cmd/go: add internal/note, internal/sumweb, internal/tlog from golang.org/x/exp/sumdb

Copied and updated import paths. Eventually we will probably publish these packages somewhere in golang.org/x (as non-internal packages) and then we will be able to vendor them properly. For now, copy. sumweb.globsMatchPath moved to str.GlobsMatchPath. Change-Id: I4585e6dc5daa423e4ca9669195d41e58e7c8c275 Reviewed-on: https://go-review.googlesource.com/c/go/+/173950Reviewed-by: Jay Conrod <jayconrod@google.com>

cmd/go: add internal/note, internal/sumweb, internal/tlog from golang.org/x/exp/sumdb
Copied and updated import paths. Eventually we will probably publish these packages somewhere in golang.org/x (as non-internal packages) and then we will be able to vendor them properly. For now, copy. sumweb.globsMatchPath moved to str.GlobsMatchPath. Change-Id: I4585e6dc5daa423e4ca9669195d41e58e7c8c275 Reviewed-on: https://go-review.googlesource.com/c/go/+/173950Reviewed-by: Jay Conrod <jayconrod@google.com>
511484af · Russ Cox · 3cafbeab · 511484af · 511484af · 511484af
Commit 511484af authored Apr 25, 2019 by Russ Cox
17 changed files
--- a/src/cmd/go/internal/note/example_test.go
+++ b/src/cmd/go/internal/note/example_test.go
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package note_test
+
+import (
+	"fmt"
+	"io"
+	"os"
+
+	"cmd/go/internal/note"
+)
+
+func ExampleSign() {
+	skey := "PRIVATE+KEY+PeterNeumann+c74f20a3+AYEKFALVFGyNhPJEMzD1QIDr+Y7hfZx09iUvxdXHKDFz"
+	text := "If you think cryptography is the answer to your problem,\n" +
+		"then you don't know what your problem is.\n"
+
+	signer, err := note.NewSigner(skey)
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	msg, err := note.Sign(&note.Note{Text: text}, signer)
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+	os.Stdout.Write(msg)
+
+	// Output:
+	// If you think cryptography is the answer to your problem,
+	// then you don't know what your problem is.
+	//
+	// — PeterNeumann x08go/ZJkuBS9UG/SffcvIAQxVBtiFupLLr8pAcElZInNIuGUgYN1FFYC2pZSNXgKvqfqdngotpRZb6KE6RyyBwJnAM=
+}
+
+func ExampleOpen() {
+	vkey := "PeterNeumann+c74f20a3+ARpc2QcUPDhMQegwxbzhKqiBfsVkmqq/LDE4izWy10TW"
+	msg := []byte("If you think cryptography is the answer to your problem,\n" +
+		"then you don't know what your problem is.\n" +
+		"\n" +
+		"— PeterNeumann x08go/ZJkuBS9UG/SffcvIAQxVBtiFupLLr8pAcElZInNIuGUgYN1FFYC2pZSNXgKvqfqdngotpRZb6KE6RyyBwJnAM=\n")
+
+	verifier, err := note.NewVerifier(vkey)
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+	verifiers := note.VerifierList(verifier)
+
+	n, err := note.Open(msg, verifiers)
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+	fmt.Printf("%s (%08x):\n%s", n.Sigs[0].Name, n.Sigs[0].Hash, n.Text)
+
+	// Output:
+	// PeterNeumann (c74f20a3):
+	// If you think cryptography is the answer to your problem,
+	// then you don't know what your problem is.
+}
+
+var rand = struct {
+	Reader io.Reader
+}{
+	zeroReader{},
+}
+
+type zeroReader struct{}
+
+func (zeroReader) Read(buf []byte) (int, error) {
+	for i := range buf {
+		buf[i] = 0
+	}
+	return len(buf), nil
+}
+
+func ExampleSign_add_signatures() {
+	vkey := "PeterNeumann+c74f20a3+ARpc2QcUPDhMQegwxbzhKqiBfsVkmqq/LDE4izWy10TW"
+	msg := []byte("If you think cryptography is the answer to your problem,\n" +
+		"then you don't know what your problem is.\n" +
+		"\n" +
+		"— PeterNeumann x08go/ZJkuBS9UG/SffcvIAQxVBtiFupLLr8pAcElZInNIuGUgYN1FFYC2pZSNXgKvqfqdngotpRZb6KE6RyyBwJnAM=\n")
+
+	verifier, err := note.NewVerifier(vkey)
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+	verifiers := note.VerifierList(verifier)
+
+	n, err := note.Open([]byte(msg), verifiers)
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	skey, vkey, err := note.GenerateKey(rand.Reader, "EnochRoot")
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+	_ = vkey // give to verifiers
+
+	me, err := note.NewSigner(skey)
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	msg, err = note.Sign(n, me)
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+	os.Stdout.Write(msg)
+
+	// Output:
+	// If you think cryptography is the answer to your problem,
+	// then you don't know what your problem is.
+	//
+	// — PeterNeumann x08go/ZJkuBS9UG/SffcvIAQxVBtiFupLLr8pAcElZInNIuGUgYN1FFYC2pZSNXgKvqfqdngotpRZb6KE6RyyBwJnAM=
+	// — EnochRoot rwz+eBzmZa0SO3NbfRGzPCpDckykFXSdeX+MNtCOXm2/5n2tiOHp+vAF1aGrQ5ovTG01oOTGwnWLox33WWd1RvMc+QQ=
+}
--- a/src/cmd/go/internal/note/note.go
+++ b/src/cmd/go/internal/note/note.go
--- a/src/cmd/go/internal/note/note_test.go
+++ b/src/cmd/go/internal/note/note_test.go
--- a/src/cmd/go/internal/str/path.go
+++ b/src/cmd/go/internal/str/path.go
@@ -5,6 +5,7 @@
 package str

 import (
+	"path"
 	"path/filepath"
 	"strings"
 )
@@ -49,3 +50,47 @@ func HasFilePathPrefix(s, prefix string) bool {
 		return s[len(prefix)] == filepath.Separator && s[:len(prefix)] == prefix
 	}
 }
+
+// GlobsMatchPath reports whether any path prefix of target
+// matches one of the glob patterns (as defined by path.Match)
+// in the comma-separated globs list.
