaShowQueue(cc *cli.Context) error {
 		if len(cs.IPv6) != 0 {
 			fmt.Fprintf(w, "ip6\t%s\n", cs.IPv6)
 		}
-		writeEvidence(w, ar.Evidence)
+		err = writeEvidenceList(w, ar.Evidence)
+		if err != nil {
+			return err
+		}
 		w.Flush()
 		fmt.Printf("\n")
 		return nil
@@ -712,26 +718,29 @@ func writeAssertion(w *tabwriter.Writer, a mtc.Assertion) {
 	}
 }
 
-func writeEvidence(w *tabwriter.Writer, e mtc.Evidence) {
-
-	fmt.Fprintf(w, "evidence\t")
-	switch e.Type {
-	case mtc.EmptyEvidenceType:
-		fmt.Fprintf(w, "empty\n")
-	case mtc.X509ChainEvidenceType:
-		fmt.Fprintf(w, "x509_chain\n")
-		for i, cert := range e.Info.(mtc.X509ChainEvidenceInfo) {
-			fmt.Fprintf(w, " certificate\t%d\n", i)
-			fmt.Fprintf(w, "  subject\t%s\n", cert.Subject.String())
-			fmt.Fprintf(w, "  issuer\t%s\n", cert.Issuer.String())
-			fmt.Fprintf(w, "  serial_no\t%x\n", cert.SerialNumber)
-			fmt.Fprintf(w, "  not_before\t%s\n", cert.NotBefore)
-			fmt.Fprintf(w, "  not_after\t%s\n", cert.NotAfter)
+func writeEvidenceList(w *tabwriter.Writer, el mtc.EvidenceList) error {
+
+	for _, ev := range el {
+		switch ev.Type() {
+		case mtc.X509ChainEvidenceType:
+			fmt.Fprintf(w, "x509_chain\n")
+			chain, err := ev.(mtc.X509ChainEvidence).Chain()
+			if err != nil {
+				return err
+			}
+			for j, cert := range chain {
+				fmt.Fprintf(w, " certificate\t%d\n", j)
+				fmt.Fprintf(w, "  subject\t%s\n", cert.Subject.String())
+				fmt.Fprintf(w, "  issuer\t%s\n", cert.Issuer.String())
+				fmt.Fprintf(w, "  serial_no\t%x\n", cert.SerialNumber)
+				fmt.Fprintf(w, "  not_before\t%s\n", cert.NotBefore)
+				fmt.Fprintf(w, "  not_after\t%s\n", cert.NotAfter)
+			}
+		default:
+			fmt.Fprintf(w, "unknown type=%d info=%x\n", ev.Type(), ev.Info())
 		}
-	default:
-		fmt.Fprintf(w, "unknown\n")
-		fmt.Fprintf(w, " raw\t%x", e.Info.(mtc.UnknownEvidenceInfo))
 	}
+	return nil
 }
 
 func handleInspectCert(cc *cli.Context) error {
@@ -820,7 +829,10 @@ func handleInspectAssertionRequest(cc *cli.Context) error {
 	w := tabwriter.NewWriter(os.Stdout, 1, 1, 1, ' ', 0)
 	fmt.Fprintf(w, "checksum\t%x\n", ar.Checksum)
 	writeAssertion(w, ar.Assertion)
-	writeEvidence(w, ar.Evidence)
+	err = writeEvidenceList(w, ar.Evidence)
+	if err != nil {
+		return err
+	}
 	w.Flush()
 	return nil
 }
@@ -834,13 +846,14 @@ func handleInspectEvidence(cc *cli.Context) error {
 	defer r.Close()
 
 	count := 0
-	err = mtc.UnmarshalEvidenceEntries(
+	err = mtc.UnmarshalEvidenceLists(
 		bufio.NewReader(r),
-		func(_ int, e *mtc.Evidence) error {
+		func(_ int, el *mtc.EvidenceList) error {
 			count++
 			w := tabwriter.NewWriter(os.Stdout, 1, 1, 1, ' ', 0)
-			writeEvidence(w, *e)
+			writeEvidenceList(w, *el)
 			w.Flush()
+			fmt.Printf("\n")
 			return nil
 		},
 	)

http/server.go

@@ -44,7 +44,7 @@ func (s *Server) Shutdown(ctx context.Context) error {
 	return s.server.Shutdown(ctx)
 }
 
-func assertionFromRequestUnchecked(r *http.Request) (*mtc.AssertionRequest, error) {
+func assertionRequestFromHTTPUnchecked(r *http.Request) (*mtc.AssertionRequest, error) {
 	var (
 		ar mtc.AssertionRequest
 	)
@@ -65,8 +65,8 @@ func assertionFromRequestUnchecked(r *http.Request) (*mtc.AssertionRequest, erro
 	}
 }
 
-func assertionFromRequest(r *http.Request) (*mtc.AssertionRequest, error) {
-	ar, err := assertionFromRequestUnchecked(r)
+func assertionRequestFromHTTP(r *http.Request) (*mtc.AssertionRequest, error) {
+	ar, err := assertionRequestFromHTTPUnchecked(r)
 	if err != nil {
 		return nil, err
 	}
@@ -87,7 +87,7 @@ func handleCaQueue(path string) func(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 		defer h.Close()
-		a, err := assertionFromRequest(r)
+		a, err := assertionRequestFromHTTP(r)
 		if err != nil {
 			http.Error(w, "invalid assertion", http.StatusBadRequest)
 			return
@@ -110,7 +110,7 @@ func handleCaCert(path string) func(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 		defer h.Close()
-		a, err := assertionFromRequest(r)
+		a, err := assertionRequestFromHTTP(r)
 		if err != nil {
 			http.Error(w, "invalid assertion", http.StatusBadRequest)
 			return

mtc.go

@@ -57,20 +57,22 @@ type Claims struct {
 type EvidenceType uint16
 
 const (
-	EmptyEvidenceType EvidenceType = iota
-	X509ChainEvidenceType
+	X509ChainEvidenceType EvidenceType = iota
 )
 
-type Evidence struct {
-	Type EvidenceType
-	Info EvidenceInfo
-}
+type EvidenceList []Evidence
 
-type EvidenceInfo any
+type Evidence interface {
+	Type() EvidenceType
+	Info() []byte
+}
 
-type X509ChainEvidenceInfo []*x509.Certificate
+type X509ChainEvidence []byte
 
-type UnknownEvidenceInfo []byte
+type UnknownEvidence struct {
+	typ  EvidenceType
+	info []byte
+}
 
 // Represents a claim we do not how to interpret.
 type UnknownClaim struct {
@@ -122,7 +124,7 @@ type AbridgedAssertion struct {
 type AssertionRequest struct {
 	Checksum  []byte
 	Assertion Assertion
-	Evidence  Evidence
+	Evidence  EvidenceList
 }
 
 // Copy of tls.SignatureScheme to prevent cycling dependencies
@@ -924,6 +926,22 @@ func (a *AbridgedAssertion) unmarshal(s *cryptobyte.String) error {
 	return nil
 }
 
+func (e X509ChainEvidence) Type() EvidenceType { return X509ChainEvidenceType }
+func (e X509ChainEvidence) Info() []byte       { return e }
+func (e X509ChainEvidence) Chain() ([]*x509.Certificate, error) {
+	return x509.ParseCertificates(e)
+}
+func NewX509ChainEvidence(certs []*x509.Certificate) (X509ChainEvidence, error) {
+	var b cryptobyte.Builder
+	for _, cert := range certs {
+		b.AddBytes(cert.Raw)
+	}
+	return b.Bytes()
+}
+
+func (e UnknownEvidence) Type() EvidenceType { return e.typ }
+func (e UnknownEvidence) Info() []byte       { return e.info }
+
 func (ar *AssertionRequest) UnmarshalBinary(data []byte) error {
 	var (
 		s cryptobyte.String = cryptobyte.String(data)
@@ -1595,10 +1613,10 @@ func (c *Claims) MarshalBinary() ([]byte, error) {
 	return b.Bytes()
 }
 
