summaryrefslogtreecommitdiff
path: root/tools/certtools.py
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2014-10-27 16:56:03 +0100
committerMagnus Ahltorp <map@kth.se>2014-10-27 16:56:03 +0100
commit89b8a59da38daf465a934f039cc7cf3efaf1468e (patch)
treea4e15387988d8912cc6a242f258b2bfeac811942 /tools/certtools.py
parentb9c709204da83be2f315664f9f263c6890b1bc8d (diff)
merge.py: send whole sth in sendsth call
Diffstat (limited to 'tools/certtools.py')
-rw-r--r--tools/certtools.py20
1 files changed, 20 insertions, 0 deletions
diff --git a/tools/certtools.py b/tools/certtools.py
index b132caa..0ce8885 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -143,6 +143,11 @@ def decode_signature(signature):
assert rest == ""
return (hash_alg, signature_alg, unpacked_signature)
+def encode_signature(hash_alg, signature_alg, unpacked_signature):
+ signature = struct.pack(">bb", hash_alg, signature_alg)
+ signature += tls_array(unpacked_signature, 2)
+ return signature
+
def check_signature(baseurl, signature, data):
publickey = base64.decodestring(publickeys[baseurl])
(hash_alg, signature_alg, unpacked_signature) = decode_signature(signature)
@@ -155,6 +160,12 @@ def check_signature(baseurl, signature, data):
vk.verify(unpacked_signature, data, hashfunc=hashlib.sha256,
sigdecode=ecdsa.util.sigdecode_der)
+def create_signature(privatekey, data):
+ sk = ecdsa.SigningKey.from_der(privatekey)
+ unpacked_signature = sk.sign(data, hashfunc=hashlib.sha256,
+ sigencode=ecdsa.util.sigencode_der)
+ return encode_signature(4, 3, unpacked_signature)
+
def check_sth_signature(baseurl, sth):
signature = base64.decodestring(sth["tree_head_signature"])
@@ -167,6 +178,15 @@ def check_sth_signature(baseurl, sth):
check_signature(baseurl, signature, tree_head)
+def create_sth_signature(tree_size, timestamp, root_hash, privatekey):
+ version = struct.pack(">b", 0)
+ signature_type = struct.pack(">b", 1)
+ timestamp_packed = struct.pack(">Q", timestamp)
+ tree_size_packed = struct.pack(">Q", tree_size)
+ tree_head = version + signature_type + timestamp_packed + tree_size_packed + root_hash
+
+ return create_signature(privatekey, tree_head)
+
def check_sct_signature(baseurl, leafcert, sct):
publickey = base64.decodestring(publickeys[baseurl])
calculated_logid = hashlib.sha256(publickey).digest()