summaryrefslogtreecommitdiff
path: root/tools/certtools.py
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2014-09-26 17:14:08 +0200
committerLinus Nordberg <linus@nordberg.se>2014-10-08 15:02:49 +0200
commit9e6f78f4595ccff78b9bc440950b1d88762f16da (patch)
tree387e45fa5f2d9d5d3c2672e4c7e14d5d8472067f /tools/certtools.py
parente54e051600fc7f46fb7eafce74d311a61d5bd823 (diff)
Added basic system test
Diffstat (limited to 'tools/certtools.py')
-rw-r--r--tools/certtools.py49
1 files changed, 36 insertions, 13 deletions
diff --git a/tools/certtools.py b/tools/certtools.py
index fe345cd..a62d58f 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -100,11 +100,19 @@ def unpack_tls_array(packed_data, length_len):
def add_chain(baseurl, submission):
try:
- return json.loads(urllib2.urlopen(baseurl + "ct/v1/add-chain",
- json.dumps(submission)).read())
+ result = urllib2.urlopen(baseurl + "ct/v1/add-chain",
+ json.dumps(submission)).read()
+ return json.loads(result)
except urllib2.HTTPError, e:
print "ERROR:", e.read()
sys.exit(1)
+ except ValueError, e:
+ print "==== FAILED REQUEST ===="
+ print submission
+ print "======= RESPONSE ======="
+ print result
+ print "========================"
+ raise e
def get_entries(baseurl, start, end):
try:
@@ -131,7 +139,31 @@ def decode_signature(signature):
assert rest == ""
return (hash_alg, signature_alg, unpacked_signature)
-def check_signature(baseurl, leafcert, sct):
+def check_signature(baseurl, signature, data):
+ publickey = base64.decodestring(publickeys[baseurl])
+ (hash_alg, signature_alg, unpacked_signature) = decode_signature(signature)
+ assert hash_alg == 4, \
+ "hash_alg is %d, expected 4" % (hash_alg,) # sha256
+ assert signature_alg == 3, \
+ "signature_alg is %d, expected 3" % (signature_alg,) # ecdsa
+
+ vk = ecdsa.VerifyingKey.from_der(publickey)
+ vk.verify(unpacked_signature, data, hashfunc=hashlib.sha256,
+ sigdecode=ecdsa.util.sigdecode_der)
+
+def check_sth_signature(baseurl, sth):
+ signature = base64.decodestring(sth["tree_head_signature"])
+
+ version = struct.pack(">b", 0)
+ signature_type = struct.pack(">b", 1)
+ timestamp = struct.pack(">Q", sth["timestamp"])
+ tree_size = struct.pack(">Q", sth["tree_size"])
+ hash = base64.decodestring(sth["sha256_root_hash"])
+ tree_head = version + signature_type + timestamp + tree_size + hash
+
+ check_signature(baseurl, signature, tree_head)
+
+def check_sct_signature(baseurl, leafcert, sct):
publickey = base64.decodestring(publickeys[baseurl])
calculated_logid = hashlib.sha256(publickey).digest()
received_logid = base64.decodestring(sct["id"])
@@ -150,16 +182,7 @@ def check_signature(baseurl, leafcert, sct):
entry_type + tls_array(leafcert, 3) + \
tls_array(base64.decodestring(sct["extensions"]), 2)
- (hash_alg, signature_alg, unpacked_signature) = decode_signature(signature)
- assert hash_alg == 4 # sha256
- assert signature_alg == 3 # ecdsa
-
- hash = hashlib.sha256()
- hash.update(signed_struct)
-
- vk = ecdsa.VerifyingKey.from_der(publickey)
- vk.verify(unpacked_signature, signed_struct, hashfunc=hashlib.sha256,
- sigdecode=ecdsa.util.sigdecode_der)
+ check_signature(baseurl, signature, signed_struct)
def pack_mtl(timestamp, leafcert):
entry_type = struct.pack(">H", 0)