From d8831a262e161cf6ea967e1c1a8d1da3988fe249 Mon Sep 17 00:00:00 2001 From: Gary Belvin Date: Thu, 23 Jan 2020 11:20:32 +0000 Subject: [PATCH] Remove objecthash dependency (#1441) The last use of object hash was used to pin the config in the gobindclient. Rather than hashing the config, future versions of the client should either build in a static config, or supply it direclty --- core/client/gobindclient/client.go | 22 +++------------------- go.mod | 1 - go.sum | 2 -- 3 files changed, 3 insertions(+), 22 deletions(-) diff --git a/core/client/gobindclient/client.go b/core/client/gobindclient/client.go index ebeee3373..c972404fe 100644 --- a/core/client/gobindclient/client.go +++ b/core/client/gobindclient/client.go @@ -17,7 +17,6 @@ package gobindclient import ( - "bytes" "context" "crypto/tls" "crypto/x509" @@ -32,7 +31,6 @@ import ( "github.com/google/keytransparency/core/client/tracker" "github.com/google/keytransparency/core/client/verifier" - "github.com/benlaurie/objecthash/go/objecthash" "google.golang.org/grpc" "google.golang.org/grpc/credentials" @@ -72,7 +70,7 @@ func SetTimeout(ms int32) { } // AddKtServer creates a new grpc client to handle connections to the ktURL server and adds it to the global map of clients. -func AddKtServer(ktURL string, insecureTLS bool, ktTLSCertPEM []byte, directoryInfoHash []byte) error { +func AddKtServer(ktURL string, insecureTLS bool, ktTLSCertPEM []byte) error { if _, exists := clients[ktURL]; exists { return fmt.Errorf("the KtServer connection for %v already exists", ktURL) } @@ -93,22 +91,8 @@ func AddKtServer(ktURL string, insecureTLS bool, ktTLSCertPEM []byte, directoryI return fmt.Errorf("error getting config: %v", err) } - if len(directoryInfoHash) == 0 { - Vlog.Print("Warning: no directoryInfoHash provided. Key material from the server will be trusted.") - } else { - cj, err := objecthash.CommonJSONify(config) - if err != nil { - return fmt.Errorf("commonJSONify(): %v", err) - } - got, err := objecthash.ObjectHash(cj) - if err != nil { - return fmt.Errorf("objectHash(): %v", err) - } - if !bytes.Equal(got[:], directoryInfoHash) { - return fmt.Errorf("server %v returned a directoryInfoResponse inconsistent with the provided directoryInfoHash", - ktURL) - } - } + // TODO(gbelvin): Supply the config externally so that it can be built into the client. + Vlog.Print("Warning: Key material from the server will be trusted.") client, err := client.NewFromConfig(ktClient, config, func(lv *tclient.LogVerifier) verifier.LogTracker { return tracker.NewSynchronous(lv) }, diff --git a/go.mod b/go.mod index 4545e10ff..206d3ae35 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,6 @@ require ( cloud.google.com/go/spanner v1.1.0 // indirect github.com/Masterminds/semver v1.5.0 // indirect github.com/Masterminds/sprig v2.22.0+incompatible // indirect - github.com/benlaurie/objecthash v0.0.0-20180202135721-d1e3d6079fc1 github.com/bombsimon/wsl v1.2.8 // indirect github.com/cespare/xxhash/v2 v2.1.1 // indirect github.com/coreos/etcd v3.3.17+incompatible // indirect diff --git a/go.sum b/go.sum index f21540cf9..18aad3a31 100644 --- a/go.sum +++ b/go.sum @@ -57,8 +57,6 @@ github.com/aws/aws-sdk-go v1.19.49 h1:GUlenK625g5iKrIiRcqRS/CvPMLc8kZRtMxXuXBhFx github.com/aws/aws-sdk-go v1.19.49/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.39 h1:1xxya3nsUaFlEZuoE5PWsIEd47RoDV/kkOGt0qEuwNw= github.com/aws/aws-sdk-go v1.25.39/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/benlaurie/objecthash v0.0.0-20180202135721-d1e3d6079fc1 h1:VRtJdDi2lqc3MFwmouppm2jlm6icF+7H3WYKpLENMTo= -github.com/benlaurie/objecthash v0.0.0-20180202135721-d1e3d6079fc1/go.mod h1:jvdWlw8vowVGnZqSDC7yhPd7AifQeQbRDkZcQXV2nRg= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0 h1:HWo1m869IqiPhD389kmkxeTalrjNbbJTC8LXupb+sl0= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=