From 89b8a59da38daf465a934f039cc7cf3efaf1468e Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Mon, 27 Oct 2014 16:56:03 +0100
Subject: merge.py: send whole sth in sendsth call
---
tools/certtools.py | 20 ++++++++++++++++++++
tools/merge.py | 27 ++++++++++++++++++++++++++-
2 files changed, 46 insertions(+), 1 deletion(-)
diff --git a/tools/certtools.py b/tools/certtools.py
index b132caa..0ce8885 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -143,6 +143,11 @@ def decode_signature(signature):
assert rest == ""
return (hash_alg, signature_alg, unpacked_signature)
+def encode_signature(hash_alg, signature_alg, unpacked_signature):
+ signature = struct.pack(">bb", hash_alg, signature_alg)
+ signature += tls_array(unpacked_signature, 2)
+ return signature
+
def check_signature(baseurl, signature, data):
publickey = base64.decodestring(publickeys[baseurl])
(hash_alg, signature_alg, unpacked_signature) = decode_signature(signature)
@@ -155,6 +160,12 @@ def check_signature(baseurl, signature, data):
vk.verify(unpacked_signature, data, hashfunc=hashlib.sha256,
sigdecode=ecdsa.util.sigdecode_der)
+def create_signature(privatekey, data):
+ sk = ecdsa.SigningKey.from_der(privatekey)
+ unpacked_signature = sk.sign(data, hashfunc=hashlib.sha256,
+ sigencode=ecdsa.util.sigencode_der)
+ return encode_signature(4, 3, unpacked_signature)
+
def check_sth_signature(baseurl, sth):
signature = base64.decodestring(sth["tree_head_signature"])
@@ -167,6 +178,15 @@ def check_sth_signature(baseurl, sth):
check_signature(baseurl, signature, tree_head)
+def create_sth_signature(tree_size, timestamp, root_hash, privatekey):
+ version = struct.pack(">b", 0)
+ signature_type = struct.pack(">b", 1)
+ timestamp_packed = struct.pack(">Q", timestamp)
+ tree_size_packed = struct.pack(">Q", tree_size)
+ tree_head = version + signature_type + timestamp_packed + tree_size_packed + root_hash
+
+ return create_signature(privatekey, tree_head)
+
def check_sct_signature(baseurl, leafcert, sct):
publickey = base64.decodestring(publickeys[baseurl])
calculated_logid = hashlib.sha256(publickey).digest()
diff --git a/tools/merge.py b/tools/merge.py
index 3aeecdf..7c6e357 100755
--- a/tools/merge.py
+++ b/tools/merge.py
@@ -9,7 +9,10 @@ import base64
import urllib
import urllib2
import sys
+import time
+from certtools import build_merkle_tree, create_sth_signature, check_sth_signature
+ctbaseurl = "https://127.0.0.1:8080/"
frontendnodes = ["https://127.0.0.1:8082/"]
storagenodes = ["https://127.0.0.1:8081/"]
@@ -142,6 +145,28 @@ for new_entry in new_entries:
added_entries += 1
print "added", added_entries, "entries"
+tree = build_merkle_tree(logorder)
+tree_size = len(logorder)
+root_hash = tree[-1][0]
+timestamp = int(time.time() * 1000)
+privatekey = base64.decodestring(
+ "MHcCAQEEIMM/FjZ4FSzfENTTwGpTve6CP+IVr"
+ "Y7p8OKV634uJI/foAoGCCqGSM49AwEHoUQDQg"
+ "AE4qWq6afhBUi0OdcWUYhyJLNXTkGqQ9PMS5l"
+ "qoCgkV2h1ZvpNjBH2u8UbgcOQwqDo66z6BWQJ"
+ "GolozZYmNHE2kQ==")
+
+tree_head_signature = create_sth_signature(tree_size, timestamp,
+ root_hash, privatekey)
+
+sth = {"tree_size": tree_size, "timestamp": timestamp,
+ "sha256_root_hash": base64.b64encode(root_hash),
+ "tree_head_signature": base64.b64encode(tree_head_signature)}
+
+check_sth_signature(ctbaseurl, sth)
+
+print "root hash", base64.b16encode(root_hash)
+
for frontendnode in frontendnodes:
print "distributing for node", frontendnode
curpos = get_curpos(frontendnode)
@@ -154,4 +179,4 @@ for frontendnode in frontendnodes:
for missingentry in missingentries:
hash = base64.b64decode(missingentry)
sendentry(frontendnode, read_chain(hash), hash)
- sendsth(frontendnode, {"tree_size": len(logorder)})
+ sendsth(frontendnode, sth)
--
cgit v1.1