From c054a61039a82074b1c54bf403e60f9cf1e5cf76 Mon Sep 17 00:00:00 2001 From: Philippe Boneff Date: Fri, 20 Dec 2024 19:15:09 +0000 Subject: [PATCH 1/9] push GetCTLogID into NewCpSigner --- instance.go | 8 ++------ serialize.go | 15 +++++++++++---- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/instance.go b/instance.go index 806c9a18..abaf5ccb 100644 --- a/instance.go +++ b/instance.go @@ -85,17 +85,13 @@ func SetUpInstance(ctx context.Context, opts InstanceOptions) (*Instance, error) return nil, fmt.Errorf("failed to parse RejectExtensions: %v", err) } - logID, err := GetCTLogID(cfg.Signer.Public()) - if err != nil { - return nil, fmt.Errorf("failed to get logID for signing: %v", err) - } timeSource := new(SystemTimeSource) - ctSigner := NewCpSigner(cfg.Signer, cfg.Origin, logID, timeSource) + cpSigner, err := NewCpSigner(cfg.Signer, cfg.Origin, timeSource) if opts.CreateStorage == nil { return nil, fmt.Errorf("failed to initiate storage backend: nil createStorage") } - storage, err := opts.CreateStorage(ctx, ctSigner) + storage, err := opts.CreateStorage(ctx, cpSigner) if err != nil { return nil, fmt.Errorf("failed to initiate storage backend: %v", err) } diff --git a/serialize.go b/serialize.go index a3184222..d72edd31 100644 --- a/serialize.go +++ b/serialize.go @@ -159,7 +159,12 @@ func (cts *CpSigner) KeyHash() uint32 { // NewCpSigner returns a new note signer that can sign https://c2sp.org/static-ct-api checkpoints. // TODO(phboneff): add tests -func NewCpSigner(signer crypto.Signer, origin string, logID [32]byte, timeSource TimeSource) note.Signer { +func NewCpSigner(cs crypto.Signer, origin string, timeSource TimeSource) (note.Signer, error) { + logID, err := GetCTLogID(cs.Public()) + if err != nil { + return nil, fmt.Errorf("failed to get logID for signing: %v", err) + } + h := sha256.New() h.Write([]byte(origin)) h.Write([]byte{0x0A}) // newline @@ -167,19 +172,21 @@ func NewCpSigner(signer crypto.Signer, origin string, logID [32]byte, timeSource h.Write(logID[:]) sum := h.Sum(nil) - ctSigner := &CpSigner{ - sthSigner: signer, + ns := &CpSigner{ + sthSigner: cs, origin: origin, keyHash: binary.BigEndian.Uint32(sum), timeSource: timeSource, } - return ctSigner + + return ns, nil } // DedupFromBundle converts a bundle into an array of dedup.LeafDedupInfo. // // The index of a leaf is computed from its position in the log, instead of parsing SCTs. // Greatly inspired by https://github.com/FiloSottile/sunlight/blob/main/tile.go +// TODO(phboneff): move this somewhere else, and only leave crypto in this file func DedupFromBundle(bundle []byte, bundleIdx uint64) ([]dedup.LeafDedupInfo, error) { kvs := []dedup.LeafDedupInfo{} s := cryptobyte.String(bundle) From 1daf599e3d976115832785023f09e62393fd1bd6 Mon Sep 17 00:00:00 2001 From: Philippe Boneff Date: Tue, 24 Dec 2024 16:53:43 +0000 Subject: [PATCH 2/9] move DedupFromBundle to dedup.go --- modules/dedup/dedup.go | 47 ++++++++++++++++++++++++++++++++++++++++++ serialize.go | 47 ------------------------------------------ 2 files changed, 47 insertions(+), 47 deletions(-) diff --git a/modules/dedup/dedup.go b/modules/dedup/dedup.go index 465b150f..9ed053a6 100644 --- a/modules/dedup/dedup.go +++ b/modules/dedup/dedup.go @@ -18,13 +18,16 @@ package dedup import ( "bytes" "context" + "crypto/sha256" "errors" "fmt" + "math" "os" "strconv" "time" "github.com/transparency-dev/trillian-tessera/client" + "golang.org/x/crypto/cryptobyte" "k8s.io/klog/v2" ) @@ -117,3 +120,47 @@ func sync(ctx context.Context, lds LocalBEDedupStorage, pb ParseBundleFunc, fcp klog.V(3).Infof("LocalBEDEdup.sync(): dedup data synced to logsize %d", ckptSize) return nil } + +// DedupFromBundle converts a bundle into an array of LeafDedupInfo. +// +// The index of a leaf is computed from its position in the log, instead of parsing SCTs. +// Greatly inspired by https://github.com/FiloSottile/sunlight/blob/main/tile.go +// TODO(phboneff): move this somewhere else, and only leave crypto in this file +func DedupFromBundle(bundle []byte, bundleIdx uint64) ([]LeafDedupInfo, error) { + kvs := []LeafDedupInfo{} + s := cryptobyte.String(bundle) + + for i := bundleIdx * 256; len(s) > 0; i++ { + var timestamp uint64 + var entryType uint16 + var extensions, fingerprints cryptobyte.String + if !s.ReadUint64(×tamp) || !s.ReadUint16(&entryType) || timestamp > math.MaxInt64 { + return nil, fmt.Errorf("invalid data tile") + } + crt := []byte{} + switch entryType { + case 0: // x509_entry + if !s.ReadUint24LengthPrefixed((*cryptobyte.String)(&crt)) || + !s.ReadUint16LengthPrefixed(&extensions) || + !s.ReadUint16LengthPrefixed(&fingerprints) { + return nil, fmt.Errorf("invalid data tile x509_entry") + } + case 1: // precert_entry + IssuerKeyHash := [32]byte{} + var defangedCrt, extensions cryptobyte.String + if !s.CopyBytes(IssuerKeyHash[:]) || + !s.ReadUint24LengthPrefixed(&defangedCrt) || + !s.ReadUint16LengthPrefixed(&extensions) || + !s.ReadUint24LengthPrefixed((*cryptobyte.String)(&crt)) || + !s.ReadUint16LengthPrefixed(&fingerprints) { + return nil, fmt.Errorf("invalid data tile precert_entry") + } + default: + return nil, fmt.Errorf("invalid data tile: unknown type %d", entryType) + } + k := sha256.Sum256(crt) + sctDedupInfo := SCTDedupInfo{Idx: uint64(i), Timestamp: timestamp} + kvs = append(kvs, LeafDedupInfo{LeafID: k[:], SCTDedupInfo: sctDedupInfo}) + } + return kvs, nil +} diff --git a/serialize.go b/serialize.go index d72edd31..62925f9b 100644 --- a/serialize.go +++ b/serialize.go @@ -20,12 +20,9 @@ import ( "crypto/sha256" "encoding/binary" "fmt" - "math" "github.com/google/certificate-transparency-go/tls" "github.com/transparency-dev/formats/log" - "github.com/transparency-dev/static-ct/modules/dedup" - "golang.org/x/crypto/cryptobyte" "golang.org/x/mod/sumdb/note" ct "github.com/google/certificate-transparency-go" @@ -181,47 +178,3 @@ func NewCpSigner(cs crypto.Signer, origin string, timeSource TimeSource) (note.S return ns, nil } - -// DedupFromBundle converts a bundle into an array of dedup.LeafDedupInfo. -// -// The index of a leaf is computed from its position in the log, instead of parsing SCTs. -// Greatly inspired by https://github.com/FiloSottile/sunlight/blob/main/tile.go -// TODO(phboneff): move this somewhere else, and only leave crypto in this file -func DedupFromBundle(bundle []byte, bundleIdx uint64) ([]dedup.LeafDedupInfo, error) { - kvs := []dedup.LeafDedupInfo{} - s := cryptobyte.String(bundle) - - for i := bundleIdx * 256; len(s) > 0; i++ { - var timestamp uint64 - var entryType uint16 - var extensions, fingerprints cryptobyte.String - if !s.ReadUint64(×tamp) || !s.ReadUint16(&entryType) || timestamp > math.MaxInt64 { - return nil, fmt.Errorf("invalid data tile") - } - crt := []byte{} - switch entryType { - case 0: // x509_entry - if !s.ReadUint24LengthPrefixed((*cryptobyte.String)(&crt)) || - !s.ReadUint16LengthPrefixed(&extensions) || - !s.ReadUint16LengthPrefixed(&fingerprints) { - return nil, fmt.Errorf("invalid data tile x509_entry") - } - case 1: // precert_entry - IssuerKeyHash := [32]byte{} - var defangedCrt, extensions cryptobyte.String - if !s.CopyBytes(IssuerKeyHash[:]) || - !s.ReadUint24LengthPrefixed(&defangedCrt) || - !s.ReadUint16LengthPrefixed(&extensions) || - !s.ReadUint24LengthPrefixed((*cryptobyte.String)(&crt)) || - !s.ReadUint16LengthPrefixed(&fingerprints) { - return nil, fmt.Errorf("invalid data tile precert_entry") - } - default: - return nil, fmt.Errorf("invalid data tile: unknown type %d", entryType) - } - k := sha256.Sum256(crt) - sctDedupInfo := dedup.SCTDedupInfo{Idx: uint64(i), Timestamp: timestamp} - kvs = append(kvs, dedup.LeafDedupInfo{LeafID: k[:], SCTDedupInfo: sctDedupInfo}) - } - return kvs, nil -} From a44b312dcccfb65f813c42cc956165fedc784fe6 Mon Sep 17 00:00:00 2001 From: Philippe Boneff Date: Thu, 9 Jan 2025 11:43:40 +0000 Subject: [PATCH 3/9] merge structures.go into serialize.go --- serialize.go | 14 +++++++++++ serialize_test.go | 39 +++++++++++++++++++++++++++++ structures.go | 37 ---------------------------- structures_test.go | 61 ---------------------------------------------- 4 files changed, 53 insertions(+), 98 deletions(-) delete mode 100644 structures.go delete mode 100644 structures_test.go diff --git a/serialize.go b/serialize.go index 62925f9b..bbf7a020 100644 --- a/serialize.go +++ b/serialize.go @@ -22,12 +22,16 @@ import ( "fmt" "github.com/google/certificate-transparency-go/tls" + "github.com/google/certificate-transparency-go/x509" "github.com/transparency-dev/formats/log" "golang.org/x/mod/sumdb/note" ct "github.com/google/certificate-transparency-go" ) +const millisPerNano int64 = 1000 * 1000 + +// TODO(phboneff): create an SCTSigner object func buildV1SCT(signer crypto.Signer, leaf *ct.MerkleTreeLeaf) (*ct.SignedCertificateTimestamp, error) { // Serialize SCT signature input to get the bytes that need to be signed sctInput := ct.SignedCertificateTimestamp{ @@ -178,3 +182,13 @@ func NewCpSigner(cs crypto.Signer, origin string, timeSource TimeSource) (note.S return ns, nil } + +// GetCTLogID takes the key manager for a log and returns the LogID. (see RFC 6962 S3.2) +// In CT V1 the log id is a hash of the public key. +func GetCTLogID(pk crypto.PublicKey) ([sha256.Size]byte, error) { + pubBytes, err := x509.MarshalPKIXPublicKey(pk) + if err != nil { + return [sha256.Size]byte{}, err + } + return sha256.Sum256(pubBytes), nil +} diff --git a/serialize_test.go b/serialize_test.go index 06a18883..ac2a87a2 100644 --- a/serialize_test.go +++ b/serialize_test.go @@ -16,8 +16,11 @@ package sctfe import ( "bytes" + "crypto" "crypto/sha256" + "encoding/pem" "testing" + "time" "github.com/google/certificate-transparency-go/tls" "github.com/google/certificate-transparency-go/x509" @@ -28,6 +31,13 @@ import ( ct "github.com/google/certificate-transparency-go" ) +var ( + fixedTime = time.Date(2017, 9, 7, 12, 15, 23, 0, time.UTC) + fixedTimeMillis = uint64(fixedTime.UnixNano() / millisPerNano) + demoLogID = [32]byte{19, 56, 222, 93, 229, 36, 102, 128, 227, 214, 3, 121, 93, 175, 126, 236, 97, 217, 34, 32, 40, 233, 98, 27, 46, 179, 164, 251, 84, 10, 60, 57} + fakeSignature = []byte("signed") +) + func TestBuildV1MerkleTreeLeafForCert(t *testing.T) { cert, err := x509util.CertificateFromPEM([]byte(testdata.LeafSignedByFakeIntermediateCertPEM)) if x509.IsFatal(err) { @@ -141,3 +151,32 @@ func TestSignV1SCTForPrecertificate(t *testing.T) { t.Fatalf("TBS cert mismatch, got %v, expected %v", got, want) } } + +func TestGetCTLogID(t *testing.T) { + block, _ := pem.Decode([]byte(testdata.DemoPublicKey)) + pk, err := x509.ParsePKIXPublicKey(block.Bytes) + if err != nil { + t.Fatalf("unexpected error loading public key: %v", err) + } + + got, err := GetCTLogID(pk) + if err != nil { + t.Fatalf("error getting logid: %v", err) + } + + if want := demoLogID; got != want { + t.Errorf("logID: \n%v want \n%v", got, want) + } +} + +// Creates a fake signer for use in interaction tests. +// It will always return fakeSig when asked to sign something. +func setupSigner(fakeSig []byte) (crypto.Signer, error) { + block, _ := pem.Decode([]byte(testdata.DemoPublicKey)) + key, err := x509.ParsePKIXPublicKey(block.Bytes) + if err != nil { + return nil, err + } + + return testdata.NewSignerWithFixedSig(key, fakeSig), nil +} diff --git a/structures.go b/structures.go deleted file mode 100644 index 87a61d79..00000000 --- a/structures.go +++ /dev/null @@ -1,37 +0,0 @@ -// Copyright 2016 Google LLC. All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package sctfe - -// Code to handle encoding / decoding various data structures used in RFC 6962. Does not -// contain the low level serialization. - -import ( - "crypto" - "crypto/sha256" - - "github.com/google/certificate-transparency-go/x509" -) - -const millisPerNano int64 = 1000 * 1000 - -// GetCTLogID takes the key manager for a log and returns the LogID. (see RFC 6962 S3.2) -// In CT V1 the log id is a hash of the public key. -func GetCTLogID(pk crypto.PublicKey) ([sha256.Size]byte, error) { - pubBytes, err := x509.MarshalPKIXPublicKey(pk) - if err != nil { - return [sha256.Size]byte{}, err - } - return sha256.Sum256(pubBytes), nil -} diff --git a/structures_test.go b/structures_test.go deleted file mode 100644 index e6a95919..00000000 --- a/structures_test.go +++ /dev/null @@ -1,61 +0,0 @@ -// Copyright 2016 Google LLC. All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package sctfe - -import ( - "crypto" - "crypto/x509" - "encoding/pem" - "testing" - "time" - - "github.com/transparency-dev/static-ct/testdata" -) - -var ( - fixedTime = time.Date(2017, 9, 7, 12, 15, 23, 0, time.UTC) - fixedTimeMillis = uint64(fixedTime.UnixNano() / millisPerNano) - demoLogID = [32]byte{19, 56, 222, 93, 229, 36, 102, 128, 227, 214, 3, 121, 93, 175, 126, 236, 97, 217, 34, 32, 40, 233, 98, 27, 46, 179, 164, 251, 84, 10, 60, 57} - fakeSignature = []byte("signed") -) - -func TestGetCTLogID(t *testing.T) { - block, _ := pem.Decode([]byte(testdata.DemoPublicKey)) - pk, err := x509.ParsePKIXPublicKey(block.Bytes) - if err != nil { - t.Fatalf("unexpected error loading public key: %v", err) - } - - got, err := GetCTLogID(pk) - if err != nil { - t.Fatalf("error getting logid: %v", err) - } - - if want := demoLogID; got != want { - t.Errorf("logID: \n%v want \n%v", got, want) - } -} - -// Creates a fake signer for use in interaction tests. -// It will always return fakeSig when asked to sign something. -func setupSigner(fakeSig []byte) (crypto.Signer, error) { - block, _ := pem.Decode([]byte(testdata.DemoPublicKey)) - key, err := x509.ParsePKIXPublicKey(block.Bytes) - if err != nil { - return nil, err - } - - return testdata.NewSignerWithFixedSig(key, fakeSig), nil -} From a302a47c63b4e3ac182688aad476ace066d0507d Mon Sep 17 00:00:00 2001 From: Philippe Boneff Date: Tue, 24 Dec 2024 16:56:38 +0000 Subject: [PATCH 4/9] rename serialize.go to signatures.go --- serialize.go => signatures.go | 0 serialize_test.go => signatures_test.go | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename serialize.go => signatures.go (100%) rename serialize_test.go => signatures_test.go (100%) diff --git a/serialize.go b/signatures.go similarity index 100% rename from serialize.go rename to signatures.go diff --git a/serialize_test.go b/signatures_test.go similarity index 100% rename from serialize_test.go rename to signatures_test.go From 7e1808ca4e65dd13a3b0aa38db13468e412e43ef Mon Sep 17 00:00:00 2001 From: Philippe Boneff Date: Thu, 9 Jan 2025 14:34:26 +0000 Subject: [PATCH 5/9] error handling --- instance.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/instance.go b/instance.go index abaf5ccb..9836269b 100644 --- a/instance.go +++ b/instance.go @@ -87,6 +87,9 @@ func SetUpInstance(ctx context.Context, opts InstanceOptions) (*Instance, error) timeSource := new(SystemTimeSource) cpSigner, err := NewCpSigner(cfg.Signer, cfg.Origin, timeSource) + if err != nil { + return nil, fmt.Errorf("failed to create checkpoint signer: %v", err) + } if opts.CreateStorage == nil { return nil, fmt.Errorf("failed to initiate storage backend: nil createStorage") From 1ba3563f57cdadc33af191747af2b8f402b1183e Mon Sep 17 00:00:00 2001 From: Philippe Boneff Date: Thu, 9 Jan 2025 16:16:25 +0000 Subject: [PATCH 6/9] address comments 1/2 --- handlers.go | 2 +- handlers_test.go | 2 +- signatures.go | 5 +++-- signatures_test.go | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/handlers.go b/handlers.go index 7375c047..e8abbc20 100644 --- a/handlers.go +++ b/handlers.go @@ -312,7 +312,7 @@ func addChainInternal(ctx context.Context, li *logInfo, w http.ResponseWriter, r } // Get the current time in the form used throughout RFC6962, namely milliseconds since Unix // epoch, and use this throughout. - timeMillis := uint64(li.TimeSource.Now().UnixNano() / millisPerNano) + timeMillis := uint64(li.TimeSource.Now().UnixNano() / NanosPerMilli) entry, err := entryFromChain(chain, isPrecert, timeMillis) if err != nil { diff --git a/handlers_test.go b/handlers_test.go index 8e3c04e9..ee864e63 100644 --- a/handlers_test.go +++ b/handlers_test.go @@ -49,7 +49,7 @@ import ( // Arbitrary time for use in tests var