From db0894020b459775e7051441ee343ecd1c270883 Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Mon, 12 May 2014 14:55:47 +0200
Subject: Encode signatures properly.

---
 include/plop.hrl | 21 +++++++++++++++++++--
 src/plop.erl     | 49 +++++++++++++++++++++++++++++++++++++++++++------
 2 files changed, 62 insertions(+), 8 deletions(-)

diff --git a/include/plop.hrl b/include/plop.hrl
index 0f687d0..354a0f2 100644
--- a/include/plop.hrl
+++ b/include/plop.hrl
@@ -20,7 +20,7 @@
           version :: pos_integer(),             % uint8
           logid :: binary(),                    % SHA-256 over DER encoded public log key
           timestamp :: integer(),               % uint64
-          signature :: binary()
+          signature :: signature()
          }).
 -type spt() :: #spt{}.
 
@@ -44,8 +44,25 @@
           treesize :: integer(),
           timestamp :: integer(),
           roothash :: binary(),
-          signature :: binary()
+          signature :: signature()
          }).
 -type sth() :: #sth{}.
 
+%% RFC 5246 7.4.1.4.1
+-type hash_alg_type() :: none | md5 | sha1 | sha224 | sha256 | sha384 |
+                         sha512. % uint8
+-type signature_alg_type() :: anonymous | rsa | dsa | ecdsa. % uint8
+-record(sig_and_hash_alg, {
+        hash_alg :: hash_alg_type(),
+        signature_alg :: signature_alg_type()
+       }).
+-type sig_and_hash_alg() :: #sig_and_hash_alg{}.
+
+%% RFC 5246 4.7
+-record(signature, {
+          algorithm :: sig_and_hash_alg(),
+          signature :: binary()
+         }).
+-type signature() :: #signature{}.
+
 -export_type([timestamped_entry/0, mtl/0, entry_type/0]).
diff --git a/src/plop.erl b/src/plop.erl
index 4b9d321..e1c1382 100644
--- a/src/plop.erl
+++ b/src/plop.erl
@@ -185,7 +185,11 @@ spt(LogID, PrivKey, #timestamped_entry{
                                     timestamp = Timestamp,
                                     entry_type = EntryType,
                                     signed_entry = EntryData})),
-    Signature = signhash(BinToSign, PrivKey),
+    Signature = #signature{
+                   algorithm = #sig_and_hash_alg{
+                                  hash_alg = sha256,
+                                  signature_alg = ecdsa},
+                   signature = signhash(BinToSign, PrivKey)},
     #spt{
        version = ?PLOPVERSION,
        logid = LogID,
@@ -193,6 +197,7 @@ spt(LogID, PrivKey, #timestamped_entry{
        signature = Signature}.
 
 %% @doc Signed Tree Head as specified in RFC6962 section 3.2.
+-spec sth(#'ECPrivateKey'{}, ht:head(), sth_signed() | list()) -> sth().
 sth(PrivKey, Tree, []) ->
     sth(PrivKey, Tree, #sth_signed{timestamp = now});
 sth(PrivKey, Tree, #sth_signed{version = Version, timestamp = Timestamp_in}) ->
@@ -206,7 +211,11 @@ sth(PrivKey, Tree, #sth_signed{version = Version, timestamp = Timestamp_in}) ->
                                     timestamp = Timestamp,
                                     tree_size = Treesize,
                                     root_hash = Roothash})),
-    Signature = signhash(BinToSign, PrivKey),
+    Signature = #signature{
+                   algorithm = #sig_and_hash_alg{
+                                  hash_alg = sha256,
+                                  signature_alg = ecdsa},
+                   signature = signhash(BinToSign, PrivKey)},
     STH = #sth{
              treesize = Treesize,
              timestamp = Timestamp,
@@ -295,6 +304,21 @@ entry_type(test) -> 2.
 leaf_type(timestamped_entry) -> 0;
 leaf_type(test) -> 1.    
 
+-spec hash_alg_type(hash_alg_type()) -> integer().
+hash_alg_type(none) -> 0;
+hash_alg_type(md5) -> 1;
+hash_alg_type(sha1) -> 2;
+hash_alg_type(sha224) -> 3;
+hash_alg_type(sha256) -> 4;
+hash_alg_type(sha384) -> 5;
+hash_alg_type(sha512) -> 6.
+
+-spec signature_alg_type(signature_alg_type()) -> integer().
+signature_alg_type(anonymous) -> 0;
+signature_alg_type(rsa) -> 1;
+signature_alg_type(dsa) -> 2;
+signature_alg_type(ecdsa) -> 3.
+
 -spec timestamp(now | integer()) -> integer().
 timestamp(Timestamp) ->
     case Timestamp of
@@ -307,7 +331,8 @@ timestamp(Timestamp) ->
     end.
 
 -spec serialise(plop_entry() | timestamped_entry() | mtl() |
-                spt() | spt_signed() | sth() | sth_signed()) -> iolist().
+                spt() | spt_signed() | sth() | sth_signed() |
+                sig_and_hash_alg() | signature()) -> iolist().
 serialise(#plop_entry{
              type = TypeAtom,
              data = Data
@@ -329,8 +354,8 @@ serialise(#spt{
             }) ->
     [<<Version:8,
        LogID/binary,
-       Timestamp:64,
-       Signature/binary>>];
+       Timestamp:64>>,
+     serialise(Signature)];
 serialise(#spt_signed{
              version = Version,
              signature_type = SigtypeAtom,
@@ -366,7 +391,19 @@ serialise(#sth_signed{                          % Signed Tree Head.
        Sigtype:8,
        Timestamp:64,
        Treesize:64,
-       Roothash/binary>>].
+       Roothash/binary>>];
+serialise(#sig_and_hash_alg{
+             hash_alg = HashAlgType,
+             signature_alg = SignatureAlgType
+            }) ->
+    HashAlg = hash_alg_type(HashAlgType),
+    SignatureAlg = signature_alg_type(SignatureAlgType),
+    [<<HashAlg:8, SignatureAlg:8>>];
+serialise(#signature{
+             algorithm = Algorithm,
+             signature = Signature
+             }) ->
+    [serialise(Algorithm), <<Signature/binary>>].
 
 %%%%%%%%%%%%%%%%%%%%
 %% Tests.
-- 
cgit v1.1