diff options
author | Magnus Ahltorp <map@kth.se> | 2015-03-04 17:12:30 +0100 |
---|---|---|
committer | Magnus Ahltorp <map@kth.se> | 2015-03-04 17:12:30 +0100 |
commit | 15249d58b7a23bf323aa9b4865e1265e50917dd2 (patch) | |
tree | 9cd2859af1346901ff80f595a28c97ba91f3b360 /src/plop.erl | |
parent | 9eaa1ef1b558043b809fd7c7f869128c186ec0e9 (diff) |
Save STH instead of calculating a new one each time.
Verify incoming STH.
Diffstat (limited to 'src/plop.erl')
-rw-r--r-- | src/plop.erl | 59 |
1 files changed, 18 insertions, 41 deletions
diff --git a/src/plop.erl b/src/plop.erl index 5eb0c1f..ebadcc5 100644 --- a/src/plop.erl +++ b/src/plop.erl @@ -27,7 +27,7 @@ -export([start_link/0, stop/0]). -export([get_logid/0, serialise/1]). -export([add/3, sth/0, get/1, get/2, spt/1, consistency/2, inclusion/2, inclusion_and_entry/2]). --export([generate_timestamp/0]). +-export([generate_timestamp/0, save_sth/1, verify_sth/4]). %% API for tests. -export([testing_get_pubkey/0]). %% gen_server callbacks. @@ -115,8 +115,14 @@ add(LogEntry, TreeLeafHash, EntryHash) -> end) end. +save_sth(STH) -> + {ok, STHFile} = application:get_env(plop, sth_path), + lager:debug("writing new sth to ~p: ~p", [STHFile, STH]), + atomic:replacefile(STHFile, mochijson2:encode(STH)). + sth() -> - sth([]). + {ok, STHFile} = application:get_env(plop, sth_path), + mochijson2:decode(atomic:readfile(STHFile)). -spec get(non_neg_integer(), non_neg_integer()) -> [{non_neg_integer(), binary(), binary()}]. @@ -198,7 +204,7 @@ send_http_request(TreeLeafHash, URL, Headers, RequestBody) -> RequestId = make_ref(), spawn(fun () -> case plop_httputil:request("leafhash " ++ mochihex:to_hex(TreeLeafHash), URL, Headers, RequestBody) of - {failure, StatusLine, RespHeaders, Body} -> + {failure, _StatusLine, _RespHeaders, _Body} -> lager:debug("auth check failed"), drop; {success, StatusLine, RespHeaders, Body} -> @@ -293,32 +299,15 @@ handle_call(stop, _From, Plop) -> {stop, normal, stopped, Plop}. -%% @doc Signed Plop Timestamp, conformant to an SCT in RFC6962 3.2 and -%% RFC5246 4.7. - -%% @doc Signed Tree Head as specified in RFC6962 section 3.2. --spec sth(sth_signed() | list()) -> sth(). -sth([]) -> - sth(#sth_signed{timestamp = now}); -sth(#sth_signed{version = Version, timestamp = Timestamp_in}) -> - Timestamp = timestamp(Timestamp_in), - Treesize = ht:size(), - Roothash = ht:root(), - BinToSign = serialise(#sth_signed{ - version = Version, - signature_type = tree_hash, - timestamp = Timestamp, - tree_size = Treesize, - root_hash = Roothash}), - Signature = #signature{ - algorithm = #sig_and_hash_alg{ - hash_alg = sha256, - signature_alg = ecdsa}, - signature = sign:sign_sth(BinToSign)}, - STH = {Treesize, Timestamp, Roothash, Signature}, - %%io:format("STH: ~p~nBinToSign: ~p~nSignature: ~p~nTimestamp: ~p~n", - %% [STH, BinToSign, Signature, Timestamp]), - STH. +verify_sth(Treesize, Timestamp, Roothash, PackedSignature) -> + STH = serialise(#sth_signed{ + version = ?PLOPVERSION, + signature_type = tree_hash, + timestamp = Timestamp, + tree_size = Treesize, + root_hash = Roothash}), + <<HashAlg:8, SignatureAlg:8, SigLen:16, Signature/binary>> = PackedSignature, + sign:verify_sth(STH, Signature). @@ -349,18 +338,6 @@ signature_alg_type(rsa) -> 1; signature_alg_type(dsa) -> 2; signature_alg_type(ecdsa) -> 3. -%% TODO: Remove. --spec timestamp(now | integer()) -> integer(). -timestamp(Timestamp) -> - case Timestamp of - now -> - {NowMegaSec, NowSec, NowMicroSec} = now(), - trunc(NowMegaSec * 1.0e9 - + NowSec * 1.0e3 - + NowMicroSec / 1.0e3); - _ -> Timestamp - end. - -spec generate_timestamp() -> integer(). generate_timestamp() -> {NowMegaSec, NowSec, NowMicroSec} = now(), |