diff options
| author | Magnus Ahltorp <map@kth.se> | 2015-02-19 16:23:25 +0100 |
|---|---|---|
| committer | Magnus Ahltorp <map@kth.se> | 2015-02-19 16:23:25 +0100 |
| commit | 16d405f4d696c3d01785b644678261acb0e9ad3a (patch) | |
| tree | 68a427e953c270766b2c4a510d81b7f13abe4222 /tools/fetchallcerts.py | |
| parent | 6e5730c8d7eecec7314c15419aff1112960398bb (diff) | |
Added verification of consistency proofs
Diffstat (limited to 'tools/fetchallcerts.py')
| -rwxr-xr-x | tools/fetchallcerts.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/tools/fetchallcerts.py b/tools/fetchallcerts.py index 866bb43..39ffd64 100755 --- a/tools/fetchallcerts.py +++ b/tools/fetchallcerts.py @@ -168,6 +168,12 @@ else: print "calculated root hash", base64.b16encode(calculated_root_hash) +if oldsth and oldsth["tree_size"] > 0 and oldsth["tree_size"] != tree_size: + consistency_proof = [base64.decodestring(entry) for entry in get_consistency_proof(args.baseurl, oldsth["tree_size"], tree_size)] + (old_treehead, new_treehead) = verify_consistency_proof(consistency_proof, oldsth["tree_size"], tree_size) + assert old_treehead == base64.b64decode(oldsth["sha256_root_hash"]) + assert new_treehead == base64.b64decode(sth["sha256_root_hash"]) + if calculated_root_hash != root_hash: print "fetched root hash and calculated root hash different" sys.exit(1) |