+// It ignores any empty or malformed patterns in the list.
+func GlobsMatchPath(globs, target string) bool {
+	for globs != "" {
+		// Extract next non-empty glob in comma-separated list.
+		var glob string
+		if i := strings.Index(globs, ","); i >= 0 {
+			glob, globs = globs[:i], globs[i+1:]
+		} else {
+			glob, globs = globs, ""
+		}
+		if glob == "" {
+			continue
+		}
+
+		// A glob with N+1 path elements (N slashes) needs to be matched
+		// against the first N+1 path elements of target,
+		// which end just before the N+1'th slash.
+		n := strings.Count(glob, "/")
+		prefix := target
+		// Walk target, counting slashes, truncating at the N+1'th slash.
+		for i := 0; i < len(target); i++ {
+			if target[i] == '/' {
+				if n == 0 {
+					prefix = target[:i]
+					break
+				}
+				n--
+			}
+		}
+		if n > 0 {
+			// Not enough prefix elements.
+			continue
+		}
+		matched, _ := path.Match(glob, prefix)
+		if matched {
+			return true
+		}
+	}
+	return false
+}
--- a/src/cmd/go/internal/sumweb/cache.go
+++ b/src/cmd/go/internal/sumweb/cache.go
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Parallel cache.
+// This file is copied from cmd/go/internal/par.
+
+package sumweb
+
+import (
+	"sync"
+	"sync/atomic"
+)
+
+// parCache runs an action once per key and caches the result.
+type parCache struct {
+	m sync.Map
+}
+
+type cacheEntry struct {
+	done   uint32
+	mu     sync.Mutex
+	result interface{}
+}
+
+// Do calls the function f if and only if Do is being called for the first time with this key.
+// No call to Do with a given key returns until the one call to f returns.
+// Do returns the value returned by the one call to f.
+func (c *parCache) Do(key interface{}, f func() interface{}) interface{} {
+	entryIface, ok := c.m.Load(key)
+	if !ok {
+		entryIface, _ = c.m.LoadOrStore(key, new(cacheEntry))
+	}
+	e := entryIface.(*cacheEntry)
+	if atomic.LoadUint32(&e.done) == 0 {
+		e.mu.Lock()
+		if atomic.LoadUint32(&e.done) == 0 {
+			e.result = f()
+			atomic.StoreUint32(&e.done, 1)
+		}
+		e.mu.Unlock()
+	}
+	return e.result
+}
+
+// Get returns the cached result associated with key.
+// It returns nil if there is no such result.
+// If the result for key is being computed, Get does not wait for the computation to finish.
+func (c *parCache) Get(key interface{}) interface{} {
+	entryIface, ok := c.m.Load(key)
+	if !ok {
+		return nil
+	}
+	e := entryIface.(*cacheEntry)
+	if atomic.LoadUint32(&e.done) == 0 {
+		return nil
+	}
+	return e.result
+}
--- a/src/cmd/go/internal/sumweb/client.go
+++ b/src/cmd/go/internal/sumweb/client.go
--- a/src/cmd/go/internal/sumweb/client_test.go
+++ b/src/cmd/go/internal/sumweb/client_test.go
--- a/src/cmd/go/internal/sumweb/encode.go
+++ b/src/cmd/go/internal/sumweb/encode.go
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// FS-safe encoding of module paths and versions.
+// Copied from cmd/go/internal/module and unexported.
+
+package sumweb
+
+import (
+	"fmt"
+	"unicode/utf8"
+)
+
+// Safe encodings
+//
+// Module paths appear as substrings of file system paths
+// (in the download cache) and of web server URLs in the proxy protocol.
+// In general we cannot rely on file systems to be case-sensitive,
+// nor can we rely on web servers, since they read from file systems.
+// That is, we cannot rely on the file system to keep rsc.io/QUOTE
+// and rsc.io/quote separate. Windows and macOS don't.
+// Instead, we must never require two different casings of a file path.
+// Because we want the download cache to match the proxy protocol,
+// and because we want the proxy protocol to be possible to serve
+// from a tree of static files (which might be stored on a case-insensitive
+// file system), the proxy protocol must never require two different casings
+// of a URL path either.
+//
+// One possibility would be to make the safe encoding be the lowercase
+// hexadecimal encoding of the actual path bytes. This would avoid ever
+// needing different casings of a file path, but it would be fairly illegible
+// to most programmers when those paths appeared in the file system
+// (including in file paths in compiler errors and stack traces)
+// in web server logs, and so on. Instead, we want a safe encoding that
+// leaves most paths unaltered.
+//
+// The safe encoding is this:
+// replace every uppercase letter with an exclamation mark
+// followed by the letter's lowercase equivalent.
+//
+// For example,
+// github.com/Azure/azure-sdk-for-go ->  github.com/!azure/azure-sdk-for-go.
+// github.com/GoogleCloudPlatform/cloudsql-proxy -> github.com/!google!cloud!platform/cloudsql-proxy
+// github.com/Sirupsen/logrus -> github.com/!sirupsen/logrus.
+//
+// Import paths that avoid upper-case letters are left unchanged.
+// Note that because import paths are ASCII-only and avoid various
+// problematic punctuation (like : < and >), the safe encoding is also ASCII-only
+// and avoids the same problematic punctuation.
+//
+// Import paths have never allowed exclamation marks, so there is no
+// need to define how to encode a literal !.
+//
+// Although paths are disallowed from using Unicode (see pathOK above),
+// the eventual plan is to allow Unicode letters as well, to assume that
+// file systems and URLs are Unicode-safe (storing UTF-8), and apply
+// the !-for-uppercase convention. Note however that not all runes that
+// are different but case-fold equivalent are an upper/lower pair.
+// For example, U+004B ('K'), U+006B ('k'), and U+212A ('K' for Kelvin)
+// are considered to case-fold to each other. When we do add Unicode
+// letters, we must not assume that upper/lower are the only case-equivalent pairs.
+// Perhaps the Kelvin symbol would be disallowed entirely, for example.
+// Or perhaps it would encode as "!!k", or perhaps as "(212A)".
