diff options
author | josef <josef@guest31.se-tug.nordu.net> | 2015-08-26 12:21:59 +0200 |
---|---|---|
committer | josef <josef@guest31.se-tug.nordu.net> | 2015-08-26 12:21:59 +0200 |
commit | 45ab48e10763c5e29a7e49c2abe1656798e0e774 (patch) | |
tree | 906ff6dc058efe7bd103d62a7803e9c4831515ec | |
parent | fe36969835c2f3be14e90a1ac7632fd4c638afaa (diff) |
verifying consistency proofs working
-rwxr-xr-x | tools/josef_experimental.py | 33 | ||||
-rwxr-xr-x | tools/josef_experimental_auditor.py | 33 |
2 files changed, 44 insertions, 22 deletions
diff --git a/tools/josef_experimental.py b/tools/josef_experimental.py index da3f31e..dc1dc7e 100755 --- a/tools/josef_experimental.py +++ b/tools/josef_experimental.py @@ -2,6 +2,7 @@ # -*- coding: utf-8 -*- import time +import base64 from certtools import get_sth, get_consistency_proof, check_sth_signature, get_public_key_from_file, verify_consistency_proof @@ -22,15 +23,14 @@ logkeys["https://ct.googleapis.com/pilot/"] = get_public_key_from_file("../../pi logkeys["https://log.certly.io/"] = get_public_key_from_file("../../certly-logkey.pem") logkeys["https://ct.izenpe.com/"] = get_public_key_from_file("../../izenpe-logkey.pem") logkeys["https://ct1.digicert-ct.com/log/"] = get_public_key_from_file("../../digicert-logkey.pem") -count = 0 old_sth = {} # Get initial sth +print time.strftime("%H:%M:%S", time.gmtime()) for base_url in base_urls: old_sth[base_url] = get_sth(base_url) - # print old_sth[base_url]["sha256_root_hash"] - print str(count) + ": Received STH from " + base_url + ", timestamp: " + str(old_sth[base_url]["timestamp"]) + ", size: " + str(old_sth[base_url]["tree_size"]) + print "Received STH from " + base_url + ", timestamp: " + str(old_sth[base_url]["timestamp"]) + ", size: " + str(old_sth[base_url]["tree_size"]) try: check_sth_signature(base_url, old_sth[base_url], logkeys[base_url]) @@ -39,24 +39,35 @@ for base_url in base_urls: while True: - time.sleep(60) - count += 1 + time.sleep(1*60-4) + print time.strftime("%H:%M:%S", time.gmtime()) for base_url in base_urls: new_sth = get_sth(base_url) - print str(count) + ": Received STH from " + base_url + ", timestamp: " + str(old_sth[base_url]["timestamp"]) + ", size: " + str(old_sth[base_url]["tree_size"]) + print "Received STH from " + base_url + ", timestamp: " + str(new_sth["timestamp"]) + ", size: " + str(new_sth["tree_size"]) try: check_sth_signature(base_url, new_sth, logkeys[base_url]) except: print "Could not verify signature!!" - if old_sth[base_url]["tree_size"] != new_sth["tree_size"]: + if old_sth[base_url]["tree_size"]!= new_sth["tree_size"]: print "Wohoo, new STH! Checking..." try: + # Hashes are base64 encoded from the server and needs to be decoded before checking proofs. consistency_proof = get_consistency_proof(base_url, old_sth[base_url]["tree_size"], new_sth["tree_size"] ) - # print consistency_proof - print verify_consistency_proof(consistency_proof, old_sth[base_url]["tree_size"], new_sth["tree_size"], old_sth[base_url]["sha256_root_hash"]) - except: - print consistency_proof + decoded_consistency_proof = [] + for item in consistency_proof: + decoded_consistency_proof.append(base64.b64decode(item)) + res = verify_consistency_proof(decoded_consistency_proof, old_sth[base_url]["tree_size"], new_sth["tree_size"], old_sth[base_url]["sha256_root_hash"]) + + if old_sth[base_url]["sha256_root_hash"] != str(base64.b64encode(res[0])): + print "Verification of old hash failed!!!" + print old_sth[base_url]["sha256_root_hash"], str(base64.b64encode(res[0])) + if new_sth["sha256_root_hash"] != str(base64.b64encode(res[1])): + print "Verification of new hash failed!!!" + print new_sth["sha256_root_hash"], str(base64.b64encode(res[1])) + + except Exception, err: + print Exception, err finally: old_sth[base_url] = new_sth diff --git a/tools/josef_experimental_auditor.py b/tools/josef_experimental_auditor.py index da3f31e..dc1dc7e 100755 --- a/tools/josef_experimental_auditor.py +++ b/tools/josef_experimental_auditor.py @@ -2,6 +2,7 @@ # -*- coding: utf-8 -*- import time +import base64 from certtools import get_sth, get_consistency_proof, check_sth_signature, get_public_key_from_file, verify_consistency_proof @@ -22,15 +23,14 @@ logkeys["https://ct.googleapis.com/pilot/"] = get_public_key_from_file("../../pi logkeys["https://log.certly.io/"] = get_public_key_from_file("../../certly-logkey.pem") logkeys["https://ct.izenpe.com/"] = get_public_key_from_file("../../izenpe-logkey.pem") logkeys["https://ct1.digicert-ct.com/log/"] = get_public_key_from_file("../../digicert-logkey.pem") -count = 0 old_sth = {} # Get initial sth +print time.strftime("%H:%M:%S", time.gmtime()) for base_url in base_urls: old_sth[base_url] = get_sth(base_url) - # print old_sth[base_url]["sha256_root_hash"] - print str(count) + ": Received STH from " + base_url + ", timestamp: " + str(old_sth[base_url]["timestamp"]) + ", size: " + str(old_sth[base_url]["tree_size"]) + print "Received STH from " + base_url + ", timestamp: " + str(old_sth[base_url]["timestamp"]) + ", size: " + str(old_sth[base_url]["tree_size"]) try: check_sth_signature(base_url, old_sth[base_url], logkeys[base_url]) @@ -39,24 +39,35 @@ for base_url in base_urls: while True: - time.sleep(60) - count += 1 + time.sleep(1*60-4) + print time.strftime("%H:%M:%S", time.gmtime()) for base_url in base_urls: new_sth = get_sth(base_url) - print str(count) + ": Received STH from " + base_url + ", timestamp: " + str(old_sth[base_url]["timestamp"]) + ", size: " + str(old_sth[base_url]["tree_size"]) + print "Received STH from " + base_url + ", timestamp: " + str(new_sth["timestamp"]) + ", size: " + str(new_sth["tree_size"]) try: check_sth_signature(base_url, new_sth, logkeys[base_url]) except: print "Could not verify signature!!" - if old_sth[base_url]["tree_size"] != new_sth["tree_size"]: + if old_sth[base_url]["tree_size"]!= new_sth["tree_size"]: print "Wohoo, new STH! Checking..." try: + # Hashes are base64 encoded from the server and needs to be decoded before checking proofs. consistency_proof = get_consistency_proof(base_url, old_sth[base_url]["tree_size"], new_sth["tree_size"] ) - # print consistency_proof - print verify_consistency_proof(consistency_proof, old_sth[base_url]["tree_size"], new_sth["tree_size"], old_sth[base_url]["sha256_root_hash"]) - except: - print consistency_proof + decoded_consistency_proof = [] + for item in consistency_proof: + decoded_consistency_proof.append(base64.b64decode(item)) + res = verify_consistency_proof(decoded_consistency_proof, old_sth[base_url]["tree_size"], new_sth["tree_size"], old_sth[base_url]["sha256_root_hash"]) + + if old_sth[base_url]["sha256_root_hash"] != str(base64.b64encode(res[0])): + print "Verification of old hash failed!!!" + print old_sth[base_url]["sha256_root_hash"], str(base64.b64encode(res[0])) + if new_sth["sha256_root_hash"] != str(base64.b64encode(res[1])): + print "Verification of new hash failed!!!" + print new_sth["sha256_root_hash"], str(base64.b64encode(res[1])) + + except Exception, err: + print Exception, err finally: old_sth[base_url] = new_sth |