From 832dba2e1cd4e6e6ff9e8ea7afa98eebb44595e5 Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Wed, 28 Jan 2015 13:42:06 +0100 Subject: Move hardcoded merge parameters to command line --- tools/testcase1.py | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'tools/testcase1.py') diff --git a/tools/testcase1.py b/tools/testcase1.py index 639cd69..415d475 100755 --- a/tools/testcase1.py +++ b/tools/testcase1.py @@ -120,16 +120,19 @@ def get_and_check_entry(timestamp, chain, leaf_index): len(submittedcertchain), len(submittedcertchain)) +def merge(): + return subprocess.call(["./merge.py", "--baseurl", "https://127.0.0.1:8080/", "--frontend", "https://127.0.0.1:8082/", "--storage", "https://127.0.0.1:8081/", "--mergedb", "../rel/mergedb", "--keyfile", "../rel/test/eckey.pem"]) + print_and_check_tree_size(0) -mergeresult = subprocess.call(["./merge.py"]) +mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True) testgroup("cert1") result1 = do_add_chain(cc1) -mergeresult = subprocess.call(["./merge.py"]) +mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True) print_and_check_tree_size(1) @@ -138,7 +141,7 @@ result2 = do_add_chain(cc1) assert_equal(result2["timestamp"], result1["timestamp"], "timestamp") -mergeresult = subprocess.call(["./merge.py"]) +mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True) print_and_check_tree_size(1) @@ -152,7 +155,7 @@ testgroup("cert2") result3 = do_add_chain(cc2) -mergeresult = subprocess.call(["./merge.py"]) +mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True) print_and_check_tree_size(2) @@ -164,7 +167,7 @@ testgroup("cert3") result4 = do_add_chain(cc3) -mergeresult = subprocess.call(["./merge.py"]) +mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True) print_and_check_tree_size(3) @@ -177,7 +180,7 @@ testgroup("cert4") result5 = do_add_chain(cc4) -mergeresult = subprocess.call(["./merge.py"]) +mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True) print_and_check_tree_size(4) @@ -191,7 +194,7 @@ testgroup("cert5") result6 = do_add_chain(cc5) -mergeresult = subprocess.call(["./merge.py"]) +mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True) print_and_check_tree_size(5) -- cgit v1.1 From 81a35a696d813ac5803afe602e549b56a9dfd9c4 Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Fri, 20 Feb 2015 01:58:17 +0100 Subject: testcase1: Actually verify inclusion proof --- tools/testcase1.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'tools/testcase1.py') diff --git a/tools/testcase1.py b/tools/testcase1.py index 415d475..ce322f1 100755 --- a/tools/testcase1.py +++ b/tools/testcase1.py @@ -84,8 +84,15 @@ def get_and_validate_proof(timestamp, chain, leaf_index, nentries): leaf_hash = get_leaf_hash(merkle_tree_leaf) sth = get_sth(baseurl) proof = get_proof_by_hash(baseurl, leaf_hash, sth["tree_size"]) - assert_equal(proof["leaf_index"], leaf_index, "leaf_index") - assert_equal(len(proof["audit_path"]), nentries, "audit_path length") + leaf_index = proof["leaf_index"] + inclusion_proof = [base64.b64decode(e) for e in proof["audit_path"]] + assert_equal(leaf_index, leaf_index, "leaf_index") + assert_equal(len(inclusion_proof), nentries, "audit_path length") + + calc_root_hash = verify_inclusion_proof(inclusion_proof, leaf_index, sth["tree_size"], leaf_hash) + root_hash = base64.b64decode(sth["sha256_root_hash"]) + + assert_equal(root_hash, calc_root_hash, "verified root hash", nodata=True) get_and_check_entry(timestamp, chain, leaf_index) def get_and_check_entry(timestamp, chain, leaf_index): -- cgit v1.1 From bdfa89bcf0b8f65554baabda52b107a2ab36690a Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Mon, 23 Feb 2015 12:01:20 +0100 Subject: Add consistency proof checking to testcase1 