+//
+// Also, it would be nice to allow Unicode marks as well as letters,
+// but marks include combining marks, and then we must deal not
+// only with case folding but also normalization: both U+00E9 ('é')
+// and U+0065 U+0301 ('e' followed by combining acute accent)
+// look the same on the page and are treated by some file systems
+// as the same path. If we do allow Unicode marks in paths, there
+// must be some kind of normalization to allow only one canonical
+// encoding of any character used in an import path.
+
+// encodePath returns the safe encoding of the given module path.
+// It fails if the module path is invalid.
+func encodePath(path string) (encoding string, err error) {
+	return encodeString(path)
+}
+
+// encodeVersion returns the safe encoding of the given module version.
+// Versions are allowed to be in non-semver form but must be valid file names
+// and not contain exclamation marks.
+func encodeVersion(v string) (encoding string, err error) {
+	return encodeString(v)
+}
+
+func encodeString(s string) (encoding string, err error) {
+	haveUpper := false
+	for _, r := range s {
+		if r == '!' || r >= utf8.RuneSelf {
+			// This should be disallowed by CheckPath, but diagnose anyway.
+			// The correctness of the encoding loop below depends on it.
+			return "", fmt.Errorf("internal error: inconsistency in EncodePath")
+		}
+		if 'A' <= r && r <= 'Z' {
+			haveUpper = true
+		}
+	}
+
+	if !haveUpper {
+		return s, nil
+	}
+
+	var buf []byte
+	for _, r := range s {
+		if 'A' <= r && r <= 'Z' {
+			buf = append(buf, '!', byte(r+'a'-'A'))
+		} else {
+			buf = append(buf, byte(r))
+		}
+	}
+	return string(buf), nil
+}
+
+// decodePath returns the module path of the given safe encoding.
+// It fails if the encoding is invalid or encodes an invalid path.
+func decodePath(encoding string) (path string, err error) {
+	path, ok := decodeString(encoding)
+	if !ok {
+		return "", fmt.Errorf("invalid module path encoding %q", encoding)
+	}
+	return path, nil
+}
+
+// decodeVersion returns the version string for the given safe encoding.
+// It fails if the encoding is invalid or encodes an invalid version.
+// Versions are allowed to be in non-semver form but must be valid file names
+// and not contain exclamation marks.
+func decodeVersion(encoding string) (v string, err error) {
+	v, ok := decodeString(encoding)
+	if !ok {
+		return "", fmt.Errorf("invalid version encoding %q", encoding)
+	}
+	return v, nil
+}
+
+func decodeString(encoding string) (string, bool) {
+	var buf []byte
+
+	bang := false
+	for _, r := range encoding {
+		if r >= utf8.RuneSelf {
+			return "", false
+		}
+		if bang {
+			bang = false
+			if r < 'a' || 'z' < r {
+				return "", false
+			}
+			buf = append(buf, byte(r+'A'-'a'))
+			continue
+		}
+		if r == '!' {
+			bang = true
+			continue
+		}
+		if 'A' <= r && r <= 'Z' {
+			return "", false
+		}
+		buf = append(buf, byte(r))
+	}
+	if bang {
+		return "", false
+	}
+	return string(buf), true
+}
--- a/src/cmd/go/internal/sumweb/encode_test.go
+++ b/src/cmd/go/internal/sumweb/encode_test.go
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package sumweb
+
+import "testing"
+
+var encodeTests = []struct {
+	path string
+	enc  string // empty means same as path
+}{
+	{path: "ascii.com/abcdefghijklmnopqrstuvwxyz.-+/~_0123456789"},
+	{path: "github.com/GoogleCloudPlatform/omega", enc: "github.com/!google!cloud!platform/omega"},
+}
+
+func TestEncodePath(t *testing.T) {
+	// Check encodings.
+	for _, tt := range encodeTests {
+		enc, err := encodePath(tt.path)
+		if err != nil {
+			t.Errorf("encodePath(%q): unexpected error: %v", tt.path, err)
+			continue
+		}
+		want := tt.enc
+		if want == "" {
+			want = tt.path
+		}
+		if enc != want {
+			t.Errorf("encodePath(%q) = %q, want %q", tt.path, enc, want)
+		}
+	}
+}
+
+var badDecode = []string{
+	"github.com/GoogleCloudPlatform/omega",
+	"github.com/!google!cloud!platform!/omega",
+	"github.com/!0google!cloud!platform/omega",
+	"github.com/!_google!cloud!platform/omega",
+	"github.com/!!google!cloud!platform/omega",
+}
+
+func TestDecodePath(t *testing.T) {
+	// Check invalid decodings.
+	for _, bad := range badDecode {
+		_, err := decodePath(bad)
+		if err == nil {
+			t.Errorf("DecodePath(%q): succeeded, want error (invalid decoding)", bad)
+		}
+	}
+
+	// Check encodings.
+	for _, tt := range encodeTests {
+		enc := tt.enc
+		if enc == "" {
+			enc = tt.path
+		}
+		path, err := decodePath(enc)
+		if err != nil {
+			t.Errorf("decodePath(%q): unexpected error: %v", enc, err)
+			continue
+		}
+		if path != tt.path {
+			t.Errorf("decodePath(%q) = %q, want %q", enc, path, tt.path)
+		}
+	}
+}
--- a/src/cmd/go/internal/sumweb/server.go
+++ b/src/cmd/go/internal/sumweb/server.go
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package sumweb implements the HTTP protocols for serving or accessing a go.sum database.
+package sumweb
+
+import (
+	"context"
+	"net/http"
+	"os"
+	"regexp"
+	"strings"
+
+	"cmd/go/internal/tlog"
+)
+
+// A Server provides the external operations
+// (underlying database access and so on)
+// needed to implement the HTTP server Handler.
+type Server interface {
+	// NewContext returns the context to use for the request r.
+	NewContext(r *http.Request) (context.Context, error)
+
+	// Signed returns the signed hash of the latest tree.
+	Signed(ctx context.Context) ([]byte, error)
+
+	// ReadRecords returns the content for the n records id through id+n-1.
+	ReadRecords(ctx context.Context, id, n int64) ([][]byte, error)
+
+	// Lookup looks up a record by its associated key ("module@version"),
+	// returning the record ID.
+	Lookup(ctx context.Context, key string) (int64, error)
+
+	// ReadTileData reads the content of tile t.
+	// It is only invoked for hash tiles (t.L ≥ 0).
