Align MTC support closer to spec (#57)

* Add support for MTC's initial log entry

In MTCs, the certificate serial number is its index in the log. Since
X.509 serial numbers must be non-zero, MTCs adds an initial 'null_entry'
at index 0 to help avoid off-by-one errors in consumers of the log.

* Add support for parsing the log ID as a ObjectIdentifier

This is not compatibile with the current MTC draft which uses RELATIVE-OID, but will do until RustCrypto/formats#1875 is handled.

* Rename Signature -> NoteSignature to avoid naming conflicts

* Clean up config

* Update wrangler KV and R2 resources for MTC dev deploy
* Re-enable wasm-opt (see cloudflare/workers-rs#767)

* Add cosignature support

Add support for cosignature/v1 signatures from tlog-cosignature
Add support for subtree_signatures from current MTC draft.  This is
  currently limited to signing checkpoints but not arbitrary subtrees.

Other changes (hopefully improvements):
- Consolidate signed_note error types into NoteError
- Add new() functions for Ed25519NoteSigner/Verifier to avoid needing to go through text format
- Add KeyName wrapper around string that enforces that key names are valid according to signed_note spec
- Move Ed25519 signer/verifier to separate file in signed_note
- Add enum for signed_note signature types

* Make kv_namespaces optional when enable_dedup = false

Previously, when enable_dedup was set to false, entries were still written to the long-term deduplication cache in KV. Now, deduplication is skipped entirely.

* Document how to reset a targeted dev log without needing to clear DO storage and R2

Author: lukevalenta

Cargo.lock

@@ -49,6 +49,7 @@ jsonschema = "0.30"
 length_prefixed = { path = "crates/length_prefixed" }
 libfuzzer-sys = "0.4"
 log = { version = "0.4" }
+mtc_api = { version = "0.2.0", path = "crates/mtc_api" }
 p256 = { version = "0.13", features = ["ecdsa"] }
 parking_lot = "0.12"
 prometheus = "0.14"

Cargo.toml

@@ -18,10 +18,6 @@ release = false
 [package.metadata.wasm-pack.profile.dev.wasm-bindgen]
 dwarf-debug-info = true
 
-# https://github.com/rustwasm/wasm-pack/issues/1247
-[package.metadata.wasm-pack.profile.release]
-wasm-opt = false
-
 [lib]
 crate-type = ["cdylib"]
 
@@ -56,6 +52,7 @@ serde_json.workspace = true
 serde_with.workspace = true
 sha2.workspace = true
 static_ct_api.workspace = true
+signed_note.workspace = true
 tlog_tiles.workspace = true
 worker.workspace = true
 x509-verify.workspace = true

crates/ct_worker/Cargo.toml

@@ -107,7 +107,7 @@
                         "enable_dedup": {
                             "type": "boolean",
                             "default": true,
-                            "description": "Enables checking the deduplication cache for add-(pre-)chain requests. Can be disabled for tests and benchmarks."
+                            "description": "Enables checking the deduplication cache for add-(pre-)chain requests. Can be disabled for tests and benchmarks. If disabled, `kv_namespaces` can be omitted from `wrangler.jsonc`."
                         }
                     },
                     "required": [

crates/ct_worker/config.schema.json

@@ -31,7 +31,11 @@ impl DurableObject for Batcher {
                 false
             })
             .expect("unable to find batcher name");
-        let kv = load_cache_kv(&env, name).unwrap();
+        let kv = if params.enable_dedup {
+            Some(load_cache_kv(&env, name).unwrap())
+        } else {
+            None
+        };
         let sequencer = get_durable_object_stub(
             &env,
             name,

crates/ct_worker/src/batcher_do.rs

@@ -214,13 +214,16 @@ async fn add_chain_or_pre_chain(
     let signing_key = load_signing_key(env, name)?;
 
     // Check if entry is cached and return right away if so.
-    let kv = load_cache_kv(env, name)?;
-    if let Some(metadata) = get_cached_metadata(&kv, &pending_entry, params.enable_dedup).await? {
-        debug!("{name}: Entry is cached");
-        let entry = StaticCTLogEntry::new(pending_entry, metadata);
-        let sct = static_ct_api::signed_certificate_timestamp(signing_key, &entry)
-            .map_err(|e| e.to_string())?;
-        return Response::from_json(&sct);
+    if params.enable_dedup {
+        if let Some(metadata) =
+            get_cached_metadata(&load_cache_kv(env, name)?, &pending_entry).await?
+        {
+            debug!("{name}: Entry is cached");
+            let entry = StaticCTLogEntry::new(pending_entry, metadata);
+            let sct = static_ct_api::signed_certificate_timestamp(signing_key, &entry)
+                .map_err(|e| e.to_string())?;
+            return Response::from_json(&sct);
+        }
     }
 
     // Entry is not cached, so we need to sequence it.
@@ -272,10 +275,10 @@ async fn add_chain_or_pre_chain(
         return Ok(response);
     }
     let metadata = response.json::<SequenceMetadata>().await?;
-    if params.num_batchers == 0 {
+    if params.num_batchers == 0 && params.enable_dedup {
         // Write sequenced entry to the long-term deduplication cache in Workers
         // KV as there are no batchers configured to do it for us.
-        if put_cache_entry_metadata(&kv, &pending_entry, metadata)
+        if put_cache_entry_metadata(&load_cache_kv(env, name)?, &pending_entry, metadata)
             .await
             .is_err()
         {

crates/ct_worker/src/frontend_worker.rs

@@ -8,6 +8,7 @@ use std::time::Duration;
 use crate::{load_signing_key, load_witness_key, CONFIG};
 use generic_log_worker::{load_public_bucket, GenericSequencer, SequencerConfig};
 use prometheus::Registry;
+use signed_note::KeyName;
 use static_ct_api::{StaticCTCheckpointSigner, StaticCTLogEntry};
 use tlog_tiles::{CheckpointSigner, Ed25519CheckpointSigner};
 #[allow(clippy::wildcard_imports)]
@@ -31,11 +32,15 @@ impl DurableObject for Sequencer {
 
