From cc75064317725f5b4d58b8b364dbf0c9c431ec3e Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Sat, 2 Oct 2021 20:23:51 +0200 Subject: added domain_hint enforcement --- cmd/tmp/submit/main.go | 59 ++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 50 insertions(+), 9 deletions(-) (limited to 'cmd/tmp/submit') diff --git a/cmd/tmp/submit/main.go b/cmd/tmp/submit/main.go index d6620f6..2b8050c 100644 --- a/cmd/tmp/submit/main.go +++ b/cmd/tmp/submit/main.go @@ -5,25 +5,66 @@ package main import ( "crypto/ed25519" "crypto/rand" + "encoding/hex" + "flag" "fmt" + "log" "git.sigsum.org/sigsum-log-go/pkg/types" ) +var ( + shardHint = flag.Uint64("shard_hint", 0, "shard hint (decimal)") + checksum = flag.String("checksum", "", "checksum (hex)") + sk = flag.String("sk", "", "secret key (hex)") + domainHint = flag.String("domain_hint", "example.com", "domain hint (string)") + base_url = flag.String("base_url", "localhost:6965", "base url (string)") +) + func main() { - checksum := [32]byte{} + flag.Parse() + + var privBuf [64]byte + var priv ed25519.PrivateKey = ed25519.PrivateKey(privBuf[:]) + mustDecodeHex(*sk, priv[:]) + + var c [types.HashSize]byte + if *checksum != "" { + mustDecodeHex(*checksum, c[:]) + } else { + mustPutRandom(c[:]) + } + msg := types.Message{ - ShardHint: 0, - Checksum: &checksum, + ShardHint: *shardHint, + Checksum: &c, } + sig := ed25519.Sign(priv, msg.Marshal()) - vk, sk, err := ed25519.GenerateKey(rand.Reader) + fmt.Printf("echo \"shard_hint=%d\nchecksum=%x\nsignature=%x\nverification_key=%x\ndomain_hint=%s\" | curl --data-binary @- %s/sigsum/v0/add-leaf\n", + msg.ShardHint, + msg.Checksum[:], + sig, + priv.Public().(ed25519.PublicKey)[:], + *domainHint, + *base_url, + ) +} + +func mustDecodeHex(s string, buf []byte) { + b, err := hex.DecodeString(s) if err != nil { - fmt.Printf("ed25519.GenerateKey: %v\n", err) - return + log.Fatal(err) + } + if len(b) != len(buf) { + log.Fatal("bad flag: invalid buffer length") } - sig := ed25519.Sign(sk, msg.Marshal()) - //fmt.Printf("sk: %x\nvk: %x\n", sk[:], vk[:]) + copy(buf, b) +} - fmt.Printf("echo \"shard_hint=%d\nchecksum=%x\nsignature=%x\nverification_key=%x\ndomain_hint=%s\" | curl --data-binary @- localhost:6965/sigsum/v0/add-leaf\n", msg.ShardHint, msg.Checksum[:], sig, vk[:], "example.com") +func mustPutRandom(buf []byte) { + _, err := rand.Read(buf) + if err != nil { + log.Fatal(err) + } } -- cgit v1.2.3