Conversation
- Rename QueuedAssertion to AssertionRequest, add Evidence field, and move from 'ca' package to 'mtc' package to be able to use private 'unmarshal' function. - Update /ca/queue to accept an AssertionRequest instead of an Assertion - Update index to include offset in evidence file. - Add 'mtc inspect evidence' option
lukevalenta
force-pushed
the
lvalenta/evidence
branch
from
c2128b3 to
6055bf0
Compare
cmd/mtc/main.go
Outdated
| @@ -376,12 +381,12 @@ func handleCaQueue(cc *cli.Context) error { | |||
| } | |||
|
|
|||
| func handleNewAssertion(cc *cli.Context) error { | |||
There was a problem hiding this comment.
Maybe we should rename this command and the corresponding inspect command.
There was a problem hiding this comment.
I was going back and forth on this since assertion-request is a little verbose, but that probably makes sense to avoid confusion.
There was a problem hiding this comment.
Today we use CSR. We can use AR? Or simply mtc new request?
There was a problem hiding this comment.
Oops, didn't see this before updating the PR. The current version has assertion-request, but we can tweak later. Some of the other CLI flags are pretty verbose too (abridged-assertions, signed-validity-window), so maybe we can just add short aliases (aa, svw, ar) if that seems ergonomic.
| return errors.New("non-empty info for empty evidence") | ||
| } | ||
| case X509ChainEvidenceType: | ||
| chain, err := x509.ParseCertificates([]byte(evidenceInfo)) |
There was a problem hiding this comment.
Given unmarshalling AssertionRequests is on the hot path of issuance, we might want to do lazy parsing here: just store the bytes in the struct and parse on demand. (As we do with the public key in TLSSubject)
There was a problem hiding this comment.
Makes sense. I'll address in a followup PR!
| X509ChainEvidenceType | ||
| ) | ||
|
|
||
| type Evidence struct { |
There was a problem hiding this comment.
If this is only for the shadow certs, then we don't need polymorphism: just have a list of certs or an empty list.
If we want to reuse this for something else, then we want a list of possible evidence, instead of just one piece of evidence.
There was a problem hiding this comment.
Good point. I'm leaning towards the latter approach, with a list of possible evidence. I'll address in a followup PR.
lukevalenta
force-pushed
the
lvalenta/evidence
branch
from
6460c94 to
8cf3cd4
Compare
|
|
||
| indices map[uint32]*Index | ||
| aas map[uint32]*os.File | ||
| evs map[uint32]*os.File |
There was a problem hiding this comment.
Note: I added this bit to mirror how the aas files are handled, but it doesn't look like these maps are ever populated.
There was a problem hiding this comment.
Oh, yeah, that's a bug in aaFileFor which should set an entry.
There was a problem hiding this comment.
aaFileFor is currently unused since we just recalculate the abridged assertion key from the passed-in assertion in CertificateFor 😁 . We could do an extra check there and make sure we find the abridged assertion where we expect it to be, and that the bytes are equal.
ca/ca.go
Outdated
| } | ||
| err = mtc.UnmarshalEvidenceEntries(evFile, func(_ int, ev2 *mtc.Evidence) error { | ||
| ev = ev2 | ||
| return ErrShortCircuit |
There was a problem hiding this comment.
This is kind of a weird way to handle this, but it works for now.
| } | ||
|
|
||
| for batch := batches.End - 1; batch <= batches.End; batch-- { | ||
| for batch := batches.End - 1; batch >= batches.Begin && batch <= batches.End; batch-- { |
There was a problem hiding this comment.
bugfix here. Say we have the batches 14-18 on disk. Previously, we'd go the way down to 13 and then throw an error since the files don't exist.
|
|
||
| var a mtc.Assertion | ||
| err = a.UnmarshalBinary(assertionBuf) | ||
| var ar mtc.AssertionRequest |
There was a problem hiding this comment.
bugfix: previously trying to parse an Assertion but should have been an AssertionRequest.
- Use 'ar' for AssertionRequests to reduce risk of variable shadowing. - bugfix: fix range when iterating over batches. Previously, there was no lower limit to the loop. And since we're iterating backwards with a uint32, keep the upper limit to avoid integer underflow. - Finish adding index support for evidence, so you can now `mtc ca evidence` will properly check the evidence file for an assertion's evidence. - Include Evidence in the AssertionRequest checksum. - Use 'assertion-request' instead of 'assertion' for cli flags.
lukevalenta
force-pushed
the
lvalenta/evidence
branch
from
8cf3cd4 to
9267f5f
Compare
2 participants
What's currently implemented is similar to Option (2) from davidben/merkle-tree-certs#23, but with
shadow_assertionsrenamed toevidence, and the index updated to include offsets in the evidence file.NOTE: README also need to be updated.