luct-core 0.1.0

Core types and parsers for certificate transparency
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173

use crate::store::{AppendableStore, Hashable, Store};
pub use crate::tree::{
    consistency::ConsistencyProof,
    inclusion::AuditProof,
    node::{Node, NodeKey},
};
use serde::{Deserialize, Serialize};
use std::marker::PhantomData;
use thiserror::Error;

mod consistency;
mod inclusion;
mod node;

pub(crate) type HashOutput = [u8; 32];

#[derive(Clone, Debug, PartialEq, Eq, Error)]
pub enum ProofGenerationError {
    #[error("Index {index} not found in tree of size {tree_size}")]
    InvalidIndex { tree_size: u64, index: u64 },

    #[error("Invalid tree size {received} smaller than {expected}")]
    InvalidTreeSize { expected: u64, received: u64 },

    #[error("Failed to fetch key {0:?} from the store")]
    KeyNotFound(NodeKey),
}

#[derive(Clone, Debug, PartialEq, Eq, Error)]
pub enum ProofValidationError {
    #[error("Found an unxexpected hash length (expected: {expected}, received: {received})")]
    InvalidHashLength { expected: usize, received: usize },

    #[error("Index {index} not found in tree of size {tree_size}")]
    InvalidIndex { tree_size: u64, index: u64 },

    #[error("Invalid tree size {received} smaller than {expected}")]
    InvalidTreeSize { expected: u64, received: u64 },

    #[error("Hash mismatch")]
    HashMismatch,

    #[error("Merkle path was too short")]
    PathTooShort,

    #[error("Merkle path was too long")]
    PathTooLong,
}

#[derive(Debug, Clone)]
pub struct Tree<N, L, V> {
    nodes: N,
    leafs: L,
    values: PhantomData<V>,
}

impl<N, L, V> Tree<N, L, V> {
    pub fn new(node_store: N, leaf_store: L) -> Self {
        Self {
            nodes: node_store,
            leafs: leaf_store,
            values: PhantomData,
        }
    }

    pub fn nodes(&self) -> &N {
        &self.nodes
    }
}

impl<N, L, V> Tree<N, L, V>
where
    N: Store<NodeKey, HashOutput>,
    L: AppendableStore<u64, V>,
    V: Hashable,
{
    pub fn insert_entry(&self, entry: V) {
        let entry_hash = entry.hash();
        let idx = self.leafs.append(entry);
        let entry_key = NodeKey::leaf(idx);
        self.nodes.insert(entry_key, entry_hash);

        // Already update intermediate nodes, if they are power of twos
        let end = idx + 1;
        let mut diff = 2;

        while end.is_multiple_of(diff) {
            let start = end - diff;

            let key = NodeKey { start, end };
            let (left, right) = key.split();

            let node = Node {
                left: self.nodes.get(&left).unwrap(),
                right: self.nodes.get(&right).unwrap(),
            };

            self.nodes.insert(key, node.hash());

            diff <<= 1;
        }
    }

    pub fn recompute_tree_head(&self) -> TreeHead {
        let tree_size = self.leafs.len() as u64;
        let mut current_key = NodeKey::full_range(tree_size);
        let mut balanced_nodes = vec![];

        while !current_key.is_balanced() {
            let (left, right) = current_key.split();
            assert!(left.is_balanced());
            balanced_nodes.push(left);
            current_key = right;
        }

        let mut current_node_hash = self.nodes.get(&current_key).unwrap();
        while let Some(left_key) = balanced_nodes.pop() {
            let current_node = Node {
                left: self.nodes.get(&left_key).unwrap(),
                right: self.nodes.get(&current_key).unwrap(),
            };

            current_key = left_key.merge(&current_key).unwrap();
            current_node_hash = current_node.hash();
            self.nodes.insert(current_key.clone(), current_node_hash);
        }

        TreeHead {
            tree_size,
            head: current_node_hash,
        }
    }

    pub fn get_latest_tree_head(&self) -> Option<TreeHead> {
        let idx = self.leafs.len() as u64;
        self.nodes
            .get(&NodeKey::full_range(idx))
            .map(|head| TreeHead {
                tree_size: idx,
                head,
            })
    }
}

#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
pub struct TreeHead {
    pub(crate) tree_size: u64,
    pub(crate) head: HashOutput,
}

impl TreeHead {
    pub fn tree_size(&self) -> u64 {
        self.tree_size
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use sha2::{Digest, Sha256};

    impl Hashable for String {
        fn hash(&self) -> HashOutput {
            Sha256::digest(self.as_bytes()).into()
        }
    }

    impl Hashable for HashOutput {
        fn hash(&self) -> HashOutput {
            Sha256::digest(self).into()
        }
    }
}