Merge pull request #263 from dlorenc/stopver

Drop signature verification in rekor server.

Merge pull request #263 from dlorenc/stopver
236a8722 · dlorenc · GitHub · cce6cabf · 05af75f0 · 236a8722
Unverified Commit 236a8722 authored 4 years ago by dlorenc Committed by GitHub 4 years ago
--- a/cmd/rekor-server/app/watch.go
+++ b/cmd/rekor-server/app/watch.go
@@ -31,7 +31,6 @@ import (

 	"github.com/google/trillian"
 	tclient "github.com/google/trillian/client"
-	tcrypto "github.com/google/trillian/crypto"
 	"github.com/google/trillian/merkle/rfc6962/hasher"
 	"github.com/google/trillian/types"

@@ -158,8 +157,9 @@ func doCheck(c *client.Rekor, v *tclient.LogVerifier) (*SignedAndUnsignedLogRoot
 		LogRoot:          logRoot,
 		LogRootSignature: signature,
 	}
-	lr, err := tcrypto.VerifySignedLogRoot(v.PubKey, v.SigHash, &sth)
-	if err != nil {
+
+	lr := &types.LogRootV1{}
+	if err := lr.UnmarshalBinary(sth.LogRoot); err != nil {
 		return nil, err
 	}
 	return &SignedAndUnsignedLogRoot{

--- a/pkg/api/entries.go
+++ b/pkg/api/entries.go
@@ -23,6 +23,8 @@ import (
 	"net/http"
 	"net/url"

+	ttypes "github.com/google/trillian/types"
+
 	"github.com/google/trillian"
 	"github.com/spf13/viper"
 	"golang.org/x/sync/errgroup"
@@ -39,18 +41,17 @@ import (

 	"github.com/go-openapi/runtime/middleware"
 	"github.com/go-openapi/strfmt"
-	tcrypto "github.com/google/trillian/crypto"
 	rfc6962 "github.com/google/trillian/merkle/rfc6962/hasher"
 	"github.com/sigstore/rekor/pkg/generated/restapi/operations/entries"
 )

 //logEntryFromLeaf creates LogEntry struct from trillian structs
 func logEntryFromLeaf(tc TrillianClient, leaf *trillian.LogLeaf, signedLogRoot *trillian.SignedLogRoot, proof *trillian.Proof) (models.LogEntry, error) {
-	root, err := tcrypto.VerifySignedLogRoot(tc.verifier.PubKey, tc.verifier.SigHash, signedLogRoot)
-	if err != nil {
+
+	root := &ttypes.LogRootV1{}
+	if err := root.UnmarshalBinary(signedLogRoot.LogRoot); err != nil {
 		return nil, err
 	}
-
 	hashes := []string{}
 	for _, hash := range proof.Hashes {
 		hashes = append(hashes, hex.EncodeToString(hash))

--- a/pkg/api/tlog.go
+++ b/pkg/api/tlog.go
@@ -27,7 +27,7 @@ import (

 	"github.com/go-openapi/runtime/middleware"
 	"github.com/go-openapi/strfmt"
-	tcrypto "github.com/google/trillian/crypto"
+	"github.com/google/trillian/types"
 	"github.com/sigstore/rekor/pkg/generated/restapi/operations/tlog"
 )

@@ -41,9 +41,8 @@ func GetLogInfoHandler(params tlog.GetLogInfoParams) middleware.Responder {
 	}
 	result := resp.getLatestResult

-	// validate result is signed with the key we're aware of
-	root, err := tcrypto.VerifySignedLogRoot(tc.verifier.PubKey, tc.verifier.SigHash, result.SignedLogRoot)
-	if err != nil {
+	root := &types.LogRootV1{}
+	if err := root.UnmarshalBinary(result.SignedLogRoot.LogRoot); err != nil {
 		return handleRekorAPIError(params, http.StatusInternalServerError, err, trillianUnexpectedResult)
 	}

@@ -80,9 +79,8 @@ func GetLogProofHandler(params tlog.GetLogProofParams) middleware.Responder {
 	}
 	result := resp.getConsistencyProofResult

-	// validate result is signed with the key we're aware of
-	root, err := tcrypto.VerifySignedLogRoot(tc.verifier.PubKey, tc.verifier.SigHash, result.SignedLogRoot)
-	if err != nil {
+	var root types.LogRootV1
+	if err := root.UnmarshalBinary(result.SignedLogRoot.LogRoot); err != nil {
 		return handleRekorAPIError(params, http.StatusInternalServerError, err, trillianUnexpectedResult)
 	}