diff options
author | Magnus Ahltorp <map@kth.se> | 2014-10-27 16:56:03 +0100 |
---|---|---|
committer | Magnus Ahltorp <map@kth.se> | 2014-10-27 16:56:03 +0100 |
commit | 89b8a59da38daf465a934f039cc7cf3efaf1468e (patch) | |
tree | a4e15387988d8912cc6a242f258b2bfeac811942 /tools/certtools.py | |
parent | b9c709204da83be2f315664f9f263c6890b1bc8d (diff) |
merge.py: send whole sth in sendsth call
Diffstat (limited to 'tools/certtools.py')
-rw-r--r-- | tools/certtools.py | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/tools/certtools.py b/tools/certtools.py index b132caa..0ce8885 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -143,6 +143,11 @@ def decode_signature(signature): assert rest == "" return (hash_alg, signature_alg, unpacked_signature) +def encode_signature(hash_alg, signature_alg, unpacked_signature): + signature = struct.pack(">bb", hash_alg, signature_alg) + signature += tls_array(unpacked_signature, 2) + return signature + def check_signature(baseurl, signature, data): publickey = base64.decodestring(publickeys[baseurl]) (hash_alg, signature_alg, unpacked_signature) = decode_signature(signature) @@ -155,6 +160,12 @@ def check_signature(baseurl, signature, data): vk.verify(unpacked_signature, data, hashfunc=hashlib.sha256, sigdecode=ecdsa.util.sigdecode_der) +def create_signature(privatekey, data): + sk = ecdsa.SigningKey.from_der(privatekey) + unpacked_signature = sk.sign(data, hashfunc=hashlib.sha256, + sigencode=ecdsa.util.sigencode_der) + return encode_signature(4, 3, unpacked_signature) + def check_sth_signature(baseurl, sth): signature = base64.decodestring(sth["tree_head_signature"]) @@ -167,6 +178,15 @@ def check_sth_signature(baseurl, sth): check_signature(baseurl, signature, tree_head) +def create_sth_signature(tree_size, timestamp, root_hash, privatekey): + version = struct.pack(">b", 0) + signature_type = struct.pack(">b", 1) + timestamp_packed = struct.pack(">Q", timestamp) + tree_size_packed = struct.pack(">Q", tree_size) + tree_head = version + signature_type + timestamp_packed + tree_size_packed + root_hash + + return create_signature(privatekey, tree_head) + def check_sct_signature(baseurl, leafcert, sct): publickey = base64.decodestring(publickeys[baseurl]) calculated_logid = hashlib.sha256(publickey).digest() |