diff options
Diffstat (limited to 'tools/mergetools.py')
-rw-r--r-- | tools/mergetools.py | 43 |
1 files changed, 31 insertions, 12 deletions
diff --git a/tools/mergetools.py b/tools/mergetools.py index 9f5feee..c3e9688 100644 --- a/tools/mergetools.py +++ b/tools/mergetools.py @@ -1,6 +1,7 @@ # Copyright (c) 2015, NORDUnet A/S. # See LICENSE for licensing information. import base64 +import hashlib import sys import struct from certtools import get_leaf_hash @@ -27,21 +28,39 @@ def read_chain(chainsdir, key): f.close() return value -def unpack_entry(entry): - pieces = [] - while len(entry): - (length,) = struct.unpack(">I", entry[0:4]) - type = entry[4:8] - data = entry[8:length] - entry = entry[length:] - pieces.append(data) - return pieces +def tlv_decode(data): + (length,) = struct.unpack(">I", data[0:4]) + type = data[4:8] + value = data[8:length] + rest = data[length:] + return (type, value, rest) + +def tlv_decodelist(data): + l = [] + while len(data): + (type, value, rest) = tlv_decode(data) + l.append((type, value)) + data = rest + return l + +def unwrap_entry(entry): + ploplevel = tlv_decodelist(entry) + assert(len(ploplevel) == 2) + (ploptype, plopdata) = ploplevel[0] + (plopchecksumtype, plopchecksum) = ploplevel[1] + assert(ploptype == "PLOP") + assert(plopchecksumtype == "S256") + computedchecksum = hashlib.sha256(plopdata).digest() + assert(computedchecksum == plopchecksum) + return plopdata def verify_entry(verifycert, entry, hash): - unpacked = unpack_entry(entry) - mtl = unpacked[0] + packed = unwrap_entry(entry) + unpacked = tlv_decodelist(packed) + (mtltype, mtl) = unpacked[0] assert hash == get_leaf_hash(mtl) - s = struct.pack(">I", len(entry)) + entry + assert mtltype == "MTL1" + s = struct.pack(">I", len(packed)) + packed try: verifycert.stdin.write(s) except IOError, e: |