         // https://github.com/C2SP/C2SP/blob/main/static-ct-api.md#checkpoints
         // The origin line MUST be the submission prefix of the log as a schema-less URL with no trailing slashes.
-        let origin = params
-            .submission_url
-            .trim_start_matches("http://")
-            .trim_start_matches("https://")
-            .trim_end_matches('/');
+        let origin = KeyName::new(
+            params
+                .submission_url
+                .trim_start_matches("http://")
+                .trim_start_matches("https://")
+                .trim_end_matches('/')
+                .to_string(),
+        )
+        .expect("invalid origin name");
         let sequence_interval = Duration::from_millis(params.sequence_interval_millis);
 
         // We don't use checkpoint extensions for CT
@@ -46,10 +51,10 @@ impl DurableObject for Sequencer {
             let witness_key = load_witness_key(&env, name).unwrap().clone();
 
             // Make the checkpoint signers from the secret keys and put them in a vec
-            let signer = StaticCTCheckpointSigner::new(origin, signing_key)
+            let signer = StaticCTCheckpointSigner::new(origin.clone(), signing_key)
                 .map_err(|e| format!("could not create static-ct checkpoint signer: {e}"))
                 .unwrap();
-            let witness = Ed25519CheckpointSigner::new(origin, witness_key)
+            let witness = Ed25519CheckpointSigner::new(origin.clone(), witness_key)
                 .map_err(|e| format!("could not create ed25519 checkpoint signer: {e}"))
                 .unwrap();
 
@@ -60,7 +65,7 @@ impl DurableObject for Sequencer {
 
         let config = SequencerConfig {
             name: name.to_string(),
-            origin: origin.to_string(),
+            origin,
             checkpoint_signers,
             checkpoint_extension,
             sequence_interval,

crates/ct_worker/src/sequencer_do.rs

@@ -21,7 +21,7 @@ use worker::*;
 
 pub struct GenericBatcher<E: PendingLogEntry> {
     config: BatcherConfig,
-    kv: KvStore,
+    kv: Option<KvStore>,
     sequencer: Stub,
     batch: Batch<E>,
     in_flight: usize,
@@ -54,7 +54,7 @@ impl<E: PendingLogEntry> Default for Batch<E> {
 
 impl<E: PendingLogEntry> GenericBatcher<E> {
     /// Returns a new batcher with the given config.
-    pub fn new(config: BatcherConfig, kv: KvStore, sequencer: Stub) -> Self {
+    pub fn new(config: BatcherConfig, kv: Option<KvStore>, sequencer: Stub) -> Self {
         Self {
             config,
             kv,
@@ -190,17 +190,18 @@ impl<E: PendingLogEntry> GenericBatcher<E> {
         batch.done.send_modify(|v| v.clone_from(&sequenced_entries));
 
         // Write sequenced entries to the long-term deduplication cache in Workers KV.
-        let futures = sequenced_entries
-            .into_iter()
-            .map(|(k, v)| {
-                Ok(self
-                    .kv
-                    .put(&BASE64_STANDARD.encode(k), "")?
-                    .metadata::<SequenceMetadata>(v)?
-                    .execute())
-            })
-            .collect::<Result<Vec<_>>>()?;
-        join_all(futures).await;
+        if let Some(kv) = &self.kv {
+            let futures = sequenced_entries
+                .into_iter()
+                .map(|(k, v)| {
+                    Ok(kv
+                        .put(&BASE64_STANDARD.encode(k), "")?
+                        .metadata::<SequenceMetadata>(v)?
+                        .execute())
+                })
+                .collect::<Result<Vec<_>>>()?;
+            join_all(futures).await;
+        }
         Ok(())
     }
 }

crates/generic_log_worker/src/batcher_do.rs

@@ -111,21 +111,16 @@ pub fn load_cache_kv(env: &Env, name: &str) -> Result<kv::KvStore> {
 pub async fn get_cached_metadata(
     kv: &KvStore,
     pending: &impl PendingLogEntry,
-    enable_dedup: bool,
 ) -> Result<Option<SequenceMetadata>> {
-    if enable_dedup {
-        let lookup_key = pending.lookup_key();
-
-        // Query the cache and return the entry metadata if it exists
-        let metadata_opt = kv
-            .get(&BASE64_STANDARD.encode(lookup_key))
-            .bytes_with_metadata::<SequenceMetadata>()
-            .await?
-            .1;
-        Ok(metadata_opt)
-    } else {
-        Ok(None)
-    }
+    let lookup_key = pending.lookup_key();
+
+    // Query the cache and return the entry metadata if it exists
+    let metadata_opt = kv
+        .get(&BASE64_STANDARD.encode(lookup_key))
+        .bytes_with_metadata::<SequenceMetadata>()
+        .await?
+        .1;
+    Ok(metadata_opt)
 }
 
 /// Makes an empty entry in the dedup cache with `pending.lookup_key()` as the