Serverless client inclusion command output not easy to use

[arai-fortanix]

If you want to externally verify a log inclusion proof, you need several pieces of information:

• tree size
• node index
• tree root hash
• array of node hashes
• hash or node contents of the node whose inclusion is being verified
• optionally, the log signature and witness signature(s)

The client inclusion command does make all of this information available, but it is not all in one place, and it is not in a format that is machine readable.

The hashes can be written to a file with the output_inclusion_proof option. This output has one hash per line, encoded with base64. So this information is machine-readable. However, it's not possible to use these hashes to do anything without the other information listed above.

The client inclusion command does output the tree size, the node index and the tree hash, but this is only available from the log output of the command, and is not in a format which is machine readable. Here is one example:

I1019 10:19:47.236496   30779 client.go:182] Local log state cache disabled
I1019 10:19:47.238259   30779 client.go:269] Leaf "leaf00009" found at index 9
I1019 10:19:47.238668   30779 client.go:298] Inclusion verified under checkpoint:
enclave-transparency-test
10
WpYbjsezEfgQanMdAKR4HYlHezFB8iYnG7z6JZ6VXAs=

Note that I could not find any current way to get client inclusion to output the signatures. It does verify the signatures, but external tooling might want to verify the signatures itself and not rely on the client command doing the signature verification.

It would be much easier for external tooling if the client inclusion command had the option to output all of the needed information in a single file in machine-readable format, such as JSON. The client program already has all of the needed information, it's just not outputting them in a way that's convenient for other programs to consume.

I can work on adding this output.