ct: add LeafHashForLeaf entrypoint

Split up the ctutil.LeafHash() entrypoint to separate out the calculation of a hash from a leaf, as this chunk is independently useful.
rarimo · Mar 21, 2018 · 6d8e4dd · 6d8e4dd
1 parent 480c365
commit 6d8e4dd
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 9 deletions.
diff --git a/ctutil/ctutil.go b/ctutil/ctutil.go
@@ -78,15 +78,7 @@ func LeafHash(chain []*x509.Certificate, sct *ct.SignedCertificateTimestamp, emb
 	if err != nil {
 		return emptyHash, err
 	}
-
-	leafData, err := tls.Marshal(*leaf)
-	if err != nil {
-		return emptyHash, fmt.Errorf("error tls-encoding MerkleTreeLeaf: %s", err)
-	}
-
-	data := append([]byte{ct.TreeLeafPrefix}, leafData...)
-	leafHash := sha256.Sum256(data)
-	return leafHash, nil
+	return ct.LeafHashForLeaf(leaf)
 }
 
 // VerifySCT takes the public key of a Certificate Transparency Log, a

diff --git a/serialization.go b/serialization.go
@@ -225,6 +225,18 @@ func MerkleTreeLeafForEmbeddedSCT(chain []*x509.Certificate, timestamp uint64) (
 	}, nil
 }
 
+// LeafHashForLeaf returns the leaf hash for a Merkle tree leaf.
+func LeafHashForLeaf(leaf *MerkleTreeLeaf) ([sha256.Size]byte, error) {
+	leafData, err := tls.Marshal(*leaf)
+	if err != nil {
+		return [sha256.Size]byte{}, fmt.Errorf("failed to tls-encode MerkleTreeLeaf: %s", err)
+	}
+
+	data := append([]byte{TreeLeafPrefix}, leafData...)
+	leafHash := sha256.Sum256(data)
+	return leafHash, nil
+}
+
 // IsPreIssuer indicates whether a certificate is a pre-cert issuer with the specific
 // certificate transparency extended key usage.
 func IsPreIssuer(issuer *x509.Certificate) bool {