bwesterb · lukevalenta · Feb 25, 2025 · Feb 25, 2025
diff --git a/ca/ca.go b/ca/ca.go
@@ -487,6 +487,8 @@ func (ca *Handle) aaFileFor(batch uint32) (*os.File, error) {
 		return nil, err
 	}
 
+	ca.aas[batch] = r
+
 	return r, nil
 }
 
@@ -501,6 +503,8 @@ func (ca *Handle) evFileFor(batch uint32) (*os.File, error) {
 		return nil, err
 	}
 
+	ca.evs[batch] = r
+
 	return r, nil
 }
 
@@ -511,6 +515,8 @@ type keySearchResult struct {
 	EvidenceOffset uint64
 }
 
+var errShortCircuit = errors.New("short circuit")
+
 // Returns the certificate for an issued assertion
 func (ca *Handle) CertificateFor(a mtc.Assertion) (*mtc.BikeshedCertificate, error) {
 	aa := a.Abridge()
@@ -528,6 +534,31 @@ func (ca *Handle) CertificateFor(a mtc.Assertion) (*mtc.BikeshedCertificate, err
 		return nil, fmt.Errorf("no assertion with key %x on record", key)
 	}
 
+	// Double-check that the assertion is present at the expected
+	// offset in the abridged-assertions file.
+	var key2 [mtc.HashLen]byte
+	aaFile, err := ca.aaFileFor(res.Batch)
+	if err != nil {
+		return nil, err
+	}
+	_, err = aaFile.Seek(int64(res.Offset), 0)
+	if err != nil {
+		return nil, err
+	}
+	err = mtc.UnmarshalAbridgedAssertions(aaFile, func(_ int, aa *mtc.AbridgedAssertion) error {
+		err := aa.Key(key2[:])
+		if err != nil {
+			return err
+		}
+		return errShortCircuit
+	})
+	if err != errShortCircuit {
+		return nil, err
+	}
+	if !bytes.Equal(key[:], key2[:]) {
+		return nil, fmt.Errorf("unable to find key %x in abridged-assertions", key)
+	}
+
 	tree, err := ca.treeFor(res.Batch)
 	if err != nil {
 		return nil, err
@@ -549,10 +580,8 @@ func (ca *Handle) CertificateFor(a mtc.Assertion) (*mtc.BikeshedCertificate, err
 	}, nil
 }
 
-var errShortCircuit = errors.New("short circuit")
-
 // Returns the evidence for an issued assertion
-func (ca *Handle) EvidenceFor(a mtc.Assertion) (*mtc.Evidence, error) {
+func (ca *Handle) EvidenceFor(a mtc.Assertion) (*mtc.EvidenceList, error) {
 	aa := a.Abridge()
 	var key [mtc.HashLen]byte
 	err := aa.Key(key[:])
@@ -568,24 +597,25 @@ func (ca *Handle) EvidenceFor(a mtc.Assertion) (*mtc.Evidence, error) {
 		return nil, fmt.Errorf("no assertion with key %x on record", key)
 	}
 
-	var ev *mtc.Evidence
+	var el *mtc.EvidenceList
 	evFile, err := ca.evFileFor(res.Batch)
 	if err != nil {
 		return nil, err
 	}
+
 	_, err = evFile.Seek(int64(res.EvidenceOffset), 0)
 	if err != nil {
 		return nil, err
 	}
-	err = mtc.UnmarshalEvidenceEntries(evFile, func(_ int, ev2 *mtc.Evidence) error {
-		ev = ev2
+	err = mtc.UnmarshalEvidenceLists(evFile, func(_ int, el2 *mtc.EvidenceList) error {
+		el = el2
 		return errShortCircuit
 	})
 	if err != errShortCircuit {
 		return nil, err
 	}
 
-	return ev, nil
+	return el, nil
 }
 
 // Search for AbridgedAssertions's batch/seqno/offset/evidence_offset by key.

diff --git a/ca/index.go b/ca/index.go
@@ -187,7 +187,7 @@ func ComputeIndex(aaReader, evReader io.Reader, w io.Writer) error {
 	})
 
 	seqno = uint64(0)
-	err = mtc.UnmarshalEvidenceEntries(evReader, func(offset int, _ *mtc.Evidence) error {
+	err = mtc.UnmarshalEvidenceLists(evReader, func(offset int, _ *mtc.EvidenceList) error {
 		entries[seqno].evidenceOffset = uint64(offset)
 		seqno++
 		return nil

diff --git a/cmd/mtc/main.go b/cmd/mtc/main.go
@@ -189,7 +189,7 @@ func assertionRequestFromFlagsUnchecked(cc *cli.Context) (*mtc.AssertionRequest,
 
 	var (
 		a      mtc.Assertion
-		e      mtc.Evidence
+		el     mtc.EvidenceList
 		scheme mtc.SignatureScheme
 	)
 
@@ -250,8 +250,11 @@ func assertionRequestFromFlagsUnchecked(cc *cli.Context) (*mtc.AssertionRequest,
 			return nil, fmt.Errorf("from-x509: %s", err)
 		}
 
-		e.Type = mtc.X509ChainEvidenceType
-		e.Info = mtc.X509ChainEvidenceInfo(certs)
+		ev, err := mtc.NewX509ChainEvidence(certs)
+		if err != nil {
+			return nil, err
+		}
+		el = append(el, ev)
 	}
 
 	// Setting any claim will overwrite those suggested by the
@@ -342,7 +345,7 @@ func assertionRequestFromFlagsUnchecked(cc *cli.Context) (*mtc.AssertionRequest,
 
 	return &mtc.AssertionRequest{
 		Assertion: a,
-		Evidence:  e,
+		Evidence:  el,
 		Checksum:  checksum,
 	}, nil
 }
@@ -498,7 +501,10 @@ func handleCaShowQueue(cc *cli.Context) error {
 		if len(cs.IPv6) != 0 {
 			fmt.Fprintf(w, "ip6\t%s\n", cs.IPv6)
 		}
-		writeEvidence(w, ar.Evidence)
+		err = writeEvidenceList(w, ar.Evidence)
+		if err != nil {
+			return err
+		}
 		w.Flush()
 		fmt.Printf("\n")
 		return nil
@@ -712,26 +718,30 @@ func writeAssertion(w *tabwriter.Writer, a mtc.Assertion) {
 	}
 }
 
-func writeEvidence(w *tabwriter.Writer, e mtc.Evidence) {
-
-	fmt.Fprintf(w, "evidence\t")
-	switch e.Type {
-	case mtc.EmptyEvidenceType:
-		fmt.Fprintf(w, "empty\n")
-	case mtc.X509ChainEvidenceType:
-		fmt.Fprintf(w, "x509_chain\n")
-		for i, cert := range e.Info.(mtc.X509ChainEvidenceInfo) {
-			fmt.Fprintf(w, " certificate\t%d\n", i)
-			fmt.Fprintf(w, "  subject\t%s\n", cert.Subject.String())
-			fmt.Fprintf(w, "  issuer\t%s\n", cert.Issuer.String())
-			fmt.Fprintf(w, "  serial_no\t%x\n", cert.SerialNumber)
-			fmt.Fprintf(w, "  not_before\t%s\n", cert.NotBefore)
-			fmt.Fprintf(w, "  not_after\t%s\n", cert.NotAfter)
+func writeEvidenceList(w *tabwriter.Writer, el mtc.EvidenceList) error {
+
+	fmt.Fprintf(w, "evidence-list (%d entries)\n", len(el))
+	for _, ev := range el {
+		switch ev.Type() {
+		case mtc.X509ChainEvidenceType:
+			fmt.Fprintf(w, "x509_chain\n")
+			chain, err := ev.(mtc.X509ChainEvidence).Chain()
+			if err != nil {
+				return err
+			}
+			for j, cert := range chain {
+				fmt.Fprintf(w, " certificate\t%d\n", j)
+				fmt.Fprintf(w, "  subject\t%s\n", cert.Subject.String())
+				fmt.Fprintf(w, "  issuer\t%s\n", cert.Issuer.String())
+				fmt.Fprintf(w, "  serial_no\t%x\n", cert.SerialNumber)
+				fmt.Fprintf(w, "  not_before\t%s\n", cert.NotBefore)
+				fmt.Fprintf(w, "  not_after\t%s\n", cert.NotAfter)
+			}
+		default:
+			fmt.Fprintf(w, "unknown type=%d info=%x\n", ev.Type(), ev.Info())
 		}
-	default:
-		fmt.Fprintf(w, "unknown\n")
-		fmt.Fprintf(w, " raw\t%x", e.Info.(mtc.UnknownEvidenceInfo))
 	}
+	return nil
 }
 
 func handleInspectCert(cc *cli.Context) error {
@@ -820,7 +830,10 @@ func handleInspectAssertionRequest(cc *cli.Context) error {
 	w := tabwriter.NewWriter(os.Stdout, 1, 1, 1, ' ', 0)
 	fmt.Fprintf(w, "checksum\t%x\n", ar.Checksum)
 	writeAssertion(w, ar.Assertion)
-	writeEvidence(w, ar.Evidence)
+	err = writeEvidenceList(w, ar.Evidence)
+	if err != nil {
+		return err
+	}
 	w.Flush()
 	return nil
 }
@@ -834,20 +847,21 @@ func handleInspectEvidence(cc *cli.Context) error {
 	defer r.Close()
 
 	count := 0
-	err = mtc.UnmarshalEvidenceEntries(
+	err = mtc.UnmarshalEvidenceLists(
 		bufio.NewReader(r),
-		func(_ int, e *mtc.Evidence) error {
+		func(_ int, el *mtc.EvidenceList) error {
 			count++
 			w := tabwriter.NewWriter(os.Stdout, 1, 1, 1, ' ', 0)
-			writeEvidence(w, *e)
+			writeEvidenceList(w, *el)
 			w.Flush()
+			fmt.Printf("\n")
 			return nil
 		},
 	)
 	if err != nil {
 		return err
 	}
-	fmt.Printf("Total number of evidence entries: %d\n", count)
+	fmt.Printf("Total number of evidence lists: %d\n", count)
 	return nil
 }
 

diff --git a/http/server.go b/http/server.go
@@ -44,7 +44,7 @@ func (s *Server) Shutdown(ctx context.Context) error {
 	return s.server.Shutdown(ctx)
 }
 
-func assertionFromRequestUnchecked(r *http.Request) (*mtc.AssertionRequest, error) {
+func assertionRequestFromHTTPUnchecked(r *http.Request) (*mtc.AssertionRequest, error) {
 	var (
 		ar mtc.AssertionRequest
 	)
@@ -65,8 +65,8 @@ func assertionFromRequestUnchecked(r *http.Request) (*mtc.AssertionRequest, erro
 	}
 }
 
-func assertionFromRequest(r *http.Request) (*mtc.AssertionRequest, error) {
-	ar, err := assertionFromRequestUnchecked(r)
+func assertionRequestFromHTTP(r *http.Request) (*mtc.AssertionRequest, error) {
+	ar, err := assertionRequestFromHTTPUnchecked(r)
 	if err != nil {
 		return nil, err
 	}
@@ -87,7 +87,7 @@ func handleCaQueue(path string) func(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 		defer h.Close()
-		a, err := assertionFromRequest(r)
+		a, err := assertionRequestFromHTTP(r)
 		if err != nil {
 			http.Error(w, "invalid assertion", http.StatusBadRequest)
 			return
@@ -110,7 +110,7 @@ func handleCaCert(path string) func(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 		defer h.Close()
-		a, err := assertionFromRequest(r)
+		a, err := assertionRequestFromHTTP(r)
 		if err != nil {
 			http.Error(w, "invalid assertion", http.StatusBadRequest)
 			return