diff options
Diffstat (limited to 'tools/josef_experimental.py')
-rwxr-xr-x | tools/josef_experimental.py | 118 |
1 files changed, 78 insertions, 40 deletions
diff --git a/tools/josef_experimental.py b/tools/josef_experimental.py index 7f79788..4377b8b 100755 --- a/tools/josef_experimental.py +++ b/tools/josef_experimental.py @@ -1,5 +1,5 @@ #!/usr/bin/python -# -*- coding: utf-8 -*- +# -*- coding: utf-8 -*- import time import base64 @@ -8,46 +8,47 @@ import urllib2 import sys # from pympler.asizeof import asizeof from certtools import * +from Crypto.Signature import PKCS1_v1_5 def reduce_leafs_to_root(layer0): - if len(layer0) == 0: - return [[hashlib.sha256().digest()]] - current_layer = layer0 - while len(current_layer) > 1: - current_layer = next_merkle_layer(current_layer) - return current_layer + if len(layer0) == 0: + return [[hashlib.sha256().digest()]] + current_layer = layer0 + while len(current_layer) > 1: + current_layer = next_merkle_layer(current_layer) + return current_layer def reduce_layer(layer): - new_layer = [] - while len(layer) > 1: - e1 = layer.pop(0) - e2 = layer.pop(0) - new_layer.append(internal_hash((e1,e2))) - return new_layer + new_layer = [] + while len(layer) > 1: + e1 = layer.pop(0) + e2 = layer.pop(0) + new_layer.append(internal_hash((e1,e2))) + return new_layer def reduce_tree(entries, layers): - if len(entries) == 0 and layers is []: - return [[hashlib.sha256().digest()]] + if len(entries) == 0 and layers is []: + return [[hashlib.sha256().digest()]] - layer_idx = 0 - layers[layer_idx] += entries + layer_idx = 0 + layers[layer_idx] += entries - while len(layers[layer_idx]) > 1: - if len(layers) == layer_idx + 1: - layers.append([]) + while len(layers[layer_idx]) > 1: + if len(layers) == layer_idx + 1: + layers.append([]) - layers[layer_idx + 1] += reduce_layer(layers[layer_idx]) - layer_idx += 1 - return layers + layers[layer_idx + 1] += reduce_layer(layers[layer_idx]) + layer_idx += 1 + return layers def reduce_subtree_to_root(layers): - while len(layers) > 1: - layers[1] += next_merkle_layer(layers[0]) - del layers[0] + while len(layers) > 1: + layers[1] += next_merkle_layer(layers[0]) + del layers[0] - if len(layers[0]) > 1: - return next_merkle_layer(layers[0]) - return layers[0] + if len(layers[0]) > 1: + return next_merkle_layer(layers[0]) + return layers[0] def get_proof_by_index(baseurl, index, tree_size): try: @@ -62,14 +63,14 @@ def get_proof_by_index(baseurl, index, tree_size): base_urls = ["https://plausible.ct.nordu.net/", - "https://ct1.digicert-ct.com/log/", - "https://ct.izenpe.com/", - "https://log.certly.io/", - "https://ctlog.api.venafi.com/", - "https://ct.googleapis.com/aviator/", - "https://ct.googleapis.com/pilot/", - "https://ct.googleapis.com/rocketeer/", - ] + "https://ct1.digicert-ct.com/log/", + "https://ct.izenpe.com/", + "https://log.certly.io/", + "https://ctlog.api.venafi.com/", + "https://ct.googleapis.com/aviator/", + "https://ct.googleapis.com/pilot/", + "https://ct.googleapis.com/rocketeer/", + ] logkeys = {} logkeys["https://plausible.ct.nordu.net/"] = get_public_key_from_file("../../plausible-logkey.pem") @@ -82,9 +83,46 @@ logkeys["https://ct1.digicert-ct.com/log/"] = get_public_key_from_file("../../di logkeys["https://ctlog.api.venafi.com/"] = get_public_key_from_file("../../venafi-logkey.pem") -from Crypto import Signature +import Crypto.PublicKey.RSA as RSA +from Crypto.Hash import SHA256 -sth = get_sth(base_urls[4]) +for url in base_urls: + sth = get_sth(url) + signature = base64.b64decode(sth["tree_head_signature"]) + key = logkeys[url] + root_hash = base64.b64decode(sth["sha256_root_hash"]) -print sth + hash_alg, signature_alg, unpacked_signature = decode_signature(signature) + if signature_alg == 1: + # rsa_key = RSA.importKey(key) + # verifier = PKCS1_v1_5.new(rsa_key) + + # version = struct.pack(">b", 0) + # signature_type = struct.pack(">b", 1) + # timestamp = struct.pack(">Q", sth["timestamp"]) + # tree_size = struct.pack(">Q", sth["tree_size"]) + # hash = base64.decodestring(sth["sha256_root_hash"]) + + # tree_head = version + signature_type + timestamp + tree_size + hash + # h = SHA256.new(tree_head) + + # print verifier + # print verifier.verify(h, unpacked_signature) + print "RSA Signature from " + url + check_sth_signature(url, sth, key) + + + + elif signature_alg == 3: + print "ECDSA signature from " + url + check_sth_signature(url, sth, key) + else: + print "Unknown signature algorithm from " + url + +# print sth +# print "\n\n" + signature +# print "\n\n" + key +# print rsa_key + +# print "\n\n" + rsa_key.verify(root_hash, signature)
\ No newline at end of file |