[golang] Merkle verifier #1161
[golang] Merkle verifier #1161
Conversation
| h.hasher.Write([]byte{LeafPrefix}) | ||
| return h.hasher.Sum(leaf) | ||
|
|
||
| } |
There was a problem hiding this comment.
Can't you do something like this in Go instead? Wouldn't that be more Go-like?
func (h hash.Hash) HashLeaf(leaf []byte) []byte {
h.Reset()
h.Write([]byte{LeafPrefix})
return h.Sum(leaf)
}And just delete DigestSize. And inline the two-line implementation of HashEmpty entirely at its one call site?
Or if it's weird to add methods (which it kind of is for these methods in particular, from my perception of how this interface is meant to be used), HashLeafand HashChildren could just be plain functions that take a hash.Hash?
There was a problem hiding this comment.
Nope, that's pretty Objective-C, though :)
AFAIK in go you can't add methods to types in other packages.
|
Also: |
|
See cc5c322 for a suggestion trimming a chunk out. Also fails the tests, in the same way, I didn't fix it up, just flensed the fat away. 😉 |
| func (h TreeHasher) HashLeaf(leaf []byte) []byte { | ||
| h.hasher.Reset() | ||
| h.hasher.Write([]byte{LeafPrefix}) | ||
| return h.hasher.Sum(leaf) |
There was a problem hiding this comment.
I don't think this does what you think it does... https://golang.org/pkg/hash/ (or in fact, what anyone would expect it to do!)
There was a problem hiding this comment.
That is a really good point o_O
Thanks!
|
Very happy to see progress on this! |
|
PTAL :) |
| } | ||
|
|
||
| // VerifyInclusionProof verifies the correctness of the passed in proof given the passed in information about the tree and leaf. | ||
| func (m MerkleVerifier) VerifyInclusionProof(leafIndex, treeSize int64, proof [][]byte, root []byte, data []byte) error { |
There was a problem hiding this comment.
In Go, multiple arguments with the same type can be rewritten as follows:
func (m MerkleVerifier) VerifyInclusionProof(leafIndex, treeSize int64, proof [][]byte, root, data []byte)There was a problem hiding this comment.
Like leafIndex and treeSize already are, you mean? :)
I didn't collapse the later arg types as it looks a bit weird to me, though I don't feel strongly about it.
There was a problem hiding this comment.
It isn't clear what data is. Perhaps rename it to leaf or something like that?
|
Will this be integrated with the client? |
|
@RJPercival prod prod |
| "fmt" | ||
| ) | ||
|
|
||
| // MerkleVerifier is a class which knows how to verify merkle inclusion and consistency proofs. |
There was a problem hiding this comment.
The RFC refers to inclusion proofs as "audit proofs". Do we consistently use the term "inclusion proof" instead?
There was a problem hiding this comment.
Yeah - "audit proof" is kinda vague, so we settled on using "inclusion-" and "consistency-proof" for clarity.
|
PTAL |
|
ping |
|
This one could stand a rebase, being on top of a commit from back in April! 😉 |
AlCutter
force-pushed
the
go_merkle_verifier
branch
from
afdfb71 to
394f5b4
Compare
| } | ||
|
|
||
| // RootFromInclusionProof calculates the expected tree root given the proof and leaf. | ||
| func (m MerkleVerifier) RootFromInclusionProof(leafIndex, treeSize int64, proof [][]byte, data []byte) ([]byte, error) { |
There was a problem hiding this comment.
Rename data to leaf here as well.
|
PTAL |
| sha256EmptyTreeHash = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" | ||
| ) | ||
|
|
||
| func verifierCheck(v *MerkleVerifier, leafIndex, treeSize int64, proof [][]byte, root []byte, data []byte) error { |
There was a problem hiding this comment.
data should be renamed to leaf here too.
| return errors.New("incorrectly verified against swapped roots") | ||
| } | ||
|
|
||
| // Wrong inclusion proofs |
There was a problem hiding this comment.
s/inclusion/consistency/
| t.Fatalf("Empty leaf digest has length %d, but expected %d", got, want) | ||
| } | ||
|
|
||
| if bytes.Compare(leaf1Digest, leaf2Digest) == 0 { |
There was a problem hiding this comment.
nit: bytes.Equal is preferable to bytes.Compare. This applies in the next function as well.
There was a problem hiding this comment.
Yup, surprised I wrote it using Compare tbh. Done, anyway.
|
LGTM, bar a few nits. |
* upstream/master: (23 commits) Check for HTTP status 200 in fetchAndParse. Run everything through gofmt. Tweak the imports to make goimports happier. Initialize client if passed nil (google#1265) Have the caller supply the *http.Client used in logclient.go. Review fixes Use ASN1 lib to transform TLS encoded list into a Octet String Move SCTListLen Check to beginning Rework patch Add support for serializing SCT Lists Get rid of the Java MerkleLeafType enum. Add a missing entry to the .gitignore file. Get rid of the TLSSerializer class. Make the low-level serialization functions stand-alone ones in a namespace rather than members of a class. 6962-bis: Implement OID parsing/serialization. Do not use std::move in "return" statements. Improve stats comments and add additional inc. Add additonal stats to outer FixAndLog wrapper. [golang] Merkle verifier (google#1161) Ignore clang warnings due to unused stuff caused by glog (google#1253) Remove a few unnecessary uses of std::move. ...
[golang] Merkle verifier
* upstream/master: (25 commits) Check for HTTP status 200 in fetchAndParse. Run everything through gofmt. Tweak the imports to make goimports happier. Initialize client if passed nil (google#1265) Have the caller supply the *http.Client used in logclient.go. Review fixes Use ASN1 lib to transform TLS encoded list into a Octet String Move SCTListLen Check to beginning Rework patch Add support for serializing SCT Lists Get rid of the Java MerkleLeafType enum. Add a missing entry to the .gitignore file. Get rid of the TLSSerializer class. Make the low-level serialization functions stand-alone ones in a namespace rather than members of a class. 6962-bis: Implement OID parsing/serialization. Do not use std::move in "return" statements. Improve stats comments and add additional inc. Add additonal stats to outer FixAndLog wrapper. [golang] Merkle verifier (google#1161) Ignore clang warnings due to unused stuff caused by glog (google#1253) Remove a few unnecessary uses of std::move. ...
* upstream/master: (25 commits) Check for HTTP status 200 in fetchAndParse. Run everything through gofmt. Tweak the imports to make goimports happier. Initialize client if passed nil (google#1265) Have the caller supply the *http.Client used in logclient.go. Review fixes Use ASN1 lib to transform TLS encoded list into a Octet String Move SCTListLen Check to beginning Rework patch Add support for serializing SCT Lists Get rid of the Java MerkleLeafType enum. Add a missing entry to the .gitignore file. Get rid of the TLSSerializer class. Make the low-level serialization functions stand-alone ones in a namespace rather than members of a class. 6962-bis: Implement OID parsing/serialization. Do not use std::move in "return" statements. Improve stats comments and add additional inc. Add additonal stats to outer FixAndLog wrapper. [golang] Merkle verifier (google#1161) Ignore clang warnings due to unused stuff caused by glog (google#1253) Remove a few unnecessary uses of std::move. ...
Lays groundwork for #1159
cc/ @gdbelvin