Skip to content

Commit a6c25cc

Browse files
Remove timestamp from checkpoint (#1888)
* Remove timestamp from checkpoint Fixes #1887. Verified that checkpoints are still verifiable with and without timestamps (since timestamps are just a part of the existing OtherContent, this is not a breaking change). Looking over all of the Sigstore org, no project is relying on the timestamp. Signed-off-by: Hayden Blauzvern <[email protected]> * Remove commented out line Signed-off-by: Hayden Blauzvern <[email protected]> --------- Signed-off-by: Hayden Blauzvern <[email protected]>
1 parent 81378f7 commit a6c25cc

File tree

3 files changed

+29
-33
lines changed

3 files changed

+29
-33
lines changed

cmd/rekor-cli/app/log_info.go

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,6 @@ import (
2222
"encoding/pem"
2323
"errors"
2424
"fmt"
25-
"time"
2625

2726
"github.com/go-openapi/swag"
2827
rclient "github.com/sigstore/rekor/pkg/generated/client"
@@ -45,21 +44,17 @@ type logInfoCmdOutput struct {
4544
ActiveTreeSize int64
4645
TotalTreeSize int64
4746
RootHash string
48-
TimestampNanos uint64
4947
TreeID string
5048
}
5149

5250
func (l *logInfoCmdOutput) String() string {
5351
// Verification is always successful if we return an object.
54-
ts := time.Unix(0, int64(l.TimestampNanos)).UTC().Format(time.RFC3339)
55-
5652
return fmt.Sprintf(`Verification Successful!
5753
Active Tree Size: %v
5854
Total Tree Size: %v
5955
Root Hash: %s
60-
Timestamp: %s
6156
TreeID: %s
62-
`, l.ActiveTreeSize, l.TotalTreeSize, l.RootHash, ts, l.TreeID)
57+
`, l.ActiveTreeSize, l.TotalTreeSize, l.RootHash, l.TreeID)
6358
}
6459

6560
// logInfoCmd represents the current information about the transparency log
@@ -105,7 +100,6 @@ var logInfoCmd = &cobra.Command{
105100
ActiveTreeSize: swag.Int64Value(logInfo.TreeSize),
106101
TotalTreeSize: totalTreeSize(logInfo, logInfo.InactiveShards),
107102
RootHash: swag.StringValue(logInfo.RootHash),
108-
TimestampNanos: sth.GetTimestamp(),
109103
TreeID: swag.StringValue(logInfo.TreeID),
110104
}
111105
return cmdOutput, nil

pkg/util/checkpoint.go

Lines changed: 0 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,6 @@ import (
2323
"fmt"
2424
"strconv"
2525
"strings"
26-
"time"
2726

2827
"github.com/sigstore/sigstore/pkg/signature"
2928
"github.com/sigstore/sigstore/pkg/signature/options"
@@ -145,27 +144,6 @@ func (r *SignedCheckpoint) UnmarshalText(data []byte) error {
145144
return nil
146145
}
147146

148-
func (r *SignedCheckpoint) SetTimestamp(timestamp uint64) {
149-
var ts uint64
150-
for i, val := range r.OtherContent {
151-
if n, _ := fmt.Fscanf(strings.NewReader(val), "Timestamp: %d", &ts); n == 1 {
152-
r.OtherContent = append(r.OtherContent[:i], r.OtherContent[i+1:]...)
153-
}
154-
}
155-
r.OtherContent = append(r.OtherContent, fmt.Sprintf("Timestamp: %d", timestamp))
156-
r.SignedNote = SignedNote{Note: string(r.Checkpoint.String())}
157-
}
158-
159-
func (r *SignedCheckpoint) GetTimestamp() uint64 {
160-
var ts uint64
161-
for _, val := range r.OtherContent {
162-
if n, _ := fmt.Fscanf(strings.NewReader(val), "Timestamp: %d", &ts); n == 1 {
163-
break
164-
}
165-
}
166-
return ts
167-
}
168-
169147
// CreateAndSignCheckpoint creates a signed checkpoint as a commitment to the current root hash
170148
func CreateAndSignCheckpoint(ctx context.Context, hostname string, treeID int64, treeSize uint64, rootHash []byte, signer signature.Signer) ([]byte, error) {
171149
sth, err := CreateSignedCheckpoint(Checkpoint{
@@ -176,7 +154,6 @@ func CreateAndSignCheckpoint(ctx context.Context, hostname string, treeID int64,
176154
if err != nil {
177155
return nil, fmt.Errorf("error creating checkpoint: %v", err)
178156
}
179-
sth.SetTimestamp(uint64(time.Now().UnixNano()))
180157
if _, err := sth.Sign(hostname, signer, options.WithContext(ctx)); err != nil {
181158
return nil, fmt.Errorf("error signing checkpoint: %v", err)
182159
}

pkg/util/checkpoint_test.go

Lines changed: 28 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,6 @@ import (
2727
"crypto/sha256"
2828
"fmt"
2929
"testing"
30-
"time"
3130

3231
"github.com/google/go-cmp/cmp"
3332
"github.com/sigstore/sigstore/pkg/signature"
@@ -225,6 +224,34 @@ func TestSigningRoundtripCheckpoint(t *testing.T) {
225224
wantSignErr: false,
226225
wantVerifyErr: false,
227226
},
227+
{
228+
c: Checkpoint{
229+
Origin: "Log Checkpoint With Timestamp",
230+
Size: 123,
231+
Hash: []byte("bananas"),
232+
OtherContent: []string{"Timestamp: 12345"},
233+
},
234+
identity: "someone",
235+
signer: edPrivKey,
236+
pubKey: edPubKey,
237+
opts: crypto.Hash(0),
238+
wantSignErr: false,
239+
wantVerifyErr: false,
240+
},
241+
{
242+
c: Checkpoint{
243+
Origin: "Log Checkpoint With Multiple Other Contents",
244+
Size: 123,
245+
Hash: []byte("bananas"),
246+
OtherContent: []string{"Timestamp: 12345", "Extra: Foo Bar"},
247+
},
248+
identity: "someone",
249+
signer: edPrivKey,
250+
pubKey: edPubKey,
251+
opts: crypto.Hash(0),
252+
wantSignErr: false,
253+
wantVerifyErr: false,
254+
},
228255
{
229256
c: Checkpoint{
230257
Origin: "Log Checkpoint Mismatch v0",
@@ -283,8 +310,6 @@ func TestSigningRoundtripCheckpoint(t *testing.T) {
283310
if err != nil {
284311
t.Fatalf("error creating signed checkpoint")
285312
}
286-
time := uint64(time.Now().UnixNano())
287-
sth.SetTimestamp(time)
288313
signer, _ := signature.LoadSigner(test.signer, crypto.SHA256)
289314
if _, ok := test.signer.(*rsa.PrivateKey); ok {
290315
signer, _ = signature.LoadRSAPSSSigner(test.signer.(*rsa.PrivateKey), crypto.SHA256, test.opts.(*rsa.PSSOptions))

0 commit comments

Comments
 (0)