diff options
author | josef <josef@guest119.se-tug.nordu.net> | 2015-09-01 14:50:33 +0200 |
---|---|---|
committer | josef <josef@guest119.se-tug.nordu.net> | 2015-09-01 14:50:33 +0200 |
commit | c44dc8533ece4e000162cae6fd6c6fa376b94602 (patch) | |
tree | ff360c5f40d1542b898ef0ec49cb3dbc36f6ed51 | |
parent | e71fab5e9f9a9b0b7a298acec5c85c188f7fe58f (diff) |
experimental...
-rwxr-xr-x | tools/josef_experimental.py | 111 |
1 files changed, 61 insertions, 50 deletions
diff --git a/tools/josef_experimental.py b/tools/josef_experimental.py index dc1dc7e..7f79788 100755 --- a/tools/josef_experimental.py +++ b/tools/josef_experimental.py @@ -3,13 +3,69 @@ import time import base64 -from certtools import get_sth, get_consistency_proof, check_sth_signature, get_public_key_from_file, verify_consistency_proof +import urllib +import urllib2 +import sys +# from pympler.asizeof import asizeof +from certtools import * + +def reduce_leafs_to_root(layer0): + if len(layer0) == 0: + return [[hashlib.sha256().digest()]] + current_layer = layer0 + while len(current_layer) > 1: + current_layer = next_merkle_layer(current_layer) + return current_layer + +def reduce_layer(layer): + new_layer = [] + while len(layer) > 1: + e1 = layer.pop(0) + e2 = layer.pop(0) + new_layer.append(internal_hash((e1,e2))) + return new_layer + +def reduce_tree(entries, layers): + if len(entries) == 0 and layers is []: + return [[hashlib.sha256().digest()]] + + layer_idx = 0 + layers[layer_idx] += entries + + while len(layers[layer_idx]) > 1: + if len(layers) == layer_idx + 1: + layers.append([]) + + layers[layer_idx + 1] += reduce_layer(layers[layer_idx]) + layer_idx += 1 + return layers + +def reduce_subtree_to_root(layers): + while len(layers) > 1: + layers[1] += next_merkle_layer(layers[0]) + del layers[0] + + if len(layers[0]) > 1: + return next_merkle_layer(layers[0]) + return layers[0] + +def get_proof_by_index(baseurl, index, tree_size): + try: + params = urllib.urlencode({"leaf_index":index, + "tree_size":tree_size}) + result = \ + urlopen(baseurl + "ct/v1/get-entry-and-proof?" + params).read() + return json.loads(result) + except urllib2.HTTPError, e: + print "ERROR:", e.read() + sys.exit(1) base_urls = ["https://plausible.ct.nordu.net/", "https://ct1.digicert-ct.com/log/", "https://ct.izenpe.com/", "https://log.certly.io/", + "https://ctlog.api.venafi.com/", "https://ct.googleapis.com/aviator/", "https://ct.googleapis.com/pilot/", "https://ct.googleapis.com/rocketeer/", @@ -23,57 +79,12 @@ logkeys["https://ct.googleapis.com/pilot/"] = get_public_key_from_file("../../pi logkeys["https://log.certly.io/"] = get_public_key_from_file("../../certly-logkey.pem") logkeys["https://ct.izenpe.com/"] = get_public_key_from_file("../../izenpe-logkey.pem") logkeys["https://ct1.digicert-ct.com/log/"] = get_public_key_from_file("../../digicert-logkey.pem") -old_sth = {} - -# Get initial sth -print time.strftime("%H:%M:%S", time.gmtime()) -for base_url in base_urls: - - old_sth[base_url] = get_sth(base_url) - print "Received STH from " + base_url + ", timestamp: " + str(old_sth[base_url]["timestamp"]) + ", size: " + str(old_sth[base_url]["tree_size"]) - - try: - check_sth_signature(base_url, old_sth[base_url], logkeys[base_url]) - except: - print "Could not verify signature!!" - - -while True: - time.sleep(1*60-4) - print time.strftime("%H:%M:%S", time.gmtime()) - for base_url in base_urls: - new_sth = get_sth(base_url) - print "Received STH from " + base_url + ", timestamp: " + str(new_sth["timestamp"]) + ", size: " + str(new_sth["tree_size"]) - try: - check_sth_signature(base_url, new_sth, logkeys[base_url]) - except: - print "Could not verify signature!!" - - if old_sth[base_url]["tree_size"]!= new_sth["tree_size"]: - print "Wohoo, new STH! Checking..." - try: - # Hashes are base64 encoded from the server and needs to be decoded before checking proofs. - consistency_proof = get_consistency_proof(base_url, old_sth[base_url]["tree_size"], new_sth["tree_size"] ) - decoded_consistency_proof = [] - for item in consistency_proof: - decoded_consistency_proof.append(base64.b64decode(item)) - res = verify_consistency_proof(decoded_consistency_proof, old_sth[base_url]["tree_size"], new_sth["tree_size"], old_sth[base_url]["sha256_root_hash"]) - - if old_sth[base_url]["sha256_root_hash"] != str(base64.b64encode(res[0])): - print "Verification of old hash failed!!!" - print old_sth[base_url]["sha256_root_hash"], str(base64.b64encode(res[0])) - if new_sth["sha256_root_hash"] != str(base64.b64encode(res[1])): - print "Verification of new hash failed!!!" - print new_sth["sha256_root_hash"], str(base64.b64encode(res[1])) - - except Exception, err: - print Exception, err - finally: - old_sth[base_url] = new_sth - - +logkeys["https://ctlog.api.venafi.com/"] = get_public_key_from_file("../../venafi-logkey.pem") +from Crypto import Signature +sth = get_sth(base_urls[4]) +print sth |