+	ReadTileData(ctx context.Context, t tlog.Tile) ([]byte, error)
+}
+
+// A Handler is the go.sum database server handler,
+// which should be invoked to serve the paths listed in Paths.
+// The calling code is responsible for initializing Server.
+type Handler struct {
+	Server Server
+}
+
+// Paths are the URL paths for which Handler should be invoked.
+//
+// Typically a server will do:
+//
+//	handler := &sumweb.Handler{Server: srv}
+//	for _, path := range sumweb.Paths {
+//		http.HandleFunc(path, handler)
+//	}
+//
+var Paths = []string{
+	"/lookup/",
+	"/latest",
+	"/tile/",
+}
+
+var modVerRE = regexp.MustCompile(`^[^@]+@v[0-9]+\.[0-9]+\.[0-9]+(-[^@]*)?$`)
+
+func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	ctx, err := h.Server.NewContext(r)
+	if err != nil {
+		http.Error(w, err.Error(), 500)
+		return
+	}
+
+	switch {
+	default:
+		http.NotFound(w, r)
+
+	case strings.HasPrefix(r.URL.Path, "/lookup/"):
+		mod := strings.TrimPrefix(r.URL.Path, "/lookup/")
+		if !modVerRE.MatchString(mod) {
+			http.Error(w, "invalid module@version syntax", http.StatusBadRequest)
+			return
+		}
+		i := strings.Index(mod, "@")
+		encPath, encVers := mod[:i], mod[i+1:]
+		path, err := decodePath(encPath)
+		if err != nil {
+			reportError(w, r, err)
+			return
+		}
+		vers, err := decodeVersion(encVers)
+		if err != nil {
+			reportError(w, r, err)
+			return
+		}
+		id, err := h.Server.Lookup(ctx, path+"@"+vers)
+		if err != nil {
+			reportError(w, r, err)
+			return
+		}
+		records, err := h.Server.ReadRecords(ctx, id, 1)
+		if err != nil {
+			// This should never happen - the lookup says the record exists.
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		if len(records) != 1 {
+			http.Error(w, "invalid record count returned by ReadRecords", http.StatusInternalServerError)
+			return
+		}
+		msg, err := tlog.FormatRecord(id, records[0])
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		signed, err := h.Server.Signed(ctx)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		w.Header().Set("Content-Type", "text/plain; charset=UTF-8")
+		w.Write(msg)
+		w.Write(signed)
+
+	case r.URL.Path == "/latest":
+		data, err := h.Server.Signed(ctx)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		w.Header().Set("Content-Type", "text/plain; charset=UTF-8")
+		w.Write(data)
+
+	case strings.HasPrefix(r.URL.Path, "/tile/"):
+		t, err := tlog.ParseTilePath(r.URL.Path[1:])
+		if err != nil {
+			http.Error(w, "invalid tile syntax", http.StatusBadRequest)
+			return
+		}
+		if t.L == -1 {
+			// Record data.
+			start := t.N << uint(t.H)
+			records, err := h.Server.ReadRecords(ctx, start, int64(t.W))
+			if err != nil {
+				reportError(w, r, err)
+				return
+			}
+			if len(records) != t.W {
+				http.Error(w, "invalid record count returned by ReadRecords", http.StatusInternalServerError)
+				return
+			}
+			var data []byte
+			for i, text := range records {
+				msg, err := tlog.FormatRecord(start+int64(i), text)
+				if err != nil {
+					http.Error(w, err.Error(), http.StatusInternalServerError)
+				}
+				data = append(data, msg...)
+			}
+			w.Header().Set("Content-Type", "text/plain; charset=UTF-8")
+			w.Write(data)
+			return
+		}
+
+		data, err := h.Server.ReadTileData(ctx, t)
+		if err != nil {
+			reportError(w, r, err)
+			return
+		}
+		w.Header().Set("Content-Type", "application/octet-stream")
+		w.Write(data)
+	}
+}
+
+// reportError reports err to w.
+// If it's a not-found, the reported error is 404.
+// Otherwise it is an internal server error.
+// The caller must only call reportError in contexts where
+// a not-found err should be reported as 404.
+func reportError(w http.ResponseWriter, r *http.Request, err error) {
+	if os.IsNotExist(err) {
+		http.Error(w, err.Error(), http.StatusNotFound)
+		return
+	}
+	http.Error(w, err.Error(), http.StatusInternalServerError)
+}
--- a/src/cmd/go/internal/sumweb/test.go
+++ b/src/cmd/go/internal/sumweb/test.go
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package sumweb
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strings"
+	"sync"
+
+	"cmd/go/internal/note"
+	"cmd/go/internal/tlog"
+)
+
+// NewTestServer constructs a new TestServer
+// that will sign its tree with the given signer key
+// (see cmd/go/internal/note)
+// and fetch new records as needed by calling gosum.
+func NewTestServer(signer string, gosum func(path, vers string) ([]byte, error)) *TestServer {
+	return &TestServer{signer: signer, gosum: gosum}
+}
+
+// A TestServer is an in-memory implementation of Server for testing.
+type TestServer struct {
+	signer string
+	gosum  func(path, vers string) ([]byte, error)
+
+	mu      sync.Mutex
+	hashes  testHashes
+	records [][]byte
+	lookup  map[string]int64
+}
+
+// testHashes implements tlog.HashReader, reading from a slice.
+type testHashes []tlog.Hash
+
+func (h testHashes) ReadHashes(indexes []int64) ([]tlog.Hash, error) {
+	var list []tlog.Hash
+	for _, id := range indexes {
+		list = append(list, h[id])
+	}
+	return list, nil
+}
+
+func (s *TestServer) NewContext(r *http.Request) (context.Context, error) {
+	return nil, nil
+}
+
+func (s *TestServer) Signed(ctx context.Context) ([]byte, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	size := int64(len(s.records))
+	h, err := tlog.TreeHash(size, s.hashes)
+	if err != nil {
+		return nil, err
+	}
+	text := tlog.FormatTree(tlog.Tree{N: size, Hash: h})
+	signer, err := note.NewSigner(s.signer)
+	if err != nil {
+		return nil, err
+	}
+	return note.Sign(&note.Note{Text: string(text)}, signer)
+}
+
+func (s *TestServer) ReadRecords(ctx context.Context, id, n int64) ([][]byte, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	var list [][]byte
+	for i := int64(0); i < n; i++ {
+		if id+i >= int64(len(s.records)) {
+			return nil, fmt.Errorf("missing records")
+		}
+		list = append(list, s.records[id+i])
+	}
+	return list, nil
+}
+
+func (s *TestServer) Lookup(ctx context.Context, key string) (int64, error) {
+	s.mu.Lock()
+	id, ok := s.lookup[key]
+	s.mu.Unlock()
+	if ok {
+		return id, nil
+	}
+
+	// Look up module and compute go.sum lines.
+	i := strings.Index(key, "@")
+	if i < 0 {
+		return 0, fmt.Errorf("invalid lookup key %q", key)
+	}
+	path, vers := key[:i], key[i+1:]
+	data, err := s.gosum(path, vers)
+	if err != nil {
+		return 0, err
+	}
+
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	// We ran the fetch without the lock.
+	// If another fetch happened and committed, use it instead.
+	id, ok = s.lookup[key]
+	if ok {
+		return id, nil
+	}
+
+	// Add record.
+	id = int64(len(s.records))
+	s.records = append(s.records, data)
+	if s.lookup == nil {
+		s.lookup = make(map[string]int64)
+	}
+	s.lookup[key] = id
+	hashes, err := tlog.StoredHashesForRecordHash(id, tlog.RecordHash([]byte(data)), s.hashes)
+	if err != nil {
+		panic(err)
+	}
+	s.hashes = append(s.hashes, hashes...)
+
+	return id, nil
+}
+
+func (s *TestServer) ReadTileData(ctx context.Context, t tlog.Tile) ([]byte, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	return tlog.ReadTileData(t, s.hashes)
+}
--- a/src/cmd/go/internal/tlog/ct_test.go
+++ b/src/cmd/go/internal/tlog/ct_test.go
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tlog
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"os"
+	"testing"
+)
+
+func TestCertificateTransparency(t *testing.T) {
+	// Test that we can verify actual Certificate Transparency proofs.
+	// (The other tests check that we can verify our own proofs;
+	// this is a test that the two are compatible.)
+
+	if testing.Short() {
+		t.Skip("skipping in -short mode")
+	}
+
+	var root ctTree
+	httpGET(t, "http://ct.googleapis.com/logs/argon2020/ct/v1/get-sth", &root)
+
+	var leaf ctEntries
+	httpGET(t, "http://ct.googleapis.com/logs/argon2020/ct/v1/get-entries?start=10000&end=10000", &leaf)
+	hash := RecordHash(leaf.Entries[0].Data)
+
+	var rp ctRecordProof
+	httpGET(t, "http://ct.googleapis.com/logs/argon2020/ct/v1/get-proof-by-hash?tree_size="+fmt.Sprint(root.Size)+"&hash="+url.QueryEscape(hash.String()), &rp)
+
+	err := CheckRecord(rp.Proof, root.Size, root.Hash, 10000, hash)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var tp ctTreeProof
+	httpGET(t, "http://ct.googleapis.com/logs/argon2020/ct/v1/get-sth-consistency?first=3654490&second="+fmt.Sprint(root.Size), &tp)
+
+	oh, _ := ParseHash("AuIZ5V6sDUj1vn3Y1K85oOaQ7y+FJJKtyRTl1edIKBQ=")
+	err = CheckTree(tp.Proof, root.Size, root.Hash, 3654490, oh)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+type ctTree struct {
+	Size int64 `json:"tree_size"`
+	Hash Hash  `json:"sha256_root_hash"`
+}
+
+type ctEntries struct {
+	Entries []*ctEntry
+}
+
+type ctEntry struct {
+	Data []byte `json:"leaf_input"`
+}
+
+type ctRecordProof struct {
+	Index int64       `json:"leaf_index"`
+	Proof RecordProof `json:"audit_path"`
+}
+
+type ctTreeProof struct {
+	Proof TreeProof `json:"consistency"`
+}
+
+func httpGET(t *testing.T, url string, targ interface{}) {
+	if testing.Verbose() {
+		println()
+		println(url)
+	}
+	resp, err := http.Get(url)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer resp.Body.Close()
+	data, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if testing.Verbose() {
+		os.Stdout.Write(data)
+	}
+	err = json.Unmarshal(data, targ)
+	if err != nil {
+		println(url)
+		os.Stdout.Write(data)
+		t.Fatal(err)
+	}
+}
--- a/src/cmd/go/internal/tlog/note.go
+++ b/src/cmd/go/internal/tlog/note.go
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tlog
+
+import (
+	"bytes"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"strconv"
+	"strings"
+	"unicode/utf8"
+)
+
+// A Tree is a tree description, to be signed by a go.sum database server.
+type Tree struct {
+	N    int64
+	Hash Hash
+}
+
+// FormatTree formats a tree description for inclusion in a note.
+//
+// The encoded form is three lines, each ending in a newline (U+000A):
+//
+//	go.sum database tree
+//	N
+//	Hash
+//
+// where N is in decimal and Hash is in base64.
+//
+// A future backwards-compatible encoding may add additional lines,
+// which the parser can ignore.
+// A future backwards-incompatible encoding would use a different
+// first line (for example, "go.sum database tree v2").
+func FormatTree(tree Tree) []byte {
+	return []byte(fmt.Sprintf("go.sum database tree\n%d\n%s\n", tree.N, tree.Hash))
+}
+
+var errMalformedTree = errors.New("malformed tree note")
+var treePrefix = []byte("go.sum database tree\n")
+
+// ParseTree parses a tree root description.
+func ParseTree(text []byte) (tree Tree, err error) {
+	// The message looks like:
+	//
+	//	go.sum database tree
+	//	2
+	//	nND/nri/U0xuHUrYSy0HtMeal2vzD9V4k/BO79C+QeI=
+	//
+	// For forwards compatibility, extra text lines after the encoding are ignored.
