6 files changed, 630 insertions, 0 deletions
diff --git a/internal/manager/helpers.go b/internal/manager/helpers.go
new file mode 100644
index 0000000..a9a2158
--- /dev/null
+++ b/internal/manager/helpers.go
@@ -0,0 +1,52 @@
+package manager
+
+import (
+	"crypto/sha256"
+	"encoding/base64"
+	"fmt"
+
+	ct "github.com/google/certificate-transparency-go"
+	"gitlab.torproject.org/rgdd/ct/pkg/metadata"
+	"rgdd.se/silent-ct/pkg/monitor"
+)
+
+func selectLogs(m metadata.Metadata) []monitor.MessageLogConfig {
+	var logs []monitor.MessageLogConfig
+	for _, operator := range m.Operators {
+		for _, log := range operator.Logs {
+			if log.State == nil {
+				continue // ignore logs without a state (should not happen)
+			}
+			if log.State.Name == metadata.LogStatePending {
+				continue // log is not yet relevant
+			}
+			if log.State.Name == metadata.LogStateRetired {
+				continue // log is not expected to be reachable
+			}
+			if log.State.Name == metadata.LogStateRejected {
+				continue // log is not expected to be reachable
+			}
+
+			// FIXME: remove me instead of hard coding Argon 2024
+			id, _ := log.Key.ID()
+			got := fmt.Sprintf("%s", base64.StdEncoding.EncodeToString(id[:]))
+			want := "7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZs="
+			if got != want {
+				continue
+			}
+
+			logs = append(logs, monitor.MessageLogConfig{
+				Metadata: log,
+				State: monitor.MonitorState{
+					LogState: monitor.LogState{ct.SignedTreeHead{
+						SHA256RootHash: [sha256.Size]byte{47, 66, 110, 15, 246, 154, 8, 100, 150, 140, 206, 208, 17, 57, 112, 116, 210, 3, 19, 55, 46, 63, 209, 12, 234, 130, 225, 124, 237, 2, 64, 228},
+						TreeSize:       610650601,
+						Timestamp:      1702108968538,
+					}},
+					NextIndex: 388452203,
+				},
+			})
+		}
+	}
+	return logs
+}
diff --git a/internal/manager/manager.go b/internal/manager/manager.go
new file mode 100644
index 0000000..2210c9b
--- /dev/null
+++ b/internal/manager/manager.go
@@ -0,0 +1,94 @@
+package manager
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"os"
+	"time"
+
+	"gitlab.torproject.org/rgdd/ct/pkg/metadata"
+	"rgdd.se/silent-ct/pkg/monitor"
+	"rgdd.se/silent-ct/pkg/server"
+)
+
+const (
+	DefaultStateDir                = "/home/rgdd/.local/share/silent-ct" // FIXME
+	DefaultMetadataRefreshInterval = 1 * time.Hour
+)
+
+type Config struct {
+	StateDir string
+	Nodes    server.Nodes
+
+	MetadataRefreshInterval time.Duration
+}
+
+type Manager struct {
+	Config
+}
+
+func New(cfg Config) (Manager, error) {
+	if cfg.StateDir == "" {
+		cfg.StateDir = DefaultStateDir
+	}
+	if cfg.MetadataRefreshInterval == 0 {
+		cfg.MetadataRefreshInterval = DefaultMetadataRefreshInterval
+	}
+	return Manager{Config: cfg}, nil
+}
+
+func (mgr *Manager) Run(ctx context.Context,
+	serverCh chan server.MessageNodeSubmission,
+	monitorCh chan monitor.MessageLogProgress,
+	configCh chan []monitor.MessageLogConfig,
+	errorCh chan error) error {
+
+	md, err := mgr.metadataRead()
+	if err != nil {
+		return fmt.Errorf("read metadata: %v\n", err)
+	}
+	configCh <- selectLogs(md)
+
+	ticker := time.NewTicker(mgr.MetadataRefreshInterval)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ctx.Done():
+			return nil
+		case <-ticker.C:
+			mu, err := mgr.metadataUpdate(ctx, md)
+			if err != nil {
+				continue
+			}
+			if mu.Version.Major <= md.Version.Major {
+				continue
+			}
+			md = mu
+			configCh <- selectLogs(md)
+		case ev := <-monitorCh:
+			fmt.Printf("DEBUG: received event from monitor with %d matches\n", len(ev.Matches))
+		case ev := <-serverCh:
+			fmt.Printf("DEBUG: received event from server\n: %v", ev)
+		case err := <-errorCh:
+			fmt.Printf("DEBUG: received error: %v\n", err)
+		}
+	}
+}
+
+func (mgr *Manager) metadataRead() (metadata.Metadata, error) {
+	b, err := os.ReadFile(mgr.StateDir + "/metadata.json")
+	if err != nil {
+		return metadata.Metadata{}, err
+	}
+	var md metadata.Metadata
+	if err := json.Unmarshal(b, &md); err != nil {
+		return metadata.Metadata{}, err
+	}
+	return md, nil
+}
+
+func (mgr *Manager) metadataUpdate(ctx context.Context, old metadata.Metadata) (metadata.Metadata, error) {
+	return metadata.Metadata{}, fmt.Errorf("TODO: update metadata")
+}
diff --git a/internal/merkle/TODO b/internal/merkle/TODO
new file mode 100644
index 0000000..46cc0cb
--- /dev/null
+++ b/internal/merkle/TODO
@@ -0,0 +1 @@
+Drop this package, fix the minor edit in upstream.
diff --git a/internal/merkle/compact.go b/internal/merkle/compact.go
new file mode 100644
index 0000000..6eeabd0
--- /dev/null
+++ b/internal/merkle/compact.go
@@ -0,0 +1,115 @@
+// BSD 2-Clause License
+//
+// Copyright (c) 2022, the ct authors
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+//  1. Redistributions of source code must retain the above copyright notice, this
+//     list of conditions and the following disclaimer.
+//
+//  2. Redistributions in binary form must reproduce the above copyright notice,
+//     this list of conditions and the following disclaimer in the documentation
+//     and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// From:
+// https://gitlab.torproject.org/rgdd/ct/-/tree/main/pkg/merkle
+//
+// The only difference is that leaf hashes rather than leaf data are passed as
+// input to TreeHeadFromRangeProof, thus also changing the nodes() helper.
+package merkle
+
+import (
+	"crypto/sha256"
+	"fmt"
+)
+
+// node represents a subtree at some level and a particular index
+type node struct {
+	index uint64
+	hash  [sha256.Size]byte
+}
+
+// nodes returns a list of consecutive leaf hashes
+func nodes(index uint64, leafHashes [][sha256.Size]byte) (n []node) {
+	for i, lh := range leafHashes {
+		n = append(n, node{index + uint64(i), lh})
+	}
+	return
+}
+
+// compactRange outputs the minimal number of fixed subtree hashes given a
+// non-empty list of consecutive leaves that start from a non-zero index.  For a
+// definition of this algorithm, see the end of ../../doc/tlog_algorithms.md.
+func compactRange(nodes []node) [][sha256.Size]byte {
+	// Step 1
+	var hashes [][sha256.Size]byte
+
+	// Step 2
+	for len(nodes) > 1 {
+		// Step 2a
+		if xor(nodes[1].index, 1) != nodes[0].index {
+			hashes = append(hashes, nodes[0].hash)
+			nodes = nodes[1:]
+		}
+
+		// Step 2b; Step 2c;        Step 2c(iii)
+		for i := 0; i < len(nodes); i++ {
+			// Step 2c(i)
+			if i+1 != len(nodes) {
+				nodes[i].hash = HashInteriorNode(nodes[i].hash, nodes[i+1].hash)
+				nodes = append(nodes[:i+1], nodes[i+2:]...)
+			}
+
+			// Step 2c(ii)
+			nodes[i].index = rshift(nodes[i].index)
+		}
+	}
+
+	// Step 3
+	return append(hashes, nodes[0].hash)
+}
+
+// TreeHeadFromRangeProof computes a tree head at size n=len(leafHashes)+index
+// if given a list of leaf hashes at indices index,...,n-1 as well as an
+// inclusion proof for the first leaf in the tree of size n.  This allows a
+// verifier to check inclusion of one or more log entries with a single
+// inclusion proof.
+func TreeHeadFromRangeProof(leafHashes [][sha256.Size]byte, index uint64, proof [][sha256.Size]byte) (root [sha256.Size]byte, err error) {
+	var cr [][sha256.Size]byte
+	confirmHash := func(h [sha256.Size]byte) error {
+		if h != cr[0] {
+			return fmt.Errorf("aborted due incorrect right-node subtree hash")
+		}
+		cr = cr[1:]
+		return nil
+	}
+	copyRoot := func(r [sha256.Size]byte) error {
+		root = r
+		return nil
+	}
+
+	if len(leafHashes) == 0 {
+		return [sha256.Size]byte{}, fmt.Errorf("need at least one leaf to recompute tree head from proof")
+	}
+	if len(leafHashes) > 1 {
+		cr = compactRange(nodes(index+1, leafHashes[1:]))
+	}
+	return root, inclusion(leafHashes[0], index, index+uint64(len(leafHashes)), proof, copyRoot, confirmHash)
+}
+
+func xor(a, b uint64) uint64 {
+	return a ^ b
+}
diff --git a/internal/merkle/merkle.go b/internal/merkle/merkle.go
new file mode 100644
index 0000000..872364f
--- /dev/null
+++ b/internal/merkle/merkle.go
@@ -0,0 +1,271 @@
+// BSD 2-Clause License
+//
+// Copyright (c) 2022, the ct authors
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+//  1. Redistributions of source code must retain the above copyright notice, this
+//     list of conditions and the following disclaimer.
+//
+//  2. Redistributions in binary form must reproduce the above copyright notice,
+//     this list of conditions and the following disclaimer in the documentation
+//     and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// From:
+// https://gitlab.torproject.org/rgdd/ct/-/tree/main/pkg/merkle
+package merkle
+
+import (
+	"crypto/sha256"
+	"fmt"
+)
+
+// HashEmptyTree computes the hash of an empty tree.  See RFC 6162, §2.1:
+//
+//	MTH({}) = SHA-256()
+func HashEmptyTree() [sha256.Size]byte {
+	return sha256.Sum256(nil)
+}
+
+// HashLeafNode computes the hash of a leaf's data.  See RFC 6162, §2.1:
+//
+//	MTH({d(0)}) = SHA-256(0x00 || d(0))
+func HashLeafNode(data []byte) (hash [sha256.Size]byte) {
+	h := sha256.New()
+	h.Write([]byte{0x00})
+	h.Write(data)
+	copy(hash[:], h.Sum(nil))
+	return
+}
+
+// HashInteriorNode computes the hash of an interior node.  See RFC 6962, §2.1:
+//
+//	MTH(D[n]) = SHA-256(0x01 || MTH(D[0:k]) || MTH(D[k:n])
+func HashInteriorNode(left, right [sha256.Size]byte) (hash [sha256.Size]byte) {
+	h := sha256.New()
+	h.Write([]byte{0x01})
+	h.Write(left[:])
+	h.Write(right[:])
+	copy(hash[:], h.Sum(nil))
+	return
+}
+
+// inclusion implements the algorithm specified in RFC 9162, Section 2.1.3.2.
+// In addition, the caller is allowed to confirm right-node subtree hashes.
+func inclusion(leaf [sha256.Size]byte, index, size uint64, proof [][sha256.Size]byte,
+	confirmRoot func([sha256.Size]byte) error, confirmHash func([sha256.Size]byte) error) error {
+	// Step 1
+	if index >= size {
+		return fmt.Errorf("leaf index must be in [%d, %d]", 0, size-1)
+	}
+
+	// Step 2
+	fn := index
+	sn := size - 1
+
+	// Step 3
+	r := leaf
+
+	// Step 4
+	for i, p := range proof {
+		// Step 4a
+		if sn == 0 {
+			return fmt.Errorf("reached tree head with %d remaining proof hash(es)", len(proof[i:]))
+		}
+
+		// Step 4b
+		if isLSB(fn) || fn == sn {
+			// Step 4b, i
+			r = HashInteriorNode(p, r)
+
+			// Step 4b, ii
+			if !isLSB(fn) {
+				for {
+					fn = rshift(fn)
+					sn = rshift(sn)
+
+					if isLSB(fn) || fn == 0 {
+						break
+					}
+				}
+			}
+		} else {
+			// Step 4b, i
+			r = HashInteriorNode(r, p)
+
+			// Extension: allow the caller to confirm right-node subtree hashes
+			if err := confirmHash(p); err != nil {
+				return fmt.Errorf("subtree index %d: %v", fn, err)
+			}
+		}
+
+		// Step 4c
+		fn = rshift(fn)
+		sn = rshift(sn)
+	}
+
+	// Step 5
+	if sn != 0 {
+		return fmt.Errorf("stopped at subtree with index %d due to missing proof hashes", fn)
+	}
+	return confirmRoot(r)
+}
+
+// consistency implements the algorithm specified in RFC 9162, §2.1.4.2
+func consistency(oldSize, newSize uint64, oldRoot, newRoot [sha256.Size]byte, proof [][sha256.Size]byte) error {
+	// Step 1
+	if len(proof) == 0 {
+		return fmt.Errorf("need at least one proof hash")
+	}
+
+	// Step 2
+	if isPOW2(oldSize) {
+		proof = append([][sha256.Size]byte{oldRoot}, proof...)
+	}
+
+	// Step 3
+	fn := oldSize - 1
+	sn := newSize - 1
+
+	// Step 4
+	for isLSB(fn) {
+		fn = rshift(fn)
+		sn = rshift(sn)
+	}
+
+	// Step 5
+	fr := proof[0]
+	sr := proof[0]
+
+	// Step 6
+	for i, c := range proof[1:] {
+		// Step 6a
+		if sn == 0 {
+			return fmt.Errorf("reached tree head with %d remaining proof hash(es)", len(proof[i+1:]))
+		}
+
+		// Step 6b
+		if isLSB(fn) || fn == sn {
+			// Step 6b, i
+			fr = HashInteriorNode(c, fr)
+			// Step 6b, ii
+			sr = HashInteriorNode(c, sr)
+			// Step 6b, iii
+			if !isLSB(fn) {
+				for {
+					fn = rshift(fn)
+					sn = rshift(sn)
+
+					if isLSB(fn) || fn == 0 {
+						break
+					}
+				}
+			}
+		} else {
+			// Step 6b, i
+			sr = HashInteriorNode(sr, c)
+		}
+
+		// Step 6c
+		fn = rshift(fn)
+		sn = rshift(sn)
+	}
+
+	// Step 7
+	if sn != 0 {
+		return fmt.Errorf("stopped at subtree with index %d due to missing proof hashes", fn)
+	}
+	if fr != oldRoot {
+		return fmt.Errorf("recomputed old tree head %x is not equal to reference tree head %x", fr[:], oldRoot[:])
+	}
+	if sr != newRoot {
+		return fmt.Errorf("recomputed new tree head %x is not equal to reference tree head %x", sr[:], newRoot[:])
+	}
+	return nil
+}
+
+// VerifyInclusion verifies that a leaf's data is commited at a given index in a
+// reference tree
+func VerifyInclusion(data []byte, index, size uint64, root [sha256.Size]byte, proof [][sha256.Size]byte) error {
+	if size == 0 {
+		return fmt.Errorf("tree size must be larger than zero")
+	}
+
+	confirmHash := func(h [sha256.Size]byte) error { return nil } // No compact range extension
+	confirmRoot := func(r [sha256.Size]byte) error {
+		if r != root {
+			return fmt.Errorf("recomputed tree head %x is not equal to reference tree head %x", r[:], root[:])
+		}
+		return nil
+	}
+	return inclusion(HashLeafNode(data), index, size, proof, confirmRoot, confirmHash)
+}
+
+// VerifyConsistency verifies that an an old tree is consistent with a new tree
+func VerifyConsistency(oldSize, newSize uint64, oldRoot, newRoot [sha256.Size]byte, proof [][sha256.Size]byte) error {
+	checkTree := func(size uint64, root [sha256.Size]byte) error {
+		if size == 0 {
+			if root != HashEmptyTree() {
+				return fmt.Errorf("non-empty tree head %x for size zero", root[:])
+			}
+			if len(proof) != 0 {
+				return fmt.Errorf("non-empty proof with %d hashes for size zero", len(proof))
+			}
+		} else if root == HashEmptyTree() {
+			return fmt.Errorf("empty tree head %x for tree size %d", root[:], size)
+		}
+		return nil
+	}
+
+	if err := checkTree(oldSize, oldRoot); err != nil {
+		return fmt.Errorf("old: %v", err)
+	}
+	if err := checkTree(newSize, newRoot); err != nil {
+		return fmt.Errorf("new: %v", err)
+	}
+	if oldSize == 0 {
+		return nil
+	}
+
+	if oldSize == newSize {
+		if oldRoot != newRoot {
+			return fmt.Errorf("different tree heads %x and %x with equal tree size %d", oldRoot, newRoot, oldSize)
+		}
+		if len(proof) != 0 {
+			return fmt.Errorf("non-empty proof with %d hashes for equal tree size %d", len(proof), oldSize)
+		}
+		return nil
+	}
+	if oldSize > newSize {
+		return fmt.Errorf("old tree size %d must be smaller than or equal to the new tree size %d", oldSize, newSize)
+	}
+
+	return consistency(oldSize, newSize, oldRoot, newRoot, proof)
+}
+
+// isLSB returns true if the least significant bit of num is set
+func isLSB(num uint64) bool {
+	return (num & 1) != 0
+}
+
+// isPOW2 returns true if num is a power of two (1, 2, 4, 8, ...)