fakeTime = time.Date(2016, 7, 22, 11, 01, 13, 0, time.UTC) -var fakeTimeMillis = uint64(fakeTime.UnixNano() / millisPerNano) +var fakeTimeMillis = uint64(fakeTime.UnixNano() / NanosPerMilli) // The deadline should be the above bumped by 500ms var fakeDeadlineTime = time.Date(2016, 7, 22, 11, 01, 13, 500*1000*1000, time.UTC) diff --git a/signatures.go b/signatures.go index bbf7a020..64a36287 100644 --- a/signatures.go +++ b/signatures.go @@ -20,6 +20,7 @@ import ( "crypto/sha256" "encoding/binary" "fmt" + "time" "github.com/google/certificate-transparency-go/tls" "github.com/google/certificate-transparency-go/x509" @@ -29,7 +30,7 @@ import ( ct "github.com/google/certificate-transparency-go" ) -const millisPerNano int64 = 1000 * 1000 +const NanosPerMilli int64 = int64(time.Millisecond / time.Nanosecond) // TODO(phboneff): create an SCTSigner object func buildV1SCT(signer crypto.Signer, leaf *ct.MerkleTreeLeaf) (*ct.SignedCertificateTimestamp, error) { @@ -183,7 +184,7 @@ func NewCpSigner(cs crypto.Signer, origin string, timeSource TimeSource) (note.S return ns, nil } -// GetCTLogID takes the key manager for a log and returns the LogID. (see RFC 6962 S3.2) +// GetCTLogID takes a log public key and returns the LogID. (see RFC 6962 S3.2) // In CT V1 the log id is a hash of the public key. func GetCTLogID(pk crypto.PublicKey) ([sha256.Size]byte, error) { pubBytes, err := x509.MarshalPKIXPublicKey(pk) diff --git a/signatures_test.go b/signatures_test.go index ac2a87a2..015507ed 100644 --- a/signatures_test.go +++ b/signatures_test.go @@ -33,7 +33,7 @@ import ( var ( fixedTime = time.Date(2017, 9, 7, 12, 15, 23, 0, time.UTC) - fixedTimeMillis = uint64(fixedTime.UnixNano() / millisPerNano) + fixedTimeMillis = uint64(fixedTime.UnixNano() / NanosPerMilli) demoLogID = [32]byte{19, 56, 222, 93, 229, 36, 102, 128, 227, 214, 3, 121, 93, 175, 126, 236, 97, 217, 34, 32, 40, 233, 98, 27, 46, 179, 164, 251, 84, 10, 60, 57} fakeSignature = []byte("signed") ) From 1ec30eb6a202701bcd0198729ad9bf61aca0a855 Mon Sep 17 00:00:00 2001 From: Philippe Boneff Date: Thu, 9 Jan 2025 16:28:53 +0000 Subject: [PATCH 7/9] leave todo --- handlers.go | 2 +- signatures.go | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/handlers.go b/handlers.go index e8abbc20..7375c047 100644 --- a/handlers.go +++ b/handlers.go @@ -312,7 +312,7 @@ func addChainInternal(ctx context.Context, li *logInfo, w http.ResponseWriter, r } // Get the current time in the form used throughout RFC6962, namely milliseconds since Unix // epoch, and use this throughout. - timeMillis := uint64(li.TimeSource.Now().UnixNano() / NanosPerMilli) + timeMillis := uint64(li.TimeSource.Now().UnixNano() / millisPerNano) entry, err := entryFromChain(chain, isPrecert, timeMillis) if err != nil { diff --git a/signatures.go b/signatures.go index 64a36287..4334255b 100644 --- a/signatures.go +++ b/signatures.go @@ -186,6 +186,7 @@ func NewCpSigner(cs crypto.Signer, origin string, timeSource TimeSource) (note.S // GetCTLogID takes a log public key and returns the LogID. (see RFC 6962 S3.2) // In CT V1 the log id is a hash of the public key. +// TODO(phboneff): migrate to the logid package func GetCTLogID(pk crypto.PublicKey) ([sha256.Size]byte, error) { pubBytes, err := x509.MarshalPKIXPublicKey(pk) if err != nil { From 978f85b0cbb8d7695e261abea76d358e94118353 Mon Sep 17 00:00:00 2001 From: Philippe Boneff Date: Thu, 9 Jan 2025 16:36:17 +0000 Subject: [PATCH 8/9] millis --- handlers.