+	if !bytes.HasPrefix(text, treePrefix) || bytes.Count(text, []byte("\n")) < 3 || len(text) > 1e6 {
+		return Tree{}, errMalformedTree
+	}
+
+	lines := strings.SplitN(string(text), "\n", 4)
+	n, err := strconv.ParseInt(lines[1], 10, 64)
+	if err != nil || n < 0 || lines[1] != strconv.FormatInt(n, 10) {
+		return Tree{}, errMalformedTree
+	}
+
+	h, err := base64.StdEncoding.DecodeString(lines[2])
+	if err != nil || len(h) != HashSize {
+		return Tree{}, errMalformedTree
+	}
+
+	var hash Hash
+	copy(hash[:], h)
+	return Tree{n, hash}, nil
+}
+
+var errMalformedRecord = errors.New("malformed record data")
+
+// FormatRecord formats a record for serving to a client
+// in a lookup response or data tile.
+//
+// The encoded form is the record ID as a single number,
+// then the text of the record, and then a terminating blank line.
+// Record text must be valid UTF-8 and must not contain any ASCII control
+// characters (those below U+0020) other than newline (U+000A).
+// It must end in a terminating newline and not contain any blank lines.
+func FormatRecord(id int64, text []byte) (msg []byte, err error) {
+	if !isValidRecordText(text) {
+		return nil, errMalformedRecord
+	}
+	msg = []byte(fmt.Sprintf("%d\n", id))
+	msg = append(msg, text...)
+	msg = append(msg, '\n')
+	return msg, nil
+}
+
+// isValidRecordText reports whether text is syntactically valid record text.
+func isValidRecordText(text []byte) bool {
+	var last rune
+	for i := 0; i < len(text); {
+		r, size := utf8.DecodeRune(text[i:])
+		if r < 0x20 && r != '\n' || r == utf8.RuneError && size == 1 || last == '\n' && r == '\n' {
+			return false
+		}
+		i += size
+		last = r
+	}
+	if last != '\n' {
+		return false
+	}
+	return true
+}
+
+// ParseRecord parses a record description at the start of text,
+// stopping immediately after the terminating blank line.
+// It returns the record id, the record text, and the remainder of text.
+func ParseRecord(msg []byte) (id int64, text, rest []byte, err error) {
+	// Leading record id.
+	i := bytes.IndexByte(msg, '\n')
+	if i < 0 {
+		return 0, nil, nil, errMalformedRecord
+	}
+	id, err = strconv.ParseInt(string(msg[:i]), 10, 64)
+	if err != nil {
+		return 0, nil, nil, errMalformedRecord
+	}
+	msg = msg[i+1:]
+
+	// Record text.
+	i = bytes.Index(msg, []byte("\n\n"))
+	if i < 0 {
+		return 0, nil, nil, errMalformedRecord
+	}
+	text, rest = msg[:i+1], msg[i+2:]
+	if !isValidRecordText(text) {
+		return 0, nil, nil, errMalformedRecord
+	}
+	return id, text, rest, nil
+}
--- a/src/cmd/go/internal/tlog/note_test.go
+++ b/src/cmd/go/internal/tlog/note_test.go
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tlog
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestFormatTree(t *testing.T) {
+	n := int64(123456789012)
+	h := RecordHash([]byte("hello world"))
+	golden := "go.sum database tree\n123456789012\nTszzRgjTG6xce+z2AG31kAXYKBgQVtCSCE40HmuwBb0=\n"
+	b := FormatTree(Tree{n, h})
+	if string(b) != golden {
+		t.Errorf("FormatTree(...) = %q, want %q", b, golden)
+	}
+}
+
+func TestParseTree(t *testing.T) {
+	in := "go.sum database tree\n123456789012\nTszzRgjTG6xce+z2AG31kAXYKBgQVtCSCE40HmuwBb0=\n"
+	goldH := RecordHash([]byte("hello world"))
+	goldN := int64(123456789012)
+	tree, err := ParseTree([]byte(in))
+	if tree.N != goldN || tree.Hash != goldH || err != nil {
+		t.Fatalf("ParseTree(...) = Tree{%d, %v}, %v, want Tree{%d, %v}, nil", tree.N, tree.Hash, err, goldN, goldH)
+	}
+
+	// Check invalid trees.
+	var badTrees = []string{
+		"not-" + in,
+		"go.sum database tree\n0xabcdef\nTszzRgjTG6xce+z2AG31kAXYKBgQVtCSCE40HmuwBb0=\n",
+		"go.sum database tree\n123456789012\nTszzRgjTG6xce+z2AG31kAXYKBgQVtCSCE40HmuwBTOOBIG=\n",
+	}
+	for _, bad := range badTrees {
+		_, err := ParseTree([]byte(bad))
+		if err == nil {
+			t.Fatalf("ParseTree(%q) succeeded, want failure", in)
+		}
+	}
+
+	// Check junk on end is ignored.
+	var goodTrees = []string{
+		in + "JOE",
+		in + "JOE\n",
+		in + strings.Repeat("JOE\n", 1000),
+	}
+	for _, good := range goodTrees {
+		_, err := ParseTree([]byte(good))
+		if tree.N != goldN || tree.Hash != goldH || err != nil {
+			t.Fatalf("ParseTree(...+%q) = Tree{%d, %v}, %v, want Tree{%d, %v}, nil", good[len(in):], tree.N, tree.Hash, err, goldN, goldH)
+		}
+	}
+}
+
+func TestFormatRecord(t *testing.T) {
+	id := int64(123456789012)
+	text := "hello, world\n"
+	golden := "123456789012\nhello, world\n\n"
+	msg, err := FormatRecord(id, []byte(text))
+	if err != nil {
+		t.Fatalf("FormatRecord: %v", err)
+	}
+	if string(msg) != golden {
+		t.Fatalf("FormatRecord(...) = %q, want %q", msg, golden)
+	}
+
+	var badTexts = []string{
+		"",
+		"hello\nworld",
+		"hello\n\nworld\n",
+		"hello\x01world\n",
+	}
+	for _, bad := range badTexts {
+		msg, err := FormatRecord(id, []byte(bad))
+		if err == nil {
+			t.Errorf("FormatRecord(id, %q) = %q, want error", bad, msg)
+		}
+	}
+}
+
+func TestParseRecord(t *testing.T) {
+	in := "123456789012\nhello, world\n\njunk on end\x01\xff"
+	goldID := int64(123456789012)
+	goldText := "hello, world\n"
+	goldRest := "junk on end\x01\xff"
+	id, text, rest, err := ParseRecord([]byte(in))
+	if id != goldID || string(text) != goldText || string(rest) != goldRest || err != nil {
+		t.Fatalf("ParseRecord(%q) = %d, %q, %q, %v, want %d, %q, %q, nil", in, id, text, rest, err, goldID, goldText, goldRest)
+	}
+
+	in = "123456789012\nhello, world\n\n"
+	id, text, rest, err = ParseRecord([]byte(in))
+	if id != goldID || string(text) != goldText || len(rest) != 0 || err != nil {
+		t.Fatalf("ParseRecord(%q) = %d, %q, %q, %v, want %d, %q, %q, nil", in, id, text, rest, err, goldID, goldText, "")
+	}
+	if rest == nil {
+		t.Fatalf("ParseRecord(%q): rest = []byte(nil), want []byte{}", in)
+	}
+
+	// Check invalid records.
+	var badRecords = []string{
+		"not-" + in,
+		"123\nhello\x01world\n\n",
+		"123\nhello\xffworld\n\n",
+		"123\nhello world\n",
+		"0x123\nhello world\n\n",
+	}
+	for _, bad := range badRecords {
+		id, text, rest, err := ParseRecord([]byte(bad))
+		if err == nil {
+			t.Fatalf("ParseRecord(%q) = %d, %q, %q, nil, want error", in, id, text, rest)
+		}
+	}
+}
--- a/src/cmd/go/internal/tlog/tile.go
+++ b/src/cmd/go/internal/tlog/tile.go
--- a/src/cmd/go/internal/tlog/tlog.go
+++ b/src/cmd/go/internal/tlog/tlog.go
--- a/src/cmd/go/internal/tlog/tlog_test.go
+++ b/src/cmd/go/internal/tlog/tlog_test.go
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tlog
+
+import (
+	"bytes"
+	"fmt"
+	"testing"
+)
+
+type testHashStorage []Hash
+
+func (t testHashStorage) ReadHash(level int, n int64) (Hash, error) {
+	return t[StoredHashIndex(level, n)], nil
+}
+
+func (t testHashStorage) ReadHashes(index []int64) ([]Hash, error) {
+	// It's not required by HashReader that indexes be in increasing order,
+	// but check that the functions we are testing only ever ask for
+	// indexes in increasing order.
+	for i := 1; i < len(index); i++ {
+		if index[i-1] >= index[i] {
+			panic("indexes out of order")
+		}
+	}
+
+	out := make([]Hash, len(index))
+	for i, x := range index {
+		out[i] = t[x]
+	}
+	return out, nil
+}
+
+type testTilesStorage struct {
+	unsaved int
+	m       map[Tile][]byte
+}
+
+func (t testTilesStorage) Height() int {
+	return 2
+}
+
+func (t *testTilesStorage) SaveTiles(tiles []Tile, data [][]byte) {
+	t.unsaved -= len(tiles)
+}
+
+func (t *testTilesStorage) ReadTiles(tiles []Tile) ([][]byte, error) {
+	out := make([][]byte, len(tiles))
+	for i, tile := range tiles {
+		out[i] = t.m[tile]
+	}
+	t.unsaved += len(tiles)
+	return out, nil
+}
+
+func TestTree(t *testing.T) {
+	var trees []Hash
+	var leafhashes []Hash
+	var storage testHashStorage
+	tiles := make(map[Tile][]byte)
+	const testH = 2
+	for i := int64(0); i < 100; i++ {
+		data := []byte(fmt.Sprintf("leaf %d", i))
+		hashes, err := StoredHashes(i, data, storage)
+		if err != nil {
+			t.Fatal(err)
+		}
+		leafhashes = append(leafhashes, RecordHash(data))
+		oldStorage := len(storage)
+		storage = append(storage, hashes...)
+		if count := StoredHashCount(i + 1); count != int64(len(storage)) {
+			t.Errorf("StoredHashCount(%d) = %d, have %d StoredHashes", i+1, count, len(storage))
+		}
+		th, err := TreeHash(i+1, storage)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		for _, tile := range NewTiles(testH, i, i+1) {
+			data, err := ReadTileData(tile, storage)
+			if err != nil {
+				t.Fatal(err)
+			}
+			old := Tile{H: tile.H, L: tile.L, N: tile.N, W: tile.W - 1}
+			oldData := tiles[old]
+			if len(oldData) != len(data)-HashSize || !bytes.Equal(oldData, data[:len(oldData)]) {
+				t.Fatalf("tile %v not extending earlier tile %v", tile.Path(), old.Path())
+			}
+			tiles[tile] = data
+		}
+		for _, tile := range NewTiles(testH, 0, i+1) {
+			data, err := ReadTileData(tile, storage)
+			if err != nil {
+				t.Fatal(err)
+			}
+			if !bytes.Equal(tiles[tile], data) {
+				t.Fatalf("mismatch at %+v", tile)
+			}
+		}
+		for _, tile := range NewTiles(testH, i/2, i+1) {
+			data, err := ReadTileData(tile, storage)
+			if err != nil {
+				t.Fatal(err)
+			}
+			if !bytes.Equal(tiles[tile], data) {
+				t.Fatalf("mismatch at %+v", tile)
+			}
+		}
+
+		// Check that all the new hashes are readable from their tiles.
+		for j := oldStorage; j < len(storage); j++ {
+			tile := TileForIndex(testH, int64(j))
+			data, ok := tiles[tile]
+			if !ok {
+				t.Log(NewTiles(testH, 0, i+1))
+				t.Fatalf("TileForIndex(%d, %d) = %v, not yet stored (i=%d, stored %d)", testH, j, tile.Path(), i, len(storage))
+				continue
+			}
+			h, err := HashFromTile(tile, data, int64(j))
+			if err != nil {
+				t.Fatal(err)
+			}
+			if h != storage[j] {
+				t.Errorf("HashFromTile(%v, %d) = %v, want %v", tile.Path(), int64(j), h, storage[j])
+			}
+		}
+
+		trees = append(trees, th)
+
+		// Check that leaf proofs work, for all trees and leaves so far.
