Server: publish verification data on v1/domain/info

cmd/keytransparency-server/main.go

@@ -193,12 +193,14 @@ func main() {
 
 	// Connect to map server.
 	var tmap trillian.TrillianMapClient
+	var tadmin trillian.TrillianAdminClient
 	if *mapURL != "" {
 		mconn, err := grpc.Dial(*mapURL, grpc.WithInsecure())
 		if err != nil {
 			glog.Exitf("grpc.Dial(%v): %v", *mapURL, err)
 		}
 		tmap = trillian.NewTrillianMapClient(mconn)
+		tadmin = trillian.NewTrillianAdminClient(mconn)
 	} else {
 		// Create an in-process readonly mapserver.
 		tmap, err = newReadonlyMapServer(context.Background(), *mapID, sqldb, factory)
@@ -208,7 +210,7 @@ func main() {
 	}
 
 	// Create gRPC server.
-	svr := keyserver.New(*logID, tlog, *mapID, tmap, commitments,
+	svr := keyserver.New(*logID, tlog, *mapID, tmap, tadmin, commitments,
 		vrfPriv, mutator, auth, authz, factory, mutations)
 	grpcServer := grpc.NewServer(
 		grpc.Creds(creds),

core/crypto/vrf/p256/p256.go

@@ -221,6 +221,22 @@ func NewVRFSigner(key *ecdsa.PrivateKey) (*PrivateKey, error) {
 	return &PrivateKey{key}, nil
 }
 
+// Public returns the corresponding public key as bytes.
+func (k PrivateKey) Public() ([]byte, error) {
+	// Copied from: core/crypto/signatures/p256/ecdsa_p256.go
+	pkBytes, err := x509.MarshalPKIXPublicKey(&k.PublicKey)
+	if err != nil {
+		return nil, err
+	}
+	pkPEM := pem.EncodeToMemory(
+		&pem.Block{
+			Type:  "PUBLIC KEY",
+			Bytes: pkBytes,
+		},
+	)
+	return pkPEM, nil
+}
+
 // NewVRFVerifier creates a verifier object from a public key.
 func NewVRFVerifier(pubkey *ecdsa.PublicKey) (*PublicKey, error) {
 	if *(pubkey.Params()) != *curve.Params() {

core/crypto/vrf/vrf.go

@@ -30,6 +30,8 @@ import (
 type PrivateKey interface {
 	// Evaluate returns the output of H(f_k(m)) and its proof.
 	Evaluate(m []byte) (index [32]byte, proof []byte)
+	// Public returns the corresponding public key as bytes.
+	Public() ([]byte, error)
 }
 
 // PublicKey supports verifying output from the VRF function.

core/keyserver/keyserver.go

@@ -32,6 +32,7 @@ import (
 	authzpb "github.com/google/keytransparency/core/proto/authorization"
 	tpb "github.com/google/keytransparency/core/proto/keytransparency_v1_types"
 	"github.com/google/trillian"
+	"github.com/google/trillian/crypto/keyspb"
 )
 
 const (
@@ -51,6 +52,7 @@ type Server struct {
 	tlog      trillian.TrillianLogClient
 	mapID     int64
 	tmap      trillian.TrillianMapClient
+	tadmin    trillian.TrillianAdminClient
 	committer commitments.Committer
 	auth      authentication.Authenticator
 	authz     authorization.Authorization
@@ -65,6 +67,7 @@ func New(logID int64,
 	tlog trillian.TrillianLogClient,
 	mapID int64,
 	tmap trillian.TrillianMapClient,
+	tadmin trillian.TrillianAdminClient,
 	committer commitments.Committer,
 	vrf vrf.PrivateKey,
 	mutator mutator.Mutator,
@@ -77,6 +80,7 @@ func New(logID int64,
 		tlog:      tlog,
 		mapID:     mapID,
 		tmap:      tmap,
+		tadmin:    tadmin,
 		committer: committer,
 		vrf:       vrf,
 		mutator:   mutator,
@@ -319,6 +323,39 @@ func (s *Server) UpdateEntry(ctx context.Context, in *tpb.UpdateEntryRequest) (*
 	return &tpb.UpdateEntryResponse{Proof: resp}, nil
 }
 
+// GetDomainInfo returns all info tied to the specified domain.
+//
+// This API to get all necessary data needed to verify a particular
+// key-server. Data contains for instance the tree-info, like for instance the
+// log-/map-id and the corresponding public-keys.
+func (s *Server) GetDomainInfo(ctx context.Context, in *tpb.GetDomainInfoRequest) (*tpb.GetDomainInfoResponse, error) {
+	logTree, err := s.tadmin.GetTree(ctx, &trillian.GetTreeRequest{
+		TreeId: s.logID,
+	})
+	if err != nil {
+		return nil, err
+	}
+	mapTree, err := s.tadmin.GetTree(ctx, &trillian.GetTreeRequest{
+		TreeId: s.mapID,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	vrfPub, err := s.vrf.Public()
+	if err != nil {
+		return nil, err
+	}
+
+	return &tpb.GetDomainInfoResponse{
+		Log: logTree,
+		Map: mapTree,
+		Vrf: &keyspb.PublicKey{
+			Der: vrfPub,
+		},
+	}, nil
+}
+
 func (s *Server) saveCommitment(ctx context.Context, kv *tpb.KeyValue, committed *tpb.Committed) error {
 	entry := new(tpb.Entry)
 	if err := proto.Unmarshal(kv.Value, entry); err != nil {

core/keyserver/keyserver_test.go

@@ -70,8 +70,9 @@ func TestListEntryHistory(t *testing.T) {
 		sths := &fakeSequenced{make([][]byte, 0)}
 		mapsvr := mapserver.NewReadonly(mapID, tree, fakeFactory{}, sths)
 		tlog := fake.NewFakeTrillianLogClient()
+		tadmin := trillian.NewTrillianAdminClient(nil)
 
-		srv := New(logID, tlog, mapID, mapsvr, c, fakePrivateKey{}, fakeMutator{},
+		srv := New(logID, tlog, mapID, mapsvr, tadmin, c, fakePrivateKey{}, fakeMutator{},
 			authentication.NewFake(), fakeAuthz{}, fakeFactory{}, fakeMutation{})
 		if err := addProfiles(profileCount, c, tree, sths); err != nil {
 			t.Fatalf("addProfile(%v, _, _, _)=%v", profileCount, err)
@@ -196,6 +197,8 @@ type fakePrivateKey struct{}
 
 func (fakePrivateKey) Evaluate(m []byte) ([32]byte, []byte) { return [32]byte{}, nil }
 
+func (fakePrivateKey) Public() ([]byte, error) { return []byte{}, nil }
+
 // mutator.Mutator fake.
 type fakeMutator struct{}