1 files changed, 31 insertions, 12 deletions

diff --git a/tools/mergetools.py b/tools/mergetools.py
index 9f5feee..c3e9688 100644
--- a/tools/mergetools.py
+++ b/tools/mergetools.py
@@ -1,6 +1,7 @@
 # Copyright (c) 2015, NORDUnet A/S.
 # See LICENSE for licensing information.
 import base64
+import hashlib
 import sys
 import struct
 from certtools import get_leaf_hash
@@ -27,21 +28,39 @@ def read_chain(chainsdir, key):
     f.close()
     return value
 
-def unpack_entry(entry):
-    pieces = []
-    while len(entry):
-        (length,) = struct.unpack(">I", entry[0:4])
-        type = entry[4:8]
-        data = entry[8:length]
-        entry = entry[length:]
-        pieces.append(data)
-    return pieces
+def tlv_decode(data):
+    (length,) = struct.unpack(">I", data[0:4])
+    type = data[4:8]
+    value = data[8:length]
+    rest = data[length:]
+    return (type, value, rest)
+
+def tlv_decodelist(data):
+    l = []
+    while len(data):
+        (type, value, rest) = tlv_decode(data)
+        l.append((type, value))
+        data = rest
+    return l
+
+def unwrap_entry(entry):
+    ploplevel = tlv_decodelist(entry)
+    assert(len(ploplevel) == 2)
+    (ploptype, plopdata) = ploplevel[0]
+    (plopchecksumtype, plopchecksum) = ploplevel[1]
+    assert(ploptype == "PLOP")
+    assert(plopchecksumtype == "S256")
+    computedchecksum = hashlib.sha256(plopdata).digest()
+    assert(computedchecksum == plopchecksum)
+    return plopdata
 
 def verify_entry(verifycert, entry, hash):
-    unpacked = unpack_entry(entry)
-    mtl = unpacked[0]
+    packed = unwrap_entry(entry)
+    unpacked = tlv_decodelist(packed)
+    (mtltype, mtl) = unpacked[0]
     assert hash == get_leaf_hash(mtl)
-    s = struct.pack(">I", len(entry)) + entry
+    assert mtltype == "MTL1"
+    s = struct.pack(">I", len(packed)) + packed
     try:
         verifycert.stdin.write(s)
     except IOError, e: