From a147970db85d8dec558dabf60d458ec5945b7fc4 Mon Sep 17 00:00:00 2001 From: Andrew Ayer Date: Fri, 30 Apr 2021 17:04:16 -0400 Subject: [PATCH] Use ct.SHA256Hash for log ID rather than []byte --- cmd/state.go | 2 +- loglist/helpers.go | 3 +-- loglist/schema.go | 18 ++++++++++-------- loglist/validate.go | 3 +-- scanner.go | 6 +++--- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/cmd/state.go b/cmd/state.go index 4b33243..5ecd117 100644 --- a/cmd/state.go +++ b/cmd/state.go @@ -162,7 +162,7 @@ func (state *State) SaveCert(isPrecert bool, certs [][]byte) (bool, string, erro } func (state *State) OpenLogState(logInfo *loglist.Log) (*LogState, error) { - return OpenLogState(filepath.Join(state.path, "logs", base64.RawURLEncoding.EncodeToString(logInfo.LogID))) + return OpenLogState(filepath.Join(state.path, "logs", base64.RawURLEncoding.EncodeToString(logInfo.LogID[:]))) } func (state *State) GetLegacySTH(logInfo *loglist.Log) (*ct.SignedTreeHead, error) { diff --git a/loglist/helpers.go b/loglist/helpers.go index 8f1a0f6..d236322 100644 --- a/loglist/helpers.go +++ b/loglist/helpers.go @@ -10,7 +10,6 @@ package loglist import ( - "encoding/base64" "time" ) @@ -25,7 +24,7 @@ func (list *List) AllLogs() []*Log { } func (log *Log) LogIDString() string { - return base64.StdEncoding.EncodeToString(log.LogID) + return log.LogID.Base64String() } func (log *Log) AcceptsExpiration(expiration time.Time) bool { diff --git a/loglist/schema.go b/loglist/schema.go index aa128ab..06c7315 100644 --- a/loglist/schema.go +++ b/loglist/schema.go @@ -11,6 +11,8 @@ package loglist import ( "time" + + "software.sslmate.com/src/certspotter/ct" ) type List struct { @@ -25,14 +27,14 @@ type Operator struct { } type Log struct { - Key []byte `json:"key"` - LogID []byte `json:"log_id"` - MMD int `json:"mmd"` - URL string `json:"url"` - Description string `json:"description"` - State State `json:"state"` - DNS string `json:"dns"` - LogType LogType `json:"log_type"` + Key []byte `json:"key"` + LogID ct.SHA256Hash `json:"log_id"` + MMD int `json:"mmd"` + URL string `json:"url"` + Description string `json:"description"` + State State `json:"state"` + DNS string `json:"dns"` + LogType LogType `json:"log_type"` TemporalInterval *struct { StartInclusive time.Time `json:"start_inclusive"` EndExclusive time.Time `json:"end_exclusive"` diff --git a/loglist/validate.go b/loglist/validate.go index f03d2e9..65da8e4 100644 --- a/loglist/validate.go +++ b/loglist/validate.go @@ -10,7 +10,6 @@ package loglist import ( - "bytes" "crypto/sha256" "fmt" ) @@ -35,7 +34,7 @@ func (operator *Operator) Validate() error { func (log *Log) Validate() error { realLogID := sha256.Sum256(log.Key) - if !bytes.Equal(log.LogID, realLogID[:]) { + if log.LogID != realLogID { return fmt.Errorf("log ID does not match log key") } return nil diff --git a/scanner.go b/scanner.go index 59295b0..ba71c9d 100644 --- a/scanner.go +++ b/scanner.go @@ -63,7 +63,7 @@ type Scanner struct { // Public key of the log publicKey crypto.PublicKey - LogId []byte + LogId ct.SHA256Hash // Client used to talk to the CT log instance logClient *client.LogClient @@ -207,7 +207,7 @@ func (s *Scanner) GetSTH() (*ct.SignedTreeHead, error) { return nil, errors.New("STH signature is invalid: " + err.Error()) } } - copy(latestSth.LogID[:], s.LogId) + latestSth.LogID = s.LogId return latestSth, nil } @@ -311,7 +311,7 @@ func (s *Scanner) Scan(startIndex int64, endIndex int64, processCert ProcessCall // Creates a new Scanner instance using |client| to talk to the log, and taking // configuration options from |opts|. -func NewScanner(logUri string, logId []byte, publicKey crypto.PublicKey, opts *ScannerOptions) *Scanner { +func NewScanner(logUri string, logId ct.SHA256Hash, publicKey crypto.PublicKey, opts *ScannerOptions) *Scanner { var scanner Scanner scanner.LogUri = logUri scanner.LogId = logId