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/handlers.go b/handlers.go index 7375c047..e8abbc20 100644 --- a/handlers.go +++ b/handlers.go @@ -312,7 +312,7 @@ func addChainInternal(ctx context.Context, li *logInfo, w http.ResponseWriter, r } // Get the current time in the form used throughout RFC6962, namely milliseconds since Unix // epoch, and use this throughout. - timeMillis := uint64(li.TimeSource.Now().UnixNano() / millisPerNano) + timeMillis := uint64(li.TimeSource.Now().UnixNano() / NanosPerMilli) entry, err := entryFromChain(chain, isPrecert, timeMillis) if err != nil { From 9c7d06596462dd779212671ab2a582c2e6ce61b9 Mon Sep 17 00:00:00 2001 From: Philippe Boneff Date: Thu, 9 Jan 2025 17:06:29 +0000 Subject: [PATCH 9/9] unexport --- handlers.go | 2 +- handlers_test.go | 2 +- signatures.go | 2 +- signatures_test.go | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/handlers.go b/handlers.go index e8abbc20..1356a8bd 100644 --- a/handlers.go +++ b/handlers.go @@ -312,7 +312,7 @@ func addChainInternal(ctx context.Context, li *logInfo, w http.ResponseWriter, r } // Get the current time in the form used throughout RFC6962, namely milliseconds since Unix // epoch, and use this throughout. - timeMillis := uint64(li.TimeSource.Now().UnixNano() / NanosPerMilli) + timeMillis := uint64(li.TimeSource.Now().UnixNano() / nanosPerMilli) entry, err := entryFromChain(chain, isPrecert, timeMillis) if err != nil { diff --git a/handlers_test.go b/handlers_test.go index ee864e63..d89de9f6 100644 --- a/handlers_test.go +++ b/handlers_test.go @@ -49,7 +49,7 @@ import ( // Arbitrary time for use in tests var fakeTime = time.Date(2016, 7, 22, 11, 01, 13, 0, time.UTC) -var fakeTimeMillis = uint64(fakeTime.UnixNano() / NanosPerMilli) +var fakeTimeMillis = uint64(fakeTime.UnixNano() / nanosPerMilli) // The deadline should be the above bumped by 500ms var fakeDeadlineTime = time.Date(2016, 7, 22, 11, 01, 13, 500*1000*1000, time.UTC) diff --git a/signatures.go b/signatures.go index 4334255b..baaa0f00 100644 --- a/signatures.go +++ b/signatures.go @@ -30,7 +30,7 @@ import ( ct "github.com/google/certificate-transparency-go" ) -const NanosPerMilli int64 = int64(time.Millisecond / time.Nanosecond) +const nanosPerMilli int64 = int64(time.Millisecond / time.Nanosecond) // TODO(phboneff): create an SCTSigner object func buildV1SCT(signer crypto.Signer, leaf *ct.MerkleTreeLeaf) (*ct.SignedCertificateTimestamp, error) { diff --git a/signatures_test.go b/signatures_test.go index 015507ed..772f0ec6 100644 --- a/signatures_test.go +++ b/signatures_test.go @@ -33,7 +33,7 @@ import ( var ( fixedTime = time.Date(2017, 9, 7, 12, 15, 23, 0, time.UTC) - fixedTimeMillis = uint64(fixedTime.UnixNano() / NanosPerMilli) + fixedTimeMillis = uint64(fixedTime.UnixNano() / nanosPerMilli) demoLogID = [32]byte{19, 56, 222, 93, 229, 36, 102, 128, 227, 214, 3, 121, 93, 175, 126, 236, 97, 217, 34, 32, 40, 233, 98, 27, 46, 179, 164, 251, 84, 10, 60, 57} fakeSignature = []byte("signed") )