+func isPOW2(num uint64) bool {
+	return (num & (num - 1)) == 0
+}
+
+func rshift(num uint64) uint64 {
+	return num >> 1
+}
diff --git a/internal/options/options.go b/internal/options/options.go
new file mode 100644
index 0000000..3e253c5
--- /dev/null
+++ b/internal/options/options.go
@@ -0,0 +1,97 @@
+package options
+
+import (
+	"encoding/json"
+	"flag"
+	"fmt"
+	"os"
+
+	"rgdd.se/silent-ct/internal/manager"
+	"rgdd.se/silent-ct/pkg/monitor"
+	"rgdd.se/silent-ct/pkg/server"
+)
+
+const usage = `Usage:
+
+  silent-ct [Options]
+
+Options:
+
+  -h, --help:      Output usage message and exit
+  -c, --config:    Path to a configuration file (Default: %s)
+  -l, --listen:    Listen address to receive submission on (Default: %s)
+  -s, --state:     Path to a directory where state is stored (Default: %s)
+
+Example configuration file:
+
+  {
+    "monitor": [
+      {
+        "wildcard": "example.org",
+        "excludes": [
+          "test"
+        ]
+      }
+    ],
+    "nodes": [
+      {
+        "name": "node_a",
+        "secret": "aaaa",
+        "issues": [
+          "example.org",
+          "www.example.org"
+        ]
+      }
+    ]
+  }
+
+`
+
+// Options are command-line options the user can specify
+type Options struct {
+	ListenAddr string
+	ConfigFile string
+	StateDir   string
+}
+
+func New(cmd string, args []string) (opts Options, err error) {
+	fs := flag.NewFlagSet(cmd, flag.ContinueOnError)
+	fs.Usage = func() {
+		fmt.Fprintf(os.Stderr, usage, server.DefaultConfigFile, server.DefaultAddress, manager.DefaultStateDir)
+	}
+	stringOpt(fs, &opts.ConfigFile, "config", "c", server.DefaultConfigFile)
+	stringOpt(fs, &opts.ListenAddr, "listen", "l", server.DefaultAddress)
+	stringOpt(fs, &opts.StateDir, "state", "s", manager.DefaultStateDir)
+	if err = fs.Parse(args); err != nil {
+		return opts, err
+	}
+
+	if opts.ConfigFile == "" {
+		return opts, fmt.Errorf("-c, --config: must not be an empty string")
+	}
+	if opts.StateDir == "" {
+		return opts, fmt.Errorf("-s, --state: must not be an empty string")
+	}
+	if opts.ListenAddr == "" {
+		return opts, fmt.Errorf("-l, --listen: must not be an empty string")
+	}
+	return opts, err
+}
+
+func stringOpt(fs *flag.FlagSet, opt *string, short, long, value string) {
+	fs.StringVar(opt, short, value, "")
+	fs.StringVar(opt, long, value, "")
+}
+
+type Config struct {
+	Monitor monitor.MatchWildcards `json:"monitor"`
+	Nodes   server.Nodes           `json:"nodes"`
+}
+
+func (c *Config) FromFile(fileName string) error {
+	b, err := os.ReadFile(fileName)
+	if err != nil {
+		return err
+	}
+	return json.Unmarshal(b, c)
+}