Use MapID as reported in SignedMapRoot (#721)

* Use MapID as reported in SignedMapRoot

MapID is part of SignedMapRoot and part of leaf and empty hash
computation. We can remove a bit of state from the client without a
reduction in security by relying on the value as reported by the server.

* fix verifier

Author: gdbelvin

cmd/keytransparency-client/cmd/root.go

@@ -83,8 +83,6 @@ func init() {
 	RootCmd.PersistentFlags().String("log-url", "", "URL of Certificate Transparency server")
 	RootCmd.PersistentFlags().String("log-key", "", "Path to public key PEM for Trillian Log server")
 
-	RootCmd.PersistentFlags().Int64("map-id", 0, "Map ID of the backend map server")
-
 	RootCmd.PersistentFlags().String("kt-url", "", "URL of Key Transparency server")
 	RootCmd.PersistentFlags().String("kt-key", "testdata/server.crt", "Path to public key for Key Transparency")
 	RootCmd.PersistentFlags().String("kt-sig", "testdata/p256-pubkey.pem", "Path to public key for signed map heads")
@@ -186,7 +184,7 @@ func readSignatureVerifier(ktPEM string) (signatures.Verifier, error) {
 	return ver, nil
 }
 
-func getClient(cc *grpc.ClientConn, mapID int64, vrfPubFile, ktSig string, log client.LogVerifier) (*grpcc.Client, error) {
+func getClient(cc *grpc.ClientConn, vrfPubFile, ktSig string, log client.LogVerifier) (*grpcc.Client, error) {
 	// Create Key Transparency client.
 	vrfKey, err := readVrfKey(vrfPubFile)
 	if err != nil {
@@ -197,7 +195,7 @@ func getClient(cc *grpc.ClientConn, mapID int64, vrfPubFile, ktSig string, log c
 		return nil, fmt.Errorf("error reading key transparency PEM: %v", err)
 	}
 	cli := pb.NewKeyTransparencyServiceClient(cc)
-	return grpcc.New(mapID, cli, vrfKey, verifier, log), nil
+	return grpcc.New(cli, vrfKey, verifier, log), nil
 }
 
 func dial(ktURL, caFile, clientSecretFile string, serviceKeyFile string) (*grpc.ClientConn, error) {
@@ -257,7 +255,6 @@ func GetClient(clientSecretFile string) (*grpcc.Client, error) {
 	ktURL := viper.GetString("kt-url")
 	ktPEM := viper.GetString("kt-key")
 	ktSig := viper.GetString("kt-sig")
-	mapID := viper.GetInt64("map-id")
 	logPEM := viper.GetString("log-key")
 	serviceKeyFile := viper.GetString("service-key")
 	cc, err := dial(ktURL, ktPEM, clientSecretFile, serviceKeyFile)
@@ -277,7 +274,7 @@ func GetClient(clientSecretFile string) (*grpcc.Client, error) {
 	}
 	log := client.NewLogVerifier(hasher, logPubKey)
 
-	c, err := getClient(cc, mapID, vrfFile, ktSig, log)
+	c, err := getClient(cc, vrfFile, ktSig, log)
 	if err != nil {
 		return nil, fmt.Errorf("Error creating client: %v", err)
 	}

cmd/keytransparency-client/grpcc/grpc_client.go

@@ -91,15 +91,15 @@ type Client struct {
 }
 
 // New creates a new client.
-func New(mapID int64,
+func New(
 	client spb.KeyTransparencyServiceClient,
 	vrf vrf.PublicKey,
 	verifier crypto.PublicKey,
 	log client.LogVerifier) *Client {
 	return &Client{
 		cli:        client,
 		vrf:        vrf,
-		kt:         kt.New(vrf, tv.New(mapID, sparse.CONIKSHasher), verifier, log),
+		kt:         kt.New(vrf, tv.New(sparse.CONIKSHasher), verifier, log),
 		log:        log,
 		mutator:    entry.New(),
 		RetryCount: 1,

core/client/kt/verify.go

@@ -25,15 +25,16 @@ import (
 	"github.com/google/keytransparency/core/crypto/commitments"
 	"github.com/google/keytransparency/core/crypto/vrf"
 	"github.com/google/keytransparency/core/tree/sparse"
-	tv "github.com/google/keytransparency/core/tree/sparse/verifier"
 
 	"github.com/golang/protobuf/proto"
+	"github.com/google/trillian"
 	"github.com/google/trillian/client"
-	tcrypto "github.com/google/trillian/crypto"
 	"golang.org/x/net/context"
 
+	tv "github.com/google/keytransparency/core/tree/sparse/verifier"
+	tcrypto "github.com/google/trillian/crypto"
+
 	tpb "github.com/google/keytransparency/core/proto/keytransparency_v1_types"
-	"github.com/google/trillian"
 )
 
 var (
@@ -106,7 +107,8 @@ func (v *Verifier) VerifyGetEntryResponse(ctx context.Context, userID, appID str
 		return ErrNilProof
 	}
 
-	if err := v.tree.VerifyProof(leafProof.Inclusion, index[:], leafProof.Leaf.LeafValue, sparse.FromBytes(in.GetSmr().RootHash)); err != nil {
+	mapID := in.GetSmr().GetMapId()
+	if err := v.tree.VerifyProof(mapID, leafProof.Inclusion, index[:], leafProof.Leaf.LeafValue, sparse.FromBytes(in.GetSmr().RootHash)); err != nil {
 		Vlog.Printf("✗ Sparse tree proof verification failed.")
 		return fmt.Errorf("tree.VerifyProof(): %v", err)
 	}

core/tree/sparse/verifier/verifier.go

@@ -38,27 +38,25 @@ var (
 
 // Verifier represents a sparse tree proof verifier object.
 type Verifier struct {
-	mapID  int64
 	hasher sparse.TreeHasher
 }
 