+		for j := int64(0); j <= i; j++ {
+			p, err := ProveRecord(i+1, j, storage)
+			if err != nil {
+				t.Fatalf("ProveRecord(%d, %d): %v", i+1, j, err)
+			}
+			if err := CheckRecord(p, i+1, th, j, leafhashes[j]); err != nil {
+				t.Fatalf("CheckRecord(%d, %d): %v", i+1, j, err)
+			}
+			for k := range p {
+				p[k][0] ^= 1
+				if err := CheckRecord(p, i+1, th, j, leafhashes[j]); err == nil {
+					t.Fatalf("CheckRecord(%d, %d) succeeded with corrupt proof hash #%d!", i+1, j, k)
+				}
+				p[k][0] ^= 1
+			}
+		}
+
+		// Check that leaf proofs work using TileReader.
+		// To prove a leaf that way, all you have to do is read and verify its hash.
+		storage := &testTilesStorage{m: tiles}
+		thr := TileHashReader(Tree{i + 1, th}, storage)
+		for j := int64(0); j <= i; j++ {
+			h, err := thr.ReadHashes([]int64{StoredHashIndex(0, j)})
+			if err != nil {
+				t.Fatalf("TileHashReader(%d).ReadHashes(%d): %v", i+1, j, err)
+			}
+			if h[0] != leafhashes[j] {
+				t.Fatalf("TileHashReader(%d).ReadHashes(%d) returned wrong hash", i+1, j)
+			}
+
+			// Even though reading the hash suffices,
+			// check we can generate the proof too.
+			p, err := ProveRecord(i+1, j, thr)
+			if err != nil {
+				t.Fatalf("ProveRecord(%d, %d, TileHashReader(%d)): %v", i+1, j, i+1, err)
+			}
+			if err := CheckRecord(p, i+1, th, j, leafhashes[j]); err != nil {
+				t.Fatalf("CheckRecord(%d, %d, TileHashReader(%d)): %v", i+1, j, i+1, err)
+			}
+		}
+		if storage.unsaved != 0 {
+			t.Fatalf("TileHashReader(%d) did not save %d tiles", i+1, storage.unsaved)
+		}
+
+		// Check that ReadHashes will give an error if the index is not in the tree.
+		if _, err := thr.ReadHashes([]int64{(i + 1) * 2}); err == nil {
+			t.Fatalf("TileHashReader(%d).ReadHashes(%d) for index not in tree <nil>, want err", i, i+1)
+		}
+		if storage.unsaved != 0 {
+			t.Fatalf("TileHashReader(%d) did not save %d tiles", i+1, storage.unsaved)
+		}
+
+		// Check that tree proofs work, for all trees so far, using TileReader.
+		// To prove a tree that way, all you have to do is compute and verify its hash.
+		for j := int64(0); j <= i; j++ {
+			h, err := TreeHash(j+1, thr)
+			if err != nil {
+				t.Fatalf("TreeHash(%d, TileHashReader(%d)): %v", j, i+1, err)
+			}
+			if h != trees[j] {
+				t.Fatalf("TreeHash(%d, TileHashReader(%d)) = %x, want %x (%v)", j, i+1, h[:], trees[j][:], trees[j])
+			}
+
+			// Even though computing the subtree hash suffices,
+			// check that we can generate the proof too.
+			p, err := ProveTree(i+1, j+1, thr)
+			if err != nil {
+				t.Fatalf("ProveTree(%d, %d): %v", i+1, j+1, err)
+			}
+			if err := CheckTree(p, i+1, th, j+1, trees[j]); err != nil {
+				t.Fatalf("CheckTree(%d, %d): %v [%v]", i+1, j+1, err, p)
+			}
+			for k := range p {
+				p[k][0] ^= 1
+				if err := CheckTree(p, i+1, th, j+1, trees[j]); err == nil {
+					t.Fatalf("CheckTree(%d, %d) succeeded with corrupt proof hash #%d!", i+1, j+1, k)
+				}
+				p[k][0] ^= 1
+			}
+		}
+		if storage.unsaved != 0 {
+			t.Fatalf("TileHashReader(%d) did not save %d tiles", i+1, storage.unsaved)
+		}
+	}
+}
+
+func TestSplitStoredHashIndex(t *testing.T) {
+	for l := 0; l < 10; l++ {
+		for n := int64(0); n < 100; n++ {
+			x := StoredHashIndex(l, n)
+			l1, n1 := SplitStoredHashIndex(x)
+			if l1 != l || n1 != n {
+				t.Fatalf("StoredHashIndex(%d, %d) = %d, but SplitStoredHashIndex(%d) = %d, %d", l, n, x, x, l1, n1)
+			}
+		}
+	}
+}
+
+// TODO(rsc): Test invalid paths too, like "tile/3/5/123/456/078".
+var tilePaths = []struct {
+	path string
+	tile Tile
+}{
+	{"tile/4/0/001", Tile{4, 0, 1, 16}},
+	{"tile/4/0/001.p/5", Tile{4, 0, 1, 5}},
+	{"tile/3/5/x123/x456/078", Tile{3, 5, 123456078, 8}},
+	{"tile/3/5/x123/x456/078.p/2", Tile{3, 5, 123456078, 2}},
+	{"tile/1/0/x003/x057/500", Tile{1, 0, 3057500, 2}},
+	{"tile/3/5/123/456/078", Tile{}},
+	{"tile/3/-1/123/456/078", Tile{}},
+	{"tile/1/data/x003/x057/500", Tile{1, -1, 3057500, 2}},
+}
+
+func TestTilePath(t *testing.T) {
+	for _, tt := range tilePaths {
+		if tt.tile.H > 0 {
+			p := tt.tile.Path()
+			if p != tt.path {
+				t.Errorf("%+v.Path() = %q, want %q", tt.tile, p, tt.path)
+			}
+		}
+		tile, err := ParseTilePath(tt.path)
+		if err != nil {
+			if tt.tile.H == 0 {
+				// Expected error.
+				continue
+			}
+			t.Errorf("ParseTilePath(%q): %v", tt.path, err)
+		} else if tile != tt.tile {
+			if tt.tile.H == 0 {
+				t.Errorf("ParseTilePath(%q): expected error, got %+v", tt.path, tt.tile)
+				continue
+			}
+			t.Errorf("ParseTilePath(%q) = %+v, want %+v", tt.path, tile, tt.tile)
+		}
+	}
+}