From 91e5b7f4b85cdbc399ccaa1bb1d813e0d829f3d5 Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Mon, 27 Oct 2014 14:37:01 +0100 Subject: submitcert.py: submit multiple cert chains --- tools/certtools.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'tools/certtools.py') diff --git a/tools/certtools.py b/tools/certtools.py index 8d64ee4..7b901cf 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -10,6 +10,7 @@ import struct import sys import hashlib import ecdsa +import datetime publickeys = { "https://ct.googleapis.com/pilot/": @@ -204,3 +205,16 @@ def get_leaf_hash(merkle_tree_leaf): leaf_hash.update(merkle_tree_leaf) return leaf_hash.digest() + +def timing_point(timer_dict=None, name=None): + t = datetime.datetime.now() + if timer_dict: + starttime = timer_dict["lasttime"] + stoptime = t + deltatime = stoptime - starttime + timer_dict["deltatimes"].append((name, deltatime.seconds * 1000000 + deltatime.microseconds)) + timer_dict["lasttime"] = t + return None + else: + timer_dict = {"deltatimes":[], "lasttime":t} + return timer_dict -- cgit v1.1 From 44f48b0f96aba0009bd43036eea443f07cec71b9 Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Mon, 27 Oct 2014 14:37:48 +0100 Subject: Added fetchallcerts.py --- tools/certtools.py | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'tools/certtools.py') diff --git a/tools/certtools.py b/tools/certtools.py index 7b901cf..16c2105 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -199,6 +199,14 @@ def pack_mtl(timestamp, leafcert): merkle_tree_leaf = version + leaf_type + timestamped_entry return merkle_tree_leaf +def unpack_mtl(merkle_tree_leaf): + version = merkle_tree_leaf[0:1] + leaf_type = merkle_tree_leaf[1:2] + timestamped_entry = merkle_tree_leaf[2:] + (timestamp, entry_type) = struct.unpack(">QH", timestamped_entry[0:10]) + (leafcert, rest_entry) = unpack_tls_array(timestamped_entry[10:], 3) + return (leafcert, timestamp) + def get_leaf_hash(merkle_tree_leaf): leaf_hash = hashlib.sha256() leaf_hash.update(struct.pack(">b", 0)) -- cgit v1.1 From b9c709204da83be2f315664f9f263c6890b1bc8d Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Mon, 27 Oct 2014 16:13:41 +0100 Subject: fetchallcerts.py: calculate root hash --- tools/certtools.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'tools/certtools.py') diff --git a/tools/certtools.py b/tools/certtools.py index 16c2105..b132caa 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -226,3 +226,27 @@ def timing_point(timer_dict=None, name=None): else: timer_dict = {"deltatimes":[], "lasttime":t} return timer_dict + +def internal_hash(pair): + if len(pair) == 1: + return pair[0] + else: + hash = hashlib.sha256() + hash.update(struct.pack(">b", 1)) + hash.update(pair[0]) + hash.update(pair[1]) + return hash.digest() + +def chunks(l, n): + return [l[i:i+n] for i in range(0, len(l), n)] + +def next_merkle_layer(layer): + return [internal_hash(pair) for pair in chunks(layer, 2)] + +def build_merkle_tree(layer0): + layers = [] + current_layer = layer0 + while len(current_layer) > 1: + current_layer = next_merkle_layer(current_layer) + layers.append(current_layer) + return layers -- cgit v1.1 From 89b8a59da38daf465a934f039cc7cf3efaf1468e Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Mon, 27 Oct 2014 16:56:03 +0100 Subject: merge.py: send whole sth in sendsth call --- tools/certtools.py | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'tools/certtools.py') diff --git a/tools/certtools.py b/tools/certtools.py index b132caa..0ce8885 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -143,6 +143,11 @@ def decode_signature(signature): assert rest == "" return (hash_alg, signature_alg, unpacked_signature) +def encode_signature(hash_alg, signature_alg, unpacked_signature): + signature = struct.pack(">bb", hash_alg, signature_alg) + signature += tls_array(unpacked_signature, 2) + return signature + def check_signature(baseurl, signature, data): publickey = base64.decodestring(publickeys[baseurl]) (hash_alg, signature_alg, unpacked_signature) = decode_signature(signature) @@ -155,6 +160,12 @@ def check_signature(baseurl, signature, data): vk.verify(unpacked_signature, data, hashfunc=hashlib.sha256, sigdecode=ecdsa.util.sigdecode_der) +def create_signature(privatekey, data): + sk = ecdsa.SigningKey.from_der(privatekey) + unpacked_signature = sk.sign(data, hashfunc=hashlib.sha256, + sigencode=ecdsa.util.sigencode_der) + return encode_signature(4, 3, unpacked_signature) + def check_sth_signature(baseurl, sth): signature = base64.decodestring(sth["tree_head_signature"]) @@ -167,6 +178,15 @@ def check_sth_signature(baseurl, sth): check_signature(baseurl, signature, tree_head) +def create_sth_signature(tree_size, timestamp, root_hash, privatekey): + version = struct.pack(">b", 0) + signature_type = struct.pack(">b", 1) + timestamp_packed = struct.pack(">Q", timestamp) + tree_size_packed = struct.pack(">Q", tree_size) + tree_head = version + signature_type + timestamp_packed + tree_size_packed + root_hash + + return create_signature(privatekey, tree_head) + def check_sct_signature(baseurl, leafcert, sct): publickey = base64.decodestring(publickeys[baseurl]) calculated_logid = hashlib.sha256(publickey).digest() -- cgit v1.1 From 8de65ab10cbdf6ea5509f321f025686e6ab0ecaf Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Tue, 28 Oct 2014 16:03:11 +0100 Subject: certtools.py: fix bug in build_merkle_tree --- tools/certtools.py | 3 +++ 1 file changed, 3 insertions(+) (limited to 'tools/certtools.py') diff --git a/tools/certtools.py b/tools/certtools.py index 0ce8885..cbb4ff7 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -264,8 +264,11 @@ def next_merkle_layer(layer): return [internal_hash(pair) for pair in chunks(layer, 2)] def build_merkle_tree(layer0): + if len(layer0) == 0: + return [[hashlib.sha256().digest()]] layers = [] current_layer = layer0 + layers.append(current_layer) while len(current_layer) > 1: current_layer = next_merkle_layer(current_layer) layers.append(current_layer) -- cgit v1.1