Fix consistency proof checking when first size is power of 2 --- tools/testcase1.py | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) (limited to 'tools/testcase1.py') diff --git a/tools/testcase1.py b/tools/testcase1.py index ce322f1..a41a783 100755 --- a/tools/testcase1.py +++ b/tools/testcase1.py @@ -95,6 +95,15 @@ def get_and_validate_proof(timestamp, chain, leaf_index, nentries): assert_equal(root_hash, calc_root_hash, "verified root hash", nodata=True) get_and_check_entry(timestamp, chain, leaf_index) +def get_and_validate_consistency_proof(sth1, sth2, size1, size2): + consistency_proof = [base64.decodestring(entry) for entry in get_consistency_proof(baseurl, size1, size2)] + (old_treehead, new_treehead) = verify_consistency_proof(consistency_proof, size1, size2, sth1) + #print repr(sth1), repr(old_treehead) + #print repr(sth2), repr(new_treehead) + assert_equal(old_treehead, sth1, "sth1", nodata=True) + assert_equal(new_treehead, sth2, "sth2", nodata=True) + + def get_and_check_entry(timestamp, chain, leaf_index): entries = get_entries(baseurl, leaf_index, leaf_index) assert_equal(len(entries), 1, "get_entries", quiet=True) @@ -118,7 +127,6 @@ def get_and_check_entry(timestamp, chain, leaf_index): print_success("fetched chain has an appended root cert") else: print_error("fetched chain has an extra entry") - failures += 1 elif len(certchain) == len(submittedcertchain): print_success("cert chains are the same length") else: @@ -142,7 +150,10 @@ result1 = do_add_chain(cc1) mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True) +size_sth = {} + print_and_check_tree_size(1) +size_sth[1] = base64.b64decode(get_sth(baseurl)["sha256_root_hash"]) result2 = do_add_chain(cc1) @@ -152,6 +163,9 @@ mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True) print_and_check_tree_size(1) +size1_v2_sth = base64.b64decode(get_sth(baseurl)["sha256_root_hash"]) + +assert_equal(size_sth[1], size1_v2_sth, "sth", nodata=True) # TODO: add invalid cert and check that it generates an error # and that treesize still is 1 @@ -166,6 +180,7 @@ mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True) print_and_check_tree_size(2) +size_sth[2] = base64.b64decode(get_sth(baseurl)["sha256_root_hash"]) get_and_validate_proof(result1["timestamp"], cc1, 0, 1) get_and_validate_proof(result3["timestamp"], cc2, 1, 1) @@ -178,6 +193,7 @@ mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True) print_and_check_tree_size(3) +size_sth[3] = base64.b64decode(get_sth(baseurl)["sha256_root_hash"]) get_and_validate_proof(result1["timestamp"], cc1, 0, 2) get_and_validate_proof(result3["timestamp"], cc2, 1, 2) @@ -191,6 +207,7 @@ mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True) print_and_check_tree_size(4) +size_sth[4] = base64.b64decode(get_sth(baseurl)["sha256_root_hash"]) get_and_validate_proof(result1["timestamp"], cc1, 0, 2) get_and_validate_proof(result3["timestamp"], cc2, 1, 2) @@ -205,6 +222,7 @@ mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True) print_and_check_tree_size(5) +size_sth[5] = base64.b64decode(get_sth(baseurl)["sha256_root_hash"]) get_and_validate_proof(result1["timestamp"], cc1, 0, 3) get_and_validate_proof(result3["timestamp"], cc2, 1, 3) @@ -212,6 +230,10 @@ get_and_validate_proof(result4["timestamp"], cc3, 2, 3) get_and_validate_proof(result5["timestamp"], cc4, 3, 3) get_and_validate_proof(result6["timestamp"], cc5, 4, 1) +for first_size in range(1, 5): + for second_size in range(first_size + 1, 6): + get_and_validate_consistency_proof(size_sth[first_size], size_sth[second_size], first_size, second_size) + print "-------" if failures: print failures, "failed tests" if failures != 1 else "failed test" -- cgit v1.1 From 90bd73177964246a0e1a5d6c5e4255dcc8ec700d Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Fri, 27 Feb 2015 13:53:32 +0100 Subject: Require authentication for merge calls --- tools/testcase1.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tools/testcase1.py') diff --git a/tools/testcase1.py b/tools/testcase1.py index a41a783..c87e8eb 100755 --- a/tools/testcase1.py +++ b/tools/testcase1.py @@ -136,7 +136,7 @@ def get_and_check_entry(timestamp, chain, leaf_index): len(submittedcertchain)) def merge(): - return subprocess.call(["./merge.py", "--baseurl", "https://127.0.0.1:8080/", "--frontend", "https://127.0.0.1:8082/", "--storage", "https://127.0.0.1:8081/", "--mergedb", "../rel/mergedb", "--keyfile", "../rel/test/eckey.pem"]) + return subprocess.call(["./merge.py", "--baseurl", "https://127.0.0.1:8080/", "--frontend", "https://127.0.0.1:8082/", "--storage", "https://127.0.0.1:8081/", "--mergedb", "../rel/mergedb", "--keyfile", "../rel/test/eckey.pem", "--own-keyname", "merge-1", "--own-keyfile", "../rel/privatekeys/merge-1-private.pem"]) print_and_check_tree_size(0) -- cgit v1.1 From ff18e0fdd57a6b485f427173fe7febee03345037 Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Tue, 3 Mar 2015 15:33:39 +0100 Subject: merge.py: use external signing --- tools/testcase1.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tools/testcase1.py') diff --git a/tools/testcase1.py b/tools/testcase1.py index c87e8eb..0c0f728 100755 --- a/tools/testcase1.py +++ b/tools/testcase1.py @@ -136,7 +136,7 @@ def get_and_check_entry(timestamp, chain, leaf_index): len(submittedcertchain)) def merge(): - return subprocess.call(["./merge.py", "--baseurl", "https://127.0.0.1:8080/", "--frontend", "https://127.0.0.1:8082/", "--storage", "https://127.0.0.1:8081/", "--mergedb", "../rel/mergedb", "--keyfile", "../rel/test/eckey.pem", "--own-keyname", "merge-1", "--own-keyfile", "../rel/privatekeys/merge-1-private.pem"]) + return subprocess.call(["./merge.py", "--baseurl", "https://127.0.0.1:8080/", "--frontend", "https://127.0.0.1:8082/", "--storage", "https://127.0.0.1:8081/", "--mergedb", "../rel/mergedb", "--signing", "https://127.0.0.1:8088/", "--own-keyname", "merge-1", "--own-keyfile", "../rel/privatekeys/merge-1-private.pem"]) print_and_check_tree_size(0) -- cgit v1.1 From e0f11a58033d52c70bc76b4b5611cb88485d4653 Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Wed, 4 Mar 2015 15:42:59 +0100 Subject: Save STH instead of calculating a new one each time. --- tools/testcase1.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'tools/testcase1.py') diff --git a/tools/testcase1.py b/tools/testcase1.py index 0c0f728..73613fb 100755 --- a/tools/testcase1.py +++ b/tools/testcase1.py @@ -138,11 +138,11 @@ def get_and_check_entry(timestamp, chain, leaf_index): def merge(): return subprocess.call(["./merge.py", "--baseurl", "https://127.0.0.1:8080/", "--frontend", "https://127.0.0.1:8082/", "--storage", "https://127.0.0.1:8081/", "--mergedb", "../rel/mergedb", "--signing", "https://127.0.0.1:8088/", "--own-keyname", "merge-1", "--own-keyfile", "../rel/privatekeys/merge-1-private.pem"]) -print_and_check_tree_size(0) - mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True) +print_and_check_tree_size(0) + testgroup("cert1") result1 = do_add_chain(cc1) @@ -230,6 +230,9 @@ get_and_validate_proof(result4["timestamp"], cc3, 2, 3) get_and_validate_proof(result5["timestamp"], cc4, 3, 3) get_and_validate_proof(result6["timestamp"], cc5, 4, 1) +mergeresult = merge() +assert_equal(mergeresult, 0, "merge", quiet=True) + for first_size in range(1, 5): for second_size in range(first_size + 1, 6): get_and_validate_consistency_proof(size_sth[first_size], size_sth[second_size], first_size, second_size) -- cgit v1.1