summaryrefslogtreecommitdiff
path: root/tools/merge.py
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2015-04-06 03:14:58 +0200
committerMagnus Ahltorp <map@kth.se>2015-04-07 15:30:37 +0200
commit613e50c433a23aa1282453108859c8e590917729 (patch)
tree715e060044454e9a473a395b303682b37b1d6031 /tools/merge.py
parentf8a36b4a27a976d56448a884b36b4ac2534f09f6 (diff)
Verify that database entry actually contains the certificatemergeverify2
Diffstat (limited to 'tools/merge.py')
-rwxr-xr-xtools/merge.py34
1 files changed, 33 insertions, 1 deletions
diff --git a/tools/merge.py b/tools/merge.py
index 5ceb245..ce3bf0b 100755
--- a/tools/merge.py
+++ b/tools/merge.py
@@ -17,9 +17,10 @@ import urlparse
import os
import yaml
import select
+import struct
from certtools import build_merkle_tree, create_sth_signature, \
check_sth_signature, get_eckey_from_file, timing_point, http_request, \
- get_public_key_from_file
+ get_public_key_from_file, get_leaf_hash, decode_certificate_chain
parser = argparse.ArgumentParser(description="")
parser.add_argument('--config', help="System configuration", required=True)
@@ -207,6 +208,32 @@ for storagenode in storagenodes:
new_entries.update(new_entries_per_node[storagenode["name"]])
entries_to_fetch[storagenode["name"]] = []
+def unpack_entry(entry):
+ pieces = []
+ while len(entry):
+ (length,) = struct.unpack(">I", entry[0:4])
+ data = entry[4:4+length]
+ entry = entry[4+length:]
+ pieces.append(data)
+ return pieces
+
+import subprocess
+
+def verify_entry(verifycert, entry, hash):
+ unpacked = unpack_entry(entry)
+ mtl = unpacked[0]
+ assert hash == get_leaf_hash(mtl)
+ s = struct.pack(">I", len(entry)) + entry
+ verifycert.stdin.write(s)
+ result_length_packed = verifycert.stdout.read(4)
+ (result_length,) = struct.unpack(">I", result_length_packed)
+ result = verifycert.stdout.read(result_length)
+ assert len(result) == result_length
+ (error_code,) = struct.unpack("B", result[0:1])
+ if error_code != 0:
+ print >>sys.stderr, result[1:]
+ sys.exit(1)
+
timing_point(timing, "get new entries")
new_entries -= certsinlog
@@ -222,6 +249,8 @@ for hash in new_entries:
entries_to_fetch[storagenode["name"]].append(hash)
break
+verifycert = subprocess.Popen(["../verifycert.erl"],
+ stdin=subprocess.PIPE, stdout=subprocess.PIPE)
added_entries = 0
for storagenode in storagenodes:
@@ -230,6 +259,7 @@ for storagenode in storagenodes:
entries = get_entries(storagenode["name"], "https://%s/" % storagenode["address"], chunk)
for hash in chunk:
entry = entries[hash]
+ verify_entry(verifycert, entry, hash)
write_chain(hash, entry)
add_to_logorder(hash)
logorder.append(hash)
@@ -238,6 +268,8 @@ for storagenode in storagenodes:
timing_point(timing, "add entries")
print "added", added_entries, "entries"
+verifycert.communicate(struct.pack("I", 0))
+
tree = build_merkle_tree(logorder)
tree_size = len(logorder)
root_hash = tree[-1][0]