go: make TimestampedEntry hold pointers

In preparation for using TLS encoding; exactly one of the pointers
should be non-nil.

Also rename the JSON variant to align with the other two options, and
to use a struct.

client/logclient.go

@@ -173,7 +173,7 @@ func (c *LogClient) VerifySCTSignature(sct ct.SignedCertificateTimestamp, ctype
 		TimestampedEntry: ct.TimestampedEntry{
 			Timestamp:  sct.Timestamp,
 			EntryType:  ctype,
-			X509Entry:  certData[0],
+			X509Entry:  &certData[0],
 			Extensions: sct.Extensions}}
 	entry := ct.LogEntry{Leaf: leaf}
 	return c.Verifier.VerifySCTSignature(sct, entry)

serialization.go

@@ -140,18 +140,21 @@ func ReadTimestampedEntryInto(r io.Reader, t *TimestampedEntry) error {
 	}
 	switch t.EntryType {
 	case X509LogEntryType:
+		t.X509Entry = &ASN1Cert{}
 		if t.X509Entry.Data, err = readVarBytes(r, CertificateLengthBytes); err != nil {
 			return err
 		}
 	case PrecertLogEntryType:
+		t.PrecertEntry = &PreCert{}
 		if err := binary.Read(r, binary.BigEndian, &t.PrecertEntry.IssuerKeyHash); err != nil {
 			return err
 		}
 		if t.PrecertEntry.TBSCertificate, err = readVarBytes(r, PreCertificateLengthBytes); err != nil {
 			return err
 		}
 	case XJSONLogEntryType:
-		if t.JSONData, err = readVarBytes(r, JSONLengthBytes); err != nil {
+		t.JSONEntry = &JSONDataEntry{}
+		if t.JSONEntry.Data, err = readVarBytes(r, JSONLengthBytes); err != nil {
 			return err
 		}
 	default:
@@ -186,7 +189,7 @@ func SerializeTimestampedEntry(w io.Writer, t *TimestampedEntry) error {
 		// TODO: Pending google/certificate-transparency#1243, replace
 		// with ObjectHash once supported by CT server.
 		//jsonhash := objecthash.CommonJSONHash(string(t.JSONData))
-		if err := writeVarBytes(w, []byte(t.JSONData), JSONLengthBytes); err != nil {
+		if err := writeVarBytes(w, []byte(t.JSONEntry.Data), JSONLengthBytes); err != nil {
 			return err
 		}
 	default:
@@ -360,13 +363,13 @@ func serializeV1SCTSignatureInput(sct SignedCertificateTimestamp, entry LogEntry
 	}
 	switch entry.Leaf.TimestampedEntry.EntryType {
 	case X509LogEntryType:
-		return serializeV1CertSCTSignatureInput(sct.Timestamp, entry.Leaf.TimestampedEntry.X509Entry, entry.Leaf.TimestampedEntry.Extensions)
+		return serializeV1CertSCTSignatureInput(sct.Timestamp, *entry.Leaf.TimestampedEntry.X509Entry, entry.Leaf.TimestampedEntry.Extensions)
 	case PrecertLogEntryType:
 		return serializeV1PrecertSCTSignatureInput(sct.Timestamp, entry.Leaf.TimestampedEntry.PrecertEntry.IssuerKeyHash,
 			entry.Leaf.TimestampedEntry.PrecertEntry.TBSCertificate,
 			entry.Leaf.TimestampedEntry.Extensions)
 	case XJSONLogEntryType:
-		return serializeV1JSONSCTSignatureInput(sct.Timestamp, entry.Leaf.TimestampedEntry.JSONData)
+		return serializeV1JSONSCTSignatureInput(sct.Timestamp, entry.Leaf.TimestampedEntry.JSONEntry.Data)
 	default:
 		return nil, fmt.Errorf("unknown TimestampedEntryLeafType %s", entry.Leaf.TimestampedEntry.EntryType)
 	}
@@ -617,7 +620,7 @@ func CreateX509MerkleTreeLeaf(cert ASN1Cert, timestamp uint64) *MerkleTreeLeaf {
 		TimestampedEntry: TimestampedEntry{
 			Timestamp: timestamp,
 			EntryType: X509LogEntryType,
-			X509Entry: cert,
+			X509Entry: &cert,
 		},
 	}
 }
@@ -643,7 +646,7 @@ func CreateJSONMerkleTreeLeaf(data interface{}, timestamp uint64) *MerkleTreeLea
 		TimestampedEntry: TimestampedEntry{
 			Timestamp: timestamp,
 			EntryType: XJSONLogEntryType,
-			JSONData:  []byte(jsonStr),
+			JSONEntry: &JSONDataEntry{Data: []byte(jsonStr)},
 		},
 	}
 }

serialization_test.go

@@ -297,7 +297,7 @@ func defaultCertificateLogEntry() LogEntry {
 			TimestampedEntry: TimestampedEntry{
 				Timestamp: defaultSCTTimestamp,
 				EntryType: X509LogEntryType,
-				X509Entry: ASN1Cert{Data: defaultCertificate()},
+				X509Entry: &ASN1Cert{Data: defaultCertificate()},
 			},
 		},
 	}
@@ -330,7 +330,7 @@ func defaultPrecertLogEntry() LogEntry {
 			TimestampedEntry: TimestampedEntry{
 				Timestamp: defaultSCTTimestamp,
 				EntryType: PrecertLogEntryType,
-				PrecertEntry: PreCert{
+				PrecertEntry: &PreCert{
 					IssuerKeyHash:  defaultPrecertIssuerHash(),
 					TBSCertificate: defaultPrecertTBS(),
 				},

signatures_test.go

@@ -195,7 +195,7 @@ func sigTestCertLogEntry(t *testing.T) LogEntry {
 			TimestampedEntry: TimestampedEntry{
 				Timestamp: sigTestSCTTimestamp,
 				EntryType: X509LogEntryType,
-				X509Entry: ASN1Cert{Data: mustDehex(t, sigTestDERCertString)},
+				X509Entry: &ASN1Cert{Data: mustDehex(t, sigTestDERCertString)},
 			},
 		},
 	}

types.go

@@ -300,11 +300,11 @@ func (s SignedCertificateTimestamp) String() string {
 // TimestampedEntry is part of the MerkleTreeLeaf structure; see section 3.4.
 type TimestampedEntry struct {
 	Timestamp    uint64
-	EntryType    LogEntryType
-	X509Entry    ASN1Cert
-	JSONData     []byte
-	PrecertEntry PreCert
-	Extensions   CTExtensions
+	EntryType    LogEntryType   `tls:"maxval:65535"`
+	X509Entry    *ASN1Cert      `tls:"selector:EntryType,val:0"`
+	PrecertEntry *PreCert       `tls:"selector:EntryType,val:1"`
+	JSONEntry    *JSONDataEntry `tls:"selector:EntryType,val:32768"`
+	Extensions   CTExtensions   `tls:"minlen:0,maxlen:65535"`
 }
 
 // MerkleTreeLeaf represents the deserialized structure of the hash input for the