Add support for Bootstrap Merkle Tree Certificate log (#48)

* Add mtc_api and mtc_worker crates, implementing a (bootstrap) Merkle
  Tree Certificate Authority log that accepts a X.509 chain and
  issues a TbsCertificateLogEntry covered by that chain. There are
  several outstanding TODOs to add necessary validation.
* Add associated constants to PendingLogEntry to specify the data path
  elem (e.g., 'data' for static-ct-api, 'entries' for tlog-tiles, etc.),
  and an optional 'unhashed' path elem. This allows a log to publish
  unauthenticated ('unhashed') extra data to a separate path in the
  public bucket.  The intended use case if for the 'bootstrap' X.509
  chain in Merkle Tree Certificates.
* Add associated constant REQUIRE_CHECKPOINT_TIMESTAMP to LogEntry
  specifying whether checkpoints require at least one timestamped
  signature.
* Add aux_entry() method to PendingLogEntry to retrieve the
  auxiliary entry, if configured for the log.
* Change get_cached_entry method to get_cached_metadata, since we don't
  always have a way to retrieve metadata from a LogEntry.
* Remove inner() method for LogEntry, since it's never actually needed.
* Remove logging_labels() method for LogEntry, since not every generic
  log has a 'type' field for log entries. Counts of 'add-chain' vs
  'add-pre-chain' requests can be recorded elsewhere if needed.
* Replace Tile::set_data_with_path() with the slightly more ergonomic
  TlogTile::with_data_path().
* Use lifetimes to remove 'Cursor' type from TileIterator and avoid some
  unnecessary cloning.
* Refactor to avoid unnecessary clones in 'load' and 'sequence_entries'.

Author: lukevalenta

Cargo.lock

@@ -9,17 +9,17 @@ use crate::{load_signing_key, load_witness_key, LookupKey, SequenceMetadata, CON
 use config::TemporalInterval;
 use futures_util::future::try_join_all;
 use generic_log_worker::{
-    ctlog::UploadOptions, get_cached_entry, get_durable_object_stub, init_logging, load_cache_kv,
-    load_public_bucket, put_cache_entry_metadata, ObjectBackend, ObjectBucket, ENTRY_ENDPOINT,
-    METRICS_ENDPOINT,
+    ctlog::UploadOptions, get_cached_metadata, get_durable_object_stub, init_logging,
+    load_cache_kv, load_public_bucket, put_cache_entry_metadata, ObjectBackend, ObjectBucket,
+    ENTRY_ENDPOINT, METRICS_ENDPOINT,
 };
 use log::{debug, info, warn};
 use p256::pkcs8::EncodePublicKey;
 use serde::Serialize;
 use serde_with::{base64::Base64, serde_as};
 use sha2::{Digest, Sha256};
 use static_ct_api::{AddChainRequest, GetRootsResponse, StaticCTLogEntry};
-use tlog_tiles::PendingLogEntry;
+use tlog_tiles::{LogEntry, PendingLogEntry};
 #[allow(clippy::wildcard_imports)]
 use worker::*;
 
@@ -192,8 +192,9 @@ async fn add_chain_or_pre_chain(
 
     // Check if entry is cached and return right away if so.
     let kv = load_cache_kv(env, name)?;
-    if let Some(entry) = get_cached_entry(&kv, &pending_entry, params.enable_dedup).await? {
+    if let Some(metadata) = get_cached_metadata(&kv, &pending_entry, params.enable_dedup).await? {
         debug!("{name}: Entry is cached");
+        let entry = StaticCTLogEntry::new(pending_entry, metadata);
         let sct = static_ct_api::signed_certificate_timestamp(signing_key, &entry)
             .map_err(|e| e.to_string())?;
         return Response::from_json(&sct);

crates/ct_worker/src/frontend_worker.rs

@@ -36,14 +36,16 @@ use std::{
 };
 use thiserror::Error;
 use tlog_tiles::{
-    Hash, HashReader, LogEntry, PathElem, PendingLogEntry, Tile, TileIterator, TlogError, TlogTile,
+    Hash, HashReader, LogEntry, PendingLogEntry, Tile, TileIterator, TlogError, TlogTile,
     TreeWithTimestamp, UnixTimestamp, HASH_SIZE,
 };
 use tokio::sync::watch::{channel, Receiver, Sender};
 
