path: root/own.go
diff options
authorBen Burwell <ben@benburwell.com>2019-09-09 14:18:35 -0400
committerBen Burwell <ben@benburwell.com>2019-09-09 14:18:35 -0400
commit231fe480a3a52ad228d9a7d3cda0a2fe1663a284 (patch)
tree8aa90edd88e766361b09dc5e4e22a5c03dd9c396 /own.go
parent81342fc5250e14a53b42cb168f7fd6fffad50de5 (diff)
vendor sumdb
Diffstat (limited to 'own.go')
1 files changed, 155 insertions, 0 deletions
diff --git a/own.go b/own.go
new file mode 100644
index 0000000..ae3e457
--- /dev/null
+++ b/own.go
@@ -0,0 +1,155 @@
+package main
+// func audit(d *db) error {
+// log.Printf("starting audit of %s...", d.host)
+// size, hash, err := d.getLatest()
+// if err != nil {
+// return err
+// }
+// log.Printf("db size %d", size)
+// log.Printf("db hash %s", hash)
+// return nil
+// }
+// type db struct {
+// host string
+// key string
+// pollInterval time.Duration
+// }
+// // httpGet makes a GET request to the specified path of the database and
+// // returns a byte slice of the response body.
+// func (d *db) httpGet(path string) ([]byte, error) {
+// client := &http.Client{}
+// resp, err := client.Get("https://" + d.host + path)
+// if err != nil {
+// return nil, err
+// }
+// defer resp.Body.Close()
+// var body bytes.Buffer
+// if _, err := io.Copy(&body, resp.Body); err != nil {
+// return nil, fmt.Errorf("could not read response body: %w", err)
+// }
+// return body.Bytes(), nil
+// }
+// // verifyNote takes a signed byte slice, verifies the signature against the
+// // db's public key. If successful, the note content is returned, otherwise, an
+// // error.
+// func (d *db) verifyNote(b []byte) (string, error) {
+// verifier, err := note.NewVerifier(d.key)
+// if err != nil {
+// return "", err
+// }
+// verifiers := note.VerifierList(verifier)
+// msg, err := note.Open(b, verifiers)
+// if err != nil {
+// return "", err
+// }
+// return msg.Text, nil
+// }
+// // bootstrapMonitor fetches and verifies the current tree starting from the
+// // first log entry, and returns the current verified size and hash.
+// func (d *db) bootstrapMonitor() (int, string, error) {
+// log.Printf("bootstrapping monitor")
+// log.Printf("TODO: implement fully")
+// log.Printf("verified until size 163038")
+// return 163038, "S1dhskM/kuUJUOCz3InBRhl0vFiHxr0INft+24ClisI=", nil
+// // TODO: implement
+// // 1. Fetch the current STH (section 4.3)
+// // 2. Verify the STH signature
+// // size, hash, err := d.getLatest()
+// // if err != nil {
+// // return err
+// // }
+// // 3. Fetch all entries in the tree corresponding to the STH (section 4.6)
+// // 4. Confirm that the tree made from the fetched entries produces the same
+// // hash as that in the STH.
+// }
+// // monitor monitors the db to ensure it behaves correctly, using the algorithm
+// // for CT logs specified in RFC 6952 section 3.5.
+// func (d *db) monitor() error {
+// log.Printf("starting monitor")
+// size, hash, err := d.bootstrapMonitor()
+// if err != nil {
+// return err
+// }
+// log.Printf("successfully verified merkle tree proof until size %d and hash %s", size, hash)
+// // 5. Fetch the current STH (section 4.3). Repeat until the STH changes.
+// // 6. Verify the STH signature.
+// log.Printf("waiting for a tree size greater than %d", size)
+// newSize, newHash, err := d.awaitNewSTH(size)
+// if err != nil {
+// return err
+// }
+// log.Printf("got new STH with size %d and hash %s", newSize, newHash)
+// // 7. Fetch all the new entries in the tree corresponding to the STH (section
+// // 4.6). If they remain unavailable for an extended period, then this should
+// // be viewed as misbehavior on the part of the log.
+// // 8. Fetch a consistency proof for the new STH with the previous STH
+// // (section 4.4).
+// // 9. Verify the consistency proof.
+// // 10. Verify that the new entries generate the corresponding elements in the
+// // consistency proof.
+// // 11. Go to step 5.
+// return nil
+// }
+// // awaitNewSTH periodically checks and verifies the current STH. If the latest
+// // tree size differs from the previous size, the new verified size and hash are
+// // returned.
+// func (d *db) awaitNewSTH(prevSize int) (int, string, error) {
+// for {
+// log.Printf("sleeping...")
+// time.Sleep(d.pollInterval)
+// log.Printf("checking latest tree size")
+// size, hash, err := d.getLatest()
+// if err != nil {
+// return 0, "", err
+// }
+// if size < prevSize {
+// return 0, "", fmt.Errorf("misbehaving log: latest log contains %d entries but previously reported %d", size, prevSize)
+// }
+// if size != prevSize {
+// log.Printf("found a new STH (size=%d)", size)
+// return size, hash, nil
+// }
+// log.Printf("tree sizes match")
+// }
+// }
+// // getLatest fetches and verifies the latest signed tree head hash and database
+// // size.
+// func (d *db) getLatest() (int, string, error) {
+// body, err := d.httpGet("/latest")
+// if err != nil {
+// return 0, "", fmt.Errorf("could not fetch latest: %w", err)
+// }
+// msg, err := d.verifyNote(body)
+// if err != nil {
+// return 0, "", fmt.Errorf("could not verify note: %w", err)
+// }
+// parts := strings.Split(msg, "\n")
+// if len(parts) != 4 {
+// return 0, "", fmt.Errorf("could not parse latest: expected %d lines but got %d", 4, len(parts))
+// }
+// size, err := strconv.Atoi(parts[1])
+// if err != nil {
+// return 0, "", fmt.Errorf("could not parse tree size: %w", err)
+// }
+// hash := parts[2]
+// return size, hash, nil
+// }