 // New returns a new tree proofs verifier object.
-func New(mapID int64, hasher sparse.TreeHasher) *Verifier {
+func New(hasher sparse.TreeHasher) *Verifier {
 	return &Verifier{
-		mapID:  mapID,
 		hasher: hasher,
 	}
 }
 
 // VerifyProof verifies a tree proof of a given leaf at a given index based on
 // the provided root and neighbor list
-func (v *Verifier) VerifyProof(neighbors [][]byte, index, leaf []byte, root sparse.Hash) error {
+func (v *Verifier) VerifyProof(treeID int64, neighbors [][]byte, index, leaf []byte, root sparse.Hash) error {
 	if len(neighbors) > sparse.IndexLen {
 		return ErrNeighborsLen
 	}
 
 	// Calculate the tree root based on neighbors and leaf.
-	calculatedRoot, err := v.calculateRoot(neighbors, tree.BitString(index), leaf)
+	calculatedRoot, err := v.calculateRoot(treeID, neighbors, tree.BitString(index), leaf)
 	if err != nil {
 		return err
 	}
@@ -73,7 +71,7 @@ func (v *Verifier) VerifyProof(neighbors [][]byte, index, leaf []byte, root spar
 
 // calculateRoot calculates the root of the tree branch defined by leaf and
 // neighbors.
-func (v *Verifier) calculateRoot(neighbors [][]byte, bindex string, leaf []byte) (sparse.Hash, error) {
+func (v *Verifier) calculateRoot(treeID int64, neighbors [][]byte, bindex string, leaf []byte) (sparse.Hash, error) {
 	var leafHash sparse.Hash
 
 	// If the leaf is empty, it is a proof of absence.
@@ -84,10 +82,10 @@ func (v *Verifier) calculateRoot(neighbors [][]byte, bindex string, leaf []byte)
 		// Calculate the value of the empty leaf
 		missingBranchBIndex := bindex[:len(neighbors)]
 		index, depth := tree.InvertBitString(missingBranchBIndex)
-		leafHash = v.hasher.HashEmpty(v.mapID, index, depth)
+		leafHash = v.hasher.HashEmpty(treeID, index, depth)
 	} else {
 		index, depth := tree.InvertBitString(bindex)
-		leafHash = v.hasher.HashLeaf(v.mapID, index, depth, leaf)
+		leafHash = v.hasher.HashLeaf(treeID, index, depth, leaf)
 	}
 
 	// calculatedRoot holds the calculated root so far, starting from leaf.
@@ -100,7 +98,7 @@ func (v *Verifier) calculateRoot(neighbors [][]byte, bindex string, leaf []byte)
 		// If the neighbor is empty, set it to HashEmpty output.
 		if len(neighbor) == 0 {
 			nIndex, nDepth := tree.InvertBitString(neighborBIndex)
-			neighborHash = v.hasher.HashEmpty(v.mapID, nIndex, nDepth)
+			neighborHash = v.hasher.HashEmpty(treeID, nIndex, nDepth)
 		} else {
 			neighborHash = sparse.FromBytes(neighbor)
 		}

core/tree/sparse/verifier/verifier_test.go

@@ -82,7 +82,7 @@ func generateNbrData(t *testing.T, leaves []Leaf) ([][][]byte, error) {
 */
 
 func TestVerifyProof(t *testing.T) {
-	verifier := New(mapID, sparse.CONIKSHasher)
+	verifier := New(sparse.CONIKSHasher)
 	for _, tc := range []struct {
 		root   []byte
 		leaves []Leaf
@@ -165,7 +165,7 @@ func TestVerifyProof(t *testing.T) {
 				nbrs[256-len(leaf.nbrs)+k] = nbr
 			}
 
-			if err := verifier.VerifyProof(nbrs, leaf.index, leaf.value, sparse.FromBytes(tc.root)); err != nil {
+			if err := verifier.VerifyProof(mapID, nbrs, leaf.index, leaf.value, sparse.FromBytes(tc.root)); err != nil {
 				t.Errorf("VerifyProof(_, %v, _, _)=%v", leaf.index, err)
 			}
 		}

integration/testutil.go

@@ -214,7 +214,7 @@ func NewEnv(t *testing.T) *Env {
 		t.Fatalf("Dial(%v) = %v", addr, err)
 	}
 	cli := pb.NewKeyTransparencyServiceClient(cc)
-	client := grpcc.New(mapID, cli, vrfPub, verifier, fake.NewFakeTrillianLogVerifier())
+	client := grpcc.New(cli, vrfPub, verifier, fake.NewFakeTrillianLogVerifier())
 	client.RetryCount = 0
 
 	return &Env{s, server, cc, client, signer, sqldb, factory, vrfPriv, cli, hs}

scripts/prepare_client.sh

@@ -76,7 +76,6 @@ vrf:    \"${VRF}\"
 kt-key: \"${KTKEY}\"
 kt-sig: \"${SIGKEY}\"
 domain: \"${DOMAIN}\"
-mapid: ${MAP_ID}
 kt-url: \"${KTURL}\"
 client-secret: \"${CLIENTSECRET}\"
 service-key: \"${SERVICEKEY}\""