diff options
Diffstat (limited to 'tools')
-rwxr-xr-x | tools/merge.py | 2 | ||||
-rw-r--r-- | tools/mergetools.py | 43 |
2 files changed, 32 insertions, 13 deletions
diff --git a/tools/merge.py b/tools/merge.py index 7453fa4..f02ce39 100755 --- a/tools/merge.py +++ b/tools/merge.py @@ -22,7 +22,7 @@ from certtools import build_merkle_tree, create_sth_signature, \ check_sth_signature, get_eckey_from_file, timing_point, http_request, \ get_public_key_from_file, get_leaf_hash, decode_certificate_chain, \ create_ssl_context -from mergetools import parselogrow, get_logorder, read_chain, unpack_entry, \ +from mergetools import parselogrow, get_logorder, read_chain, \ verify_entry parser = argparse.ArgumentParser(description="") diff --git a/tools/mergetools.py b/tools/mergetools.py index 9f5feee..c3e9688 100644 --- a/tools/mergetools.py +++ b/tools/mergetools.py @@ -1,6 +1,7 @@ # Copyright (c) 2015, NORDUnet A/S. # See LICENSE for licensing information. import base64 +import hashlib import sys import struct from certtools import get_leaf_hash @@ -27,21 +28,39 @@ def read_chain(chainsdir, key): f.close() return value -def unpack_entry(entry): - pieces = [] - while len(entry): - (length,) = struct.unpack(">I", entry[0:4]) - type = entry[4:8] - data = entry[8:length] - entry = entry[length:] - pieces.append(data) - return pieces +def tlv_decode(data): + (length,) = struct.unpack(">I", data[0:4]) + type = data[4:8] + value = data[8:length] + rest = data[length:] + return (type, value, rest) + +def tlv_decodelist(data): + l = [] + while len(data): + (type, value, rest) = tlv_decode(data) + l.append((type, value)) + data = rest + return l + +def unwrap_entry(entry): + ploplevel = tlv_decodelist(entry) + assert(len(ploplevel) == 2) + (ploptype, plopdata) = ploplevel[0] + (plopchecksumtype, plopchecksum) = ploplevel[1] + assert(ploptype == "PLOP") + assert(plopchecksumtype == "S256") + computedchecksum = hashlib.sha256(plopdata).digest() + assert(computedchecksum == plopchecksum) + return plopdata def verify_entry(verifycert, entry, hash): - unpacked = unpack_entry(entry) - mtl = unpacked[0] + packed = unwrap_entry(entry) + unpacked = tlv_decodelist(packed) + (mtltype, mtl) = unpacked[0] assert hash == get_leaf_hash(mtl) - s = struct.pack(">I", len(entry)) + entry + assert mtltype == "MTL1" + s = struct.pack(">I", len(packed)) + packed try: verifycert.stdin.write(s) except IOError, e: |