Remove timestamp from checkpoint

Fixes #1887. Verified that checkpoints are still verifiable with and without timestamps (since timestamps are just a part of the existing OtherContent, this is not a breaking change). Looking over all of the Sigstore org, no project is relying on the timestamp. Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
sigstore · Dec 7, 2023 · 6adb729 · 6adb729
1 parent c4257b3
commit 6adb729
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 33 deletions.
diff --git a/cmd/rekor-cli/app/log_info.go b/cmd/rekor-cli/app/log_info.go
@@ -22,7 +22,6 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
-	"time"
 
 	"github.com/go-openapi/swag"
 	rclient "github.com/sigstore/rekor/pkg/generated/client"
@@ -45,21 +44,17 @@ type logInfoCmdOutput struct {
 	ActiveTreeSize int64
 	TotalTreeSize  int64
 	RootHash       string
-	TimestampNanos uint64
 	TreeID         string
 }
 
 func (l *logInfoCmdOutput) String() string {
 	// Verification is always successful if we return an object.
-	ts := time.Unix(0, int64(l.TimestampNanos)).UTC().Format(time.RFC3339)
-
 	return fmt.Sprintf(`Verification Successful!
 Active Tree Size:       %v
 Total Tree Size:        %v
 Root Hash:              %s
-Timestamp:              %s
 TreeID:                 %s
-`, l.ActiveTreeSize, l.TotalTreeSize, l.RootHash, ts, l.TreeID)
+`, l.ActiveTreeSize, l.TotalTreeSize, l.RootHash, l.TreeID)
 }
 
 // logInfoCmd represents the current information about the transparency log
@@ -105,7 +100,6 @@ var logInfoCmd = &cobra.Command{
 			ActiveTreeSize: swag.Int64Value(logInfo.TreeSize),
 			TotalTreeSize:  totalTreeSize(logInfo, logInfo.InactiveShards),
 			RootHash:       swag.StringValue(logInfo.RootHash),
-			TimestampNanos: sth.GetTimestamp(),
 			TreeID:         swag.StringValue(logInfo.TreeID),
 		}
 		return cmdOutput, nil

diff --git a/pkg/util/checkpoint.go b/pkg/util/checkpoint.go
@@ -23,7 +23,6 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
-	"time"
 
 	"github.com/sigstore/sigstore/pkg/signature"
 	"github.com/sigstore/sigstore/pkg/signature/options"
@@ -145,27 +144,6 @@ func (r *SignedCheckpoint) UnmarshalText(data []byte) error {
 	return nil
 }
 
-func (r *SignedCheckpoint) SetTimestamp(timestamp uint64) {
-	var ts uint64
-	for i, val := range r.OtherContent {
-		if n, _ := fmt.Fscanf(strings.NewReader(val), "Timestamp: %d", &ts); n == 1 {
-			r.OtherContent = append(r.OtherContent[:i], r.OtherContent[i+1:]...)
-		}
-	}
-	r.OtherContent = append(r.OtherContent, fmt.Sprintf("Timestamp: %d", timestamp))
-	r.SignedNote = SignedNote{Note: string(r.Checkpoint.String())}
-}
-
-func (r *SignedCheckpoint) GetTimestamp() uint64 {
-	var ts uint64
-	for _, val := range r.OtherContent {
-		if n, _ := fmt.Fscanf(strings.NewReader(val), "Timestamp: %d", &ts); n == 1 {
-			break
-		}
-	}
-	return ts
-}
-
 // CreateAndSignCheckpoint creates a signed checkpoint as a commitment to the current root hash
 func CreateAndSignCheckpoint(ctx context.Context, hostname string, treeID int64, treeSize uint64, rootHash []byte, signer signature.Signer) ([]byte, error) {
 	sth, err := CreateSignedCheckpoint(Checkpoint{
@@ -176,7 +154,6 @@ func CreateAndSignCheckpoint(ctx context.Context, hostname string, treeID int64,
 	if err != nil {
 		return nil, fmt.Errorf("error creating checkpoint: %v", err)
 	}
-	sth.SetTimestamp(uint64(time.Now().UnixNano()))
 	if _, err := sth.Sign(hostname, signer, options.WithContext(ctx)); err != nil {
 		return nil, fmt.Errorf("error signing checkpoint: %v", err)
 	}

diff --git a/pkg/util/checkpoint_test.go b/pkg/util/checkpoint_test.go
@@ -27,7 +27,6 @@ import (
 	"crypto/sha256"
 	"fmt"
 	"testing"
-	"time"
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/sigstore/sigstore/pkg/signature"
@@ -225,6 +224,34 @@ func TestSigningRoundtripCheckpoint(t *testing.T) {
 			wantSignErr:   false,
 			wantVerifyErr: false,
 		},
+		{
+			c: Checkpoint{
+				Origin:       "Log Checkpoint With Timestamp",
+				Size:         123,
+				Hash:         []byte("bananas"),
+				OtherContent: []string{"Timestamp: 12345"},
+			},
+			identity:      "someone",
+			signer:        edPrivKey,
+			pubKey:        edPubKey,
+			opts:          crypto.Hash(0),
+			wantSignErr:   false,
+			wantVerifyErr: false,
+		},
+		{
+			c: Checkpoint{
+				Origin:       "Log Checkpoint With Multiple Other Contents",
+				Size:         123,
+				Hash:         []byte("bananas"),
+				OtherContent: []string{"Timestamp: 12345", "Extra: Foo Bar"},
+			},
+			identity:      "someone",
+			signer:        edPrivKey,
+			pubKey:        edPubKey,
+			opts:          crypto.Hash(0),
+			wantSignErr:   false,
+			wantVerifyErr: false,
+		},
 		{
 			c: Checkpoint{
 				Origin: "Log Checkpoint Mismatch v0",
@@ -283,8 +310,8 @@ func TestSigningRoundtripCheckpoint(t *testing.T) {
 			if err != nil {
 				t.Fatalf("error creating signed checkpoint")
 			}
-			time := uint64(time.Now().UnixNano())
-			sth.SetTimestamp(time)
+			// time := uint64(time.Now().UnixNano())
+			// sth.SetTimestamp(time)
 			signer, _ := signature.LoadSigner(test.signer, crypto.SHA256)
 			if _, ok := test.signer.(*rsa.PrivateKey); ok {
 				signer, _ = signature.LoadRSAPSSSigner(test.signer.(*rsa.PrivateKey), crypto.SHA256, test.opts.(*rsa.PSSOptions))