 /// The maximum tile level is 63 (<c2sp.org/static-ct-api>), so safe to use [`u8::MAX`] as
 /// the special level for data tiles. The Go implementation uses -1.
-const DATA_TILE_KEY: u8 = u8::MAX;
+const DATA_TILE_LEVEL_KEY: u8 = u8::MAX;
+/// Same as above, anything above 63 is fine to use as the level key.
+const UNHASHED_TILE_LEVEL_KEY: u8 = u8::MAX - 1;
 const CHECKPOINT_KEY: &str = "checkpoint";
 const STAGING_KEY: &str = "staging";
 
@@ -323,9 +325,13 @@ impl SequenceState {
             "unexpected extension in DO checkpoint"
         );
 
-        // TODO: This is guaranteed to succeed right now bc we've hardcoded the verifier types. But
-        // this won't in general. Make an error type for this
-        let timestamp = timestamp.expect("no verifiers with timestamped signatures were used");
+        let timestamp = match timestamp {
+            Some(timestamp) => timestamp,
+            None if L::REQUIRE_CHECKPOINT_TIMESTAMP => {
+                bail!("no verifiers with timestamped signatures were used")
+            }
+            _ => 0,
+        };
 
         // Load the checkpoint from the object storage backend, verify it, and compare it to the
         // DO storage checkpoint.
@@ -372,33 +378,29 @@ impl SequenceState {
         // Fetch the tiles on the right edge, and verify them against the checkpoint.
         let mut edge_tiles = HashMap::new();
         if c.size() > 0 {
-            // Fetch the right-most edge tiles by reading the last leaf. TileHashReader will fetch
+            // Fetch the right-most tree tiles by reading the last leaf. TileHashReader will fetch
             // and verify the right tiles as a side-effect.
             edge_tiles = read_edge_tiles(object, c.size(), c.hash()).await?;
 
             // Fetch the right-most data tile.
-            let mut data_tile = edge_tiles
-                .get(&0)
-                .ok_or(anyhow!("no level 0 tile found"))?
-                .clone();
-            data_tile.tile.set_data_with_path(PathElem::Data);
-            data_tile.b = object
-                .fetch(&data_tile.tile.path())
+            let (level0_tile, level0_tile_bytes) = {
+                let x = edge_tiles.get(&0).ok_or(anyhow!("no level 0 tile found"))?;
+                (x.tile, &x.b)
+            };
+            let data_tile = level0_tile.with_data_path(L::Pending::DATA_TILE_PATH);
+            let data_tile_bytes = object
+                .fetch(&data_tile.path())
                 .await?
                 .ok_or(anyhow!("no data tile in object storage"))?;
-            edge_tiles.insert(DATA_TILE_KEY, data_tile.clone());
 
             // Verify the data tile against the level 0 tile.
-            let start = u64::from(TlogTile::FULL_WIDTH) * data_tile.tile.level_index();
-            for (i, entry) in TileIterator::<L>::new(
-                edge_tiles.get(&DATA_TILE_KEY).unwrap().b.clone(),
-                data_tile.tile.width() as usize,
-            )
-            .enumerate()
+            let start = u64::from(TlogTile::FULL_WIDTH) * data_tile.level_index();
+            for (i, entry) in
+                TileIterator::<L>::new(&data_tile_bytes, data_tile.width() as usize).enumerate()
             {
                 let got = entry?.merkle_tree_leaf();
-                let exp = edge_tiles.get(&0).unwrap().tile.hash_at_index(
-                    &edge_tiles.get(&0).unwrap().b,
+                let exp = level0_tile.hash_at_index(
+                    level0_tile_bytes,
                     tlog_tiles::stored_hash_index(0, start + i as u64),
                 )?;
                 if got != exp {
@@ -408,6 +410,32 @@ impl SequenceState {
                     );
                 }
             }
+
+            // Store the data tile.
+            edge_tiles.insert(
+                DATA_TILE_LEVEL_KEY,
+                TileWithBytes {
+                    tile: data_tile,
+                    b: data_tile_bytes,
+                },
+            );
+
+            // Fetch and store the right-most auxiliary tile, if configured.
+            if let Some(path_elem) = L::Pending::AUX_TILE_PATH {
+                let aux_tile = level0_tile.with_data_path(path_elem);
+                let aux_tile_bytes = object
+                    .fetch(&aux_tile.path())
+                    .await?
+                    .ok_or(anyhow!("no auxiliary tile in object storage"))?;
+
+                edge_tiles.insert(
+                    UNHASHED_TILE_LEVEL_KEY,
+                    TileWithBytes {
+                        tile: aux_tile,
+                        b: aux_tile_bytes,
+                    },
+                );
+            }
         }
 
         for tile in &edge_tiles {
@@ -601,12 +629,23 @@ async fn sequence_entries<L: LogEntry>(
     // Load the current partial data tile, if any.
     let mut tile_uploads: Vec<UploadAction> = Vec::new();
     let mut edge_tiles = sequence_state.edge_tiles.clone();
-    let mut data_tile: Vec<u8> = Vec::new();
-    if let Some(t) = edge_tiles.get(&DATA_TILE_KEY) {
+    let mut data_tile = Vec::new();
+    if let Some(t) = edge_tiles.get(&DATA_TILE_LEVEL_KEY) {
         if t.tile.width() < TlogTile::FULL_WIDTH {
             data_tile.clone_from(&t.b);
         }
     }
+
+    // Load the current partial auxiliary tile, if configured.
+    let mut aux_tile = Vec::new();
+    if L::Pending::AUX_TILE_PATH.is_some() {
+        if let Some(t) = edge_tiles.get(&UNHASHED_TILE_LEVEL_KEY) {
+            if t.tile.width() < TlogTile::FULL_WIDTH {
+                aux_tile.clone_from(&t.b);
+            }
+        }
+    }
+
     let mut overlay = HashMap::new();
     let mut n = old_size;
     let mut sequenced_metadata = Vec::with_capacity(entries.len());
@@ -618,6 +657,11 @@ async fn sequence_entries<L: LogEntry>(
         cache_metadata.push((entry.lookup_key(), metadata));
         sequenced_metadata.push((sender, metadata));
 
+        // Write to the auxiliary tile, if configured.
+        if L::Pending::AUX_TILE_PATH.is_some() {
+            aux_tile.extend(entry.aux_entry());
+        }
+
         let sequenced_entry = L::new(entry, metadata);
         let tile_leaf = sequenced_entry.to_data_tile_entry();
         let merkle_tree_leaf = sequenced_entry.merkle_tree_leaf();
@@ -649,22 +693,33 @@ async fn sequence_entries<L: LogEntry>(
 
         // If the data tile is full, stage it.
         if n % u64::from(TlogTile::FULL_WIDTH) == 0 {
-            stage_data_tile(n, &mut edge_tiles, &mut tile_uploads, &data_tile);
             metrics
                 .seq_data_tile_size
                 .with_label_values(&["full"])
                 .observe(data_tile.len().as_f64());
-            data_tile.clear();
+            stage_data_tile::<L>(
+                n,
+                &mut edge_tiles,
+                &mut tile_uploads,
+                std::mem::take(&mut data_tile),
+                std::mem::take(&mut aux_tile),
+            );
         }
     }
 