-func (e *Evidence) UnmarshalBinary(data []byte) error {
-	*e = Evidence{}
+func (el *EvidenceList) UnmarshalBinary(data []byte) error {
+	*el = EvidenceList{}
 	s := cryptobyte.String(data)
-	err := e.unmarshal(&s)
+	err := el.unmarshal(&s)
 	if err != nil {
 		return err
 	}
@@ -1608,68 +1626,64 @@ func (e *Evidence) UnmarshalBinary(data []byte) error {
 	return nil
 }
 
-func (e *Evidence) unmarshal(s *cryptobyte.String) error {
+func (el *EvidenceList) unmarshal(s *cryptobyte.String) error {
 
 	var (
+		evidenceList cryptobyte.String
 		evidenceInfo cryptobyte.String
 		evidenceType EvidenceType
 	)
 
-	if !s.ReadUint16((*uint16)(&evidenceType)) ||
-		!s.ReadUint24LengthPrefixed(&evidenceInfo) {
+	if !s.ReadUint24LengthPrefixed(&evidenceList) {
 		return ErrTruncated
 	}
-	e.Type = evidenceType
-	switch e.Type {
-	case EmptyEvidenceType:
-		if !evidenceInfo.Empty() {
-			return errors.New("non-empty info for empty evidence")
+
+	for !evidenceList.Empty() {
+		if !evidenceList.ReadUint16((*uint16)(&evidenceType)) ||
+			!evidenceList.ReadUint24LengthPrefixed(&evidenceInfo) {
+			return ErrTruncated
 		}
-	case X509ChainEvidenceType:
-		chain, err := x509.ParseCertificates([]byte(evidenceInfo))
-		if err != nil {
-			return errors.New("failed to parse X.509 chain")
+
+		switch evidenceType {
+		case X509ChainEvidenceType:
+			*el = append(*el, X509ChainEvidence(evidenceInfo))
+		default:
+			*el = append(*el, UnknownEvidence{
+				typ:  evidenceType,
+				info: evidenceInfo,
+			})
 		}
-		e.Info = X509ChainEvidenceInfo(chain)
-	default:
-		unknownInfo := make([]byte, len(evidenceInfo))
-		evidenceInfo.CopyBytes(unknownInfo)
-		e.Info = UnknownEvidenceInfo(unknownInfo)
 	}
 
 	return nil
 }
 
-func (e *Evidence) MarshalBinary() ([]byte, error) {
+func (el *EvidenceList) MarshalBinary() ([]byte, error) {
 	var b cryptobyte.Builder
 
-	b.AddUint16(uint16(e.Type))
 	b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
-		switch e.Type {
-		case EmptyEvidenceType:
-		case X509ChainEvidenceType:
-			for _, cert := range e.Info.(X509ChainEvidenceInfo) {
-				b.AddBytes(cert.Raw)
-			}
-		default:
-			b.AddBytes(e.Info.(UnknownEvidenceInfo))
+		for _, e := range *el {
+			b.AddUint16(uint16(e.Type()))
+			b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
+				b.AddBytes(e.Info())
+			})
 		}
 	})
 
 	return b.Bytes()
 }
 
-// Unmarshals Evidence entries from r and calls f for each, with
-// the offset in the stream as first argument, and the Evidence
+// Unmarshals EvidenceLists from r and calls f for each, with
+// the offset in the stream as first argument, and the EvidenceList
 // as second argument.
 //
 // Returns early on error.
-func UnmarshalEvidenceEntries(r io.Reader,
-	f func(int, *Evidence) error) error {
+func UnmarshalEvidenceLists(r io.Reader,
+	f func(int, *EvidenceList) error) error {
 	return unmarshal(r, f)
 }
 
-func (e *Evidence) maxSize() int {
+func (el *EvidenceList) maxSize() int {
 	return (65535+2)*2 + 2
 }