ctlog: fix a data race and expand sequencer tests

Author: FiloSottile

.github/workflows/test.yml

@@ -20,4 +20,6 @@ jobs:
           go-version-file: go.mod
           check-latest: true
       - name: Run tests
-        run: go test -race ./...
+        run: go test ./...
+      - name: Run tests (short + race)
+        run: go test -short -race ./...

internal/ctlog/ctlog.go

@@ -209,8 +209,9 @@ func (l *Log) sequencePool() error {
 		if n%tileWidth == 0 { // Data tile is full.
 			tile := tlog.TileForIndex(tileHeight, tlog.StoredHashIndex(0, n-1))
 			tile.L = -1
-			edgeTiles[-1] = tileWithBytes{tile, dataTile}
-			g.Go(func() error { return l.backend.Upload(gctx, tile.Path(), dataTile) })
+			data := dataTile
+			edgeTiles[-1] = tileWithBytes{tile, data}
+			g.Go(func() error { return l.backend.Upload(gctx, tile.Path(), data) })
 			dataTile = nil
 		}
 	}
@@ -269,13 +270,12 @@ func (l *Log) sequencePool() error {
 // signTreeHead signs the tree and returns a checkpoint according to
 // c2sp.org/checkpoint.
 func (l *Log) signTreeHead(tree tlog.Tree, timestamp int64) (checkpoint []byte, err error) {
-	sth := &ct.SignedTreeHead{
+	sthBytes, err := ct.SerializeSTHSignatureInput(ct.SignedTreeHead{
 		Version:        ct.V1,
 		TreeSize:       uint64(tree.N),
 		Timestamp:      uint64(timestamp),
 		SHA256RootHash: ct.SHA256Hash(tree.Hash),
-	}
-	sthBytes, err := ct.SerializeSTHSignatureInput(*sth)
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -342,7 +342,7 @@ func digitallySign(k crypto.Signer, msg []byte) ([]byte, error) {
 
 func (l *Log) hashReader(overlay map[int64]tlog.Hash) tlog.HashReaderFunc {
 	return func(indexes []int64) ([]tlog.Hash, error) {
-		var list []tlog.Hash
+		list := make([]tlog.Hash, 0, len(indexes))
 		for _, id := range indexes {
 			if h, ok := overlay[id]; ok {
 				list = append(list, h)

internal/ctlog/ctlog_test.go

@@ -2,18 +2,100 @@ package ctlog_test
 
 import (
 	"bytes"
+	"crypto/rand"
+	"flag"
+	mathrand "math/rand"
 	"testing"
+	"time"
 
 	"filippo.io/litetlog/internal/ctlog/cttest"
 )
 
-func TestSequencer(t *testing.T) {
+var longFlag = flag.Bool("long", false, "run especially slow tests")
+
+func TestSequenceOneLeaf(t *testing.T) {
 	tl := cttest.NewEmptyTestLog(t)
-	id := tl.Log.AddCertificate([]byte("AAA"))
+
+	n := int64(1024 + 2)
+	if *longFlag {
+		n *= 1024
+	}
+	if testing.Short() {
+		n = 3
+	}
+	for i := int64(0); i < n; i++ {
+		cert := make([]byte, mathrand.Intn(4)+1)
+		rand.Read(cert)
+
+		id := tl.Log.AddCertificate(cert)
+		fatalIfErr(t, tl.Log.Sequence())
+		if id := id(); id != i {
+			t.Errorf("got leaf index %d, expected %d", id, 0)
+		}
+
+		if !*longFlag {
+			tl.CheckLog()
+			// TODO: check leaf contents at index id.
+		}
+	}
+	tl.CheckLog()
+}
+
+func TestSequenceLargeLog(t *testing.T) {
+	if testing.Short() {
+		t.Skip()
+	}
+
+	tl := cttest.NewEmptyTestLog(t)
+	for i := 0; i < 5; i++ {
+		cert := make([]byte, mathrand.Intn(4)+1)
+		rand.Read(cert)
+		tl.Log.AddCertificate(cert)
+	}
 	fatalIfErr(t, tl.Log.Sequence())
-	if id := id(); id != 0 {
-		t.Errorf("got leaf index %d, expected %d", id, 0)
+	tl.CheckLog()
+
+	for i := 0; i < 500; i++ {
+		for i := 0; i < 3000; i++ {
+			cert := make([]byte, mathrand.Intn(4)+1)
+			rand.Read(cert)
+			tl.Log.AddCertificate(cert)
+		}
+		fatalIfErr(t, tl.Log.Sequence())
+	}
+	tl.CheckLog()
+}
+
+func TestSequenceEmptyPool(t *testing.T) {
+	sequenceTwice := func(tl *cttest.TestLog) {
+		fatalIfErr(t, tl.Log.Sequence())
+		t1 := tl.CheckLog()
+		time.Sleep(3 * time.Millisecond)
+		fatalIfErr(t, tl.Log.Sequence())
+		t2 := tl.CheckLog()
+		if t1 >= t2 {
+			t.Helper()
+			t.Error("time did not advance")
+		}
+	}
+	addCerts := func(tl *cttest.TestLog, n int) {
+		for i := 0; i < n; i++ {
+			cert := make([]byte, mathrand.Intn(1000)+1)
+			rand.Read(cert)
+			tl.Log.AddCertificate(cert)
+		}
 	}
+
+	tl := cttest.NewEmptyTestLog(t)
+	sequenceTwice(tl)
+	addCerts(tl, 5) // 5
+	sequenceTwice(tl)
+	addCerts(tl, 1024-5-1) // 1024 - 1
+	sequenceTwice(tl)
+	addCerts(tl, 1) // 1024
+	sequenceTwice(tl)
+	addCerts(tl, 1) // 1024 + 1
+	sequenceTwice(tl)
 }
 
 func fatalIfErr(t testing.TB, err error) {

internal/ctlog/cttest/cttest.go

@@ -5,16 +5,24 @@ import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
 	"sync"
 	"testing"
 
 	"filippo.io/litetlog/internal/ctlog"
+	"filippo.io/litetlog/internal/tlogx"
+	"golang.org/x/crypto/cryptobyte"
+	"golang.org/x/mod/sumdb/note"
+	"golang.org/x/mod/sumdb/tlog"
 )
 
 type TestLog struct {
 	Log     *ctlog.Log
 	Backend *MemoryBackend
 	Key     *ecdsa.PrivateKey
+	t       testing.TB
 }
 
 func NewEmptyTestLog(t testing.TB) *TestLog {
@@ -23,17 +31,141 @@ func NewEmptyTestLog(t testing.TB) *TestLog {
 	if err != nil {
 		t.Fatal(err)
 	}
+	k, err := x509.MarshalPKCS8PrivateKey(key)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Logf("ECDSA key: %s", pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: k}))
 	log, err := ctlog.NewLog("example.com/TestLog", key, backend)
 	if err != nil {
 		t.Fatal(err)
 	}
-	return &TestLog{
+	return &TestLog{t: t,
 		Log:     log,
 		Backend: backend,
 		Key:     key,
 	}
 }
 
+func (tl *TestLog) CheckLog() (sthTimestamp uint64) {
+	t := tl.t
+
+	sth, err := tl.Backend.Fetch(context.Background(), "sth")
+	fatalIfErr(t, err)
+	v, err := tlogx.NewRFC6962Verifier("example.com/TestLog", tl.Key.Public())
+	fatalIfErr(t, err)
+	v.Timestamp = func(t uint64) { sthTimestamp = t }
+	n, err := note.Open(sth, note.VerifierList(v))
+	fatalIfErr(t, err)
+	c, err := tlogx.ParseCheckpoint(n.Text)
+	fatalIfErr(t, err)
+
+	if c.Origin != "example.com/TestLog" {
+		t.Errorf("origin line is %q", c.Origin)
+	}
+	if c.Extension != "" {
+		t.Errorf("unexpected extension %q", c.Extension)
+	}
+
+	if c.N == 0 {
+		if c.Hash != (tlog.Hash{}) {
+			t.Error("empty log should have zero hash")
+		}
+		return
+	}
+
+	tree := tlog.Tree{N: c.N, Hash: c.Hash}
+	var indexes []int64
+	for n := int64(0); n < c.N; n++ {
+		indexes = append(indexes, tlog.StoredHashIndex(0, n))
+	}
+	// tlog.TileHashReader checks the inclusion of every hash in the provided
+	// tree, so this checks the validity of the whole Merkle tree.
+	leafHashes, err := tlog.TileHashReader(tree, (*tileReader)(tl)).ReadHashes(indexes)
+	fatalIfErr(t, err)
+
+	lastTile := tlog.TileForIndex(tileHeight, tlog.StoredHashIndex(0, c.N-1))
+	lastTile.L = -1
+	for n := int64(0); n <= lastTile.N; n++ {
+		tile := tlog.Tile{H: tileHeight, L: -1, N: n, W: tileWidth}
+		if n == lastTile.N {
+			tile = lastTile
+		}
+		b, err := tl.Backend.Fetch(context.Background(), tile.Path())
+		fatalIfErr(t, err)
+		s := cryptobyte.String(b)
+		for i := 0; i < tile.W; i++ {
+			start := len(b) - len(s)
+			var timestamp uint64
+			var entryType uint8
+			var cert, extensions []byte
+			if !s.ReadUint64(&timestamp) || !s.ReadUint8(&entryType) {
+				t.Fatalf("invalid data tile %v around index %d", tile, len(b)-len(s))
+			}
+			switch entryType {
+			case 0: // x509_entry
+				if !s.ReadUint24LengthPrefixed((*cryptobyte.String)(&cert)) {
+					t.Fatalf("invalid data tile %v around index %d", tile, len(b)-len(s))
+				}
+			case 1: // precert_entry
+				panic("unimplemented") // TODO
+			default:
+				t.Fatalf("invalid data tile %v: unknown type %d", tile, entryType)
+			}
+			if !s.ReadUint16LengthPrefixed((*cryptobyte.String)(&extensions)) {
+				t.Fatalf("invalid data tile %v around index %d", tile, len(b)-len(s))
+			}
+			end := len(b) - len(s)
+
+			idx := n*tileWidth + int64(i)
+			if timestamp > sthTimestamp {
+				t.Errorf("STH timestamp %d is before record %d timestamp %d", sthTimestamp, idx, timestamp)
+			}
+			got := tlog.RecordHash(append([]byte{0, 0}, b[start:end]...))
+			if exp := leafHashes[idx]; got != exp {
+				t.Errorf("tile leaf entry %d hashes to %v, level 0 hash is %v", idx, got, exp)
+			}
+		}
+		if !s.Empty() {
+			t.Errorf("invalid data tile %v: trailing data", tile)
+		}
+	}
+
+	return
+}
+
+const tileHeight = 10
+const tileWidth = 1 << tileHeight
+
+type tileReader TestLog
+
+func (r *tileReader) Height() int {
+	return tileHeight
+}
+
+func (r *tileReader) ReadTiles(tiles []tlog.Tile) (data [][]byte, err error) {
+	for _, t := range tiles {
+		b, err := r.Backend.Fetch(context.Background(), t.Path())
+		if err != nil {
+			return nil, err
+		}
+		data = append(data, b)
+	}
+	return data, nil
+}
+
+func (r *tileReader) SaveTiles(tiles []tlog.Tile, data [][]byte) {}
+
+type verifier struct {
+	name   string
+	hash   uint32
+	verify func(msg, sig []byte) bool
+}
+
+func (v *verifier) Name() string                { return v.name }
+func (v *verifier) KeyHash() uint32             { return v.hash }
+func (v *verifier) Verify(msg, sig []byte) bool { return v.verify(msg, sig) }
+
 type MemoryBackend struct {
 	t  testing.TB
 	mu sync.Mutex
@@ -47,6 +179,10 @@ func NewMemoryBackend(t testing.TB) *MemoryBackend {
 }
 
 func (b *MemoryBackend) Upload(ctx context.Context, key string, data []byte) error {
+	// TODO: check key format is expected.
+	if len(data) == 0 {
+		b.t.Errorf("uploaded key %q with empty data", key)
+	}
 	if err := ctx.Err(); err != nil {
 		return err
 	}
@@ -55,3 +191,23 @@ func (b *MemoryBackend) Upload(ctx context.Context, key string, data []byte) err
 	b.m[key] = data
 	return nil
 }
+
+func (b *MemoryBackend) Fetch(ctx context.Context, key string) ([]byte, error) {
+	if err := ctx.Err(); err != nil {
+		return nil, err
+	}
+	b.mu.Lock()
+	defer b.mu.Unlock()
+	data, ok := b.m[key]
+	if !ok {
+		return nil, fmt.Errorf("key %q not found", key)
+	}
+	return data, nil
+}
+
+func fatalIfErr(t testing.TB, err error) {
+	t.Helper()
+	if err != nil {
+		t.Fatal(err)
+	}
+}