     // Stage leftover partial data tile, if any.
     if n != old_size && n % u64::from(TlogTile::FULL_WIDTH) != 0 {
-        stage_data_tile(n, &mut edge_tiles, &mut tile_uploads, &data_tile);
         metrics
             .seq_data_tile_size
             .with_label_values(&["partial"])
             .observe(data_tile.len().as_f64());
+        stage_data_tile::<L>(
+            n,
+            &mut edge_tiles,
+            &mut tile_uploads,
+            std::mem::take(&mut data_tile),
+            std::mem::take(&mut aux_tile),
+        );
     }
 
     // Produce and stage new tree tiles.
@@ -815,28 +870,45 @@ async fn sequence_entries<L: LogEntry>(
     Ok(())
 }
 
-// Stage a data tile. This is used as a helper function for [`sequence_entries`].
-fn stage_data_tile(
+// Stage a data tile, and if configured an auxiliary tile.
+// This is used as a helper function for [`sequence_entries`].
+fn stage_data_tile<L: LogEntry>(
     n: u64,
     edge_tiles: &mut HashMap<u8, TileWithBytes>,
     tile_uploads: &mut Vec<UploadAction>,
-    data_tile: &[u8],
+    data_tile: Vec<u8>,
+    aux_tile: Vec<u8>,
 ) {
-    let mut tile = TlogTile::from_index(tlog_tiles::stored_hash_index(0, n - 1));
-    tile.set_data_with_path(PathElem::Data);
+    let tile = TlogTile::from_index(tlog_tiles::stored_hash_index(0, n - 1))
+        .with_data_path(L::Pending::DATA_TILE_PATH);
     edge_tiles.insert(
-        DATA_TILE_KEY,
+        DATA_TILE_LEVEL_KEY,
         TileWithBytes {
             tile,
-            b: data_tile.to_owned(),
+            b: data_tile.clone(),
         },
     );
-    let action = UploadAction {
+    tile_uploads.push(UploadAction {
         key: tile.path(),
-        data: data_tile.to_owned(),
+        data: data_tile,
         opts: OPTS_DATA_TILE.clone(),
-    };
-    tile_uploads.push(action);
+    });
+    if let Some(path_elem) = L::Pending::AUX_TILE_PATH {
+        let tile =
+            TlogTile::from_index(tlog_tiles::stored_hash_index(0, n - 1)).with_data_path(path_elem);
+        edge_tiles.insert(
+            UNHASHED_TILE_LEVEL_KEY,
+            TileWithBytes {
+                tile,
+                b: aux_tile.clone(),
+            },
+        );
+        tile_uploads.push(UploadAction {
+            key: tile.path(),
+            data: aux_tile,
+            opts: OPTS_DATA_TILE.clone(),
+        });
+    }
 }
 
 /// Applies previously-staged uploads to the object backend where contents can be retrieved by log clients.
@@ -2224,17 +2296,22 @@ mod tests {
             let leaf_hashes = read_tile_hashes(&self.object, c.size(), c.hash(), &indexes)
                 .map_err(|e| anyhow!(e))?;
 
-            let mut last_tile = TlogTile::from_index(tlog_tiles::stored_hash_count(c.size() - 1));
-            last_tile.set_data_with_path(PathElem::Data);
+            let last_tile = TlogTile::from_index(tlog_tiles::stored_hash_count(c.size() - 1))
+                .with_data_path(StaticCTPendingLogEntry::DATA_TILE_PATH);
 
             for n in 0..last_tile.level_index() {
                 let tile = if n == last_tile.level_index() {
                     last_tile
                 } else {
-                    TlogTile::new(0, n, TlogTile::FULL_WIDTH, Some(PathElem::Data))
+                    TlogTile::new(
+                        0,
+                        n,
+                        TlogTile::FULL_WIDTH,
+                        Some(StaticCTPendingLogEntry::DATA_TILE_PATH),
+                    )
                 };
                 for (i, entry) in TileIterator::<StaticCTLogEntry>::new(
-                    block_on(self.object.fetch(&tile.path()))
+                    &block_on(self.object.fetch(&tile.path()))
                         .map_err(|e| anyhow!(e))?
                         .unwrap(),
                     tile.width() as usize,