summaryrefslogtreecommitdiff
path: root/tools/mergetools.py
diff options
context:
space:
mode:
Diffstat (limited to 'tools/mergetools.py')
-rw-r--r--tools/mergetools.py43
1 files changed, 31 insertions, 12 deletions
diff --git a/tools/mergetools.py b/tools/mergetools.py
index 9f5feee..c3e9688 100644
--- a/tools/mergetools.py
+++ b/tools/mergetools.py
@@ -1,6 +1,7 @@
# Copyright (c) 2015, NORDUnet A/S.
# See LICENSE for licensing information.
import base64
+import hashlib
import sys
import struct
from certtools import get_leaf_hash
@@ -27,21 +28,39 @@ def read_chain(chainsdir, key):
f.close()
return value
-def unpack_entry(entry):
- pieces = []
- while len(entry):
- (length,) = struct.unpack(">I", entry[0:4])
- type = entry[4:8]
- data = entry[8:length]
- entry = entry[length:]
- pieces.append(data)
- return pieces
+def tlv_decode(data):
+ (length,) = struct.unpack(">I", data[0:4])
+ type = data[4:8]
+ value = data[8:length]
+ rest = data[length:]
+ return (type, value, rest)
+
+def tlv_decodelist(data):
+ l = []
+ while len(data):
+ (type, value, rest) = tlv_decode(data)
+ l.append((type, value))
+ data = rest
+ return l
+
+def unwrap_entry(entry):
+ ploplevel = tlv_decodelist(entry)
+ assert(len(ploplevel) == 2)
+ (ploptype, plopdata) = ploplevel[0]
+ (plopchecksumtype, plopchecksum) = ploplevel[1]
+ assert(ploptype == "PLOP")
+ assert(plopchecksumtype == "S256")
+ computedchecksum = hashlib.sha256(plopdata).digest()
+ assert(computedchecksum == plopchecksum)
+ return plopdata
def verify_entry(verifycert, entry, hash):
- unpacked = unpack_entry(entry)
- mtl = unpacked[0]
+ packed = unwrap_entry(entry)
+ unpacked = tlv_decodelist(packed)
+ (mtltype, mtl) = unpacked[0]
assert hash == get_leaf_hash(mtl)
- s = struct.pack(">I", len(entry)) + entry
+ assert mtltype == "MTL1"
+ s = struct.pack(">I", len(packed)) + packed
try:
verifycert.stdin.write(s)
except IOError, e: