diff options
| author | Magnus Ahltorp <map@kth.se> | 2015-03-18 14:27:18 +0100 |
|---|---|---|
| committer | Magnus Ahltorp <map@kth.se> | 2015-03-23 16:14:47 +0100 |
| commit | 0a76e4d080a8349456d04434dcb2d4b381eb8ec4 (patch) | |
| tree | 118a189f7901b0833f3b363a40fe66ba3da48bad /tools/certtools.py | |
| parent | 15d5d6fd5cffdea185d18fbd4feb62afa23b9d12 (diff) | |
Added precert handling for SCT calculation
Diffstat (limited to 'tools/certtools.py')
| -rw-r--r-- | tools/certtools.py | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/tools/certtools.py b/tools/certtools.py index 1436863..cc423af 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -257,7 +257,7 @@ def create_sth_signature(tree_size, timestamp, root_hash, baseurl, key=None): return create_signature(baseurl, tree_head, key=key) -def check_sct_signature(baseurl, leafcert, sct): +def check_sct_signature(baseurl, signed_entry, sct, precert=False): publickey = base64.decodestring(publickeys[baseurl]) calculated_logid = hashlib.sha256(publickey).digest() received_logid = base64.decodestring(sct["id"]) @@ -271,9 +271,12 @@ def check_sct_signature(baseurl, leafcert, sct): version = struct.pack(">b", sct["sct_version"]) signature_type = struct.pack(">b", 0) timestamp = struct.pack(">Q", sct["timestamp"]) - entry_type = struct.pack(">H", 0) + if precert: + entry_type = struct.pack(">H", 1) + else: + entry_type = struct.pack(">H", 0) signed_struct = version + signature_type + timestamp + \ - entry_type + tls_array(leafcert, 3) + \ + entry_type + signed_entry + \ tls_array(base64.decodestring(sct["extensions"]), 2) check_signature(baseurl, signature, signed_struct) @@ -292,15 +295,22 @@ def pack_mtl(timestamp, leafcert): def pack_mtl_precert(timestamp, cleanedcert, issuer_key_hash): entry_type = struct.pack(">H", 1) extensions = "" - assert len(issuer_key_hash) == 32 timestamped_entry = struct.pack(">Q", timestamp) + entry_type + \ - issuer_key_hash + tls_array(cleanedcert, 3) + tls_array(extensions, 2) + pack_precert(cleanedcert, issuer_key_hash) + tls_array(extensions, 2) version = struct.pack(">b", 0) leaf_type = struct.pack(">b", 0) merkle_tree_leaf = version + leaf_type + timestamped_entry return merkle_tree_leaf +def pack_precert(cleanedcert, issuer_key_hash): + assert len(issuer_key_hash) == 32 + + return issuer_key_hash + tls_array(cleanedcert, 3) + +def pack_cert(cert): + return tls_array(cert, 3) + def unpack_mtl(merkle_tree_leaf): version = merkle_tree_leaf[0:1] leaf_type = merkle_tree_leaf[1:2] |