aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2021-06-15 16:25:45 +0200
committerLinus Nordberg <linus@nordberg.se>2021-06-15 16:25:45 +0200
commit10dd352ab1ab6ef9cdc8b1494f0a8c0e9ca7d20d (patch)
treebfc14484e46859d73b68f78438d445186fcab662
parentd08859f2023fc23ab4e7616d159b5a7554c70074 (diff)
don't sign a tree head that's too old or too far in the future
-rwxr-xr-xsiglog-witness.py38
1 files changed, 26 insertions, 12 deletions
diff --git a/siglog-witness.py b/siglog-witness.py
index 4046cbd..b5f5e0a 100755
--- a/siglog-witness.py
+++ b/siglog-witness.py
@@ -22,6 +22,8 @@ from binascii import hexlify, unhexlify
import nacl.encoding
import nacl.signing
from hashlib import sha256
+import time
+from math import floor
# TODO maybe stop mixing dashes and underscores in directory names and filenames
@@ -31,18 +33,19 @@ SIGKEY_FILE_DEFAULT = CONFIG_DIR_DEFAULT + 'signing_key'
CONFIG_FILE = CONFIG_DIR_DEFAULT + 'siglog-witness.conf'
ERR_USAGE = 1
-ERR_TREEHEAD_SIGNATURE_INVALID = 2
-ERR_TREEHEAD_READ = 3
-ERR_TREEHEAD_FETCH = 4
-ERR_CONSISTENCYPROOF_FETCH = 5
-ERR_CONSISTENCYPROOF_INVALID = 6
-ERR_LOGKEY = 7
-ERR_LOGKEY_FORMAT = 8
-ERR_SIGKEYFILE = 9
-ERR_SIGKEYFILE_MISSING = 10
-ERR_SIGKEY_FORMAT = 11
-ERR_NYI = 12
-ERR_COSIG_POST = 13
+ERR_TREEHEAD_READ = 2
+ERR_TREEHEAD_FETCH = 3
+ERR_TREEHEAD_SIGNATURE_INVALID = 4
+ERR_TREEHEAD_INVALID = 5
+ERR_CONSISTENCYPROOF_FETCH = 6
+ERR_CONSISTENCYPROOF_INVALID = 7
+ERR_LOGKEY = 8
+ERR_LOGKEY_FORMAT = 9
+ERR_SIGKEYFILE = 10
+ERR_SIGKEYFILE_MISSING = 11
+ERR_SIGKEY_FORMAT = 12
+ERR_NYI = 13
+ERR_COSIG_POST = 14
class Parser:
def __init__(self):
@@ -368,6 +371,7 @@ def main(args):
# TODO write to config file
return ERR_NYI, "ERROR: --save-config is not yet implemented"
+ now = floor(time.time())
consistency_verified = False
ignore_consistency = False
@@ -411,6 +415,16 @@ def main(args):
if not cur_tree_head.signature_valid(log_verification_key):
return ERR_TREEHEAD_SIGNATURE_INVALID, "ERROR: signature of current tree head invalid"
+ ts_sec = new_tree_head.timestamp()
+ ts_asc = time.ctime(ts_sec)
+ if ts_sec < now - 12 * 3600:
+ return (ERR_TREEHEAD_INVALID,
+ "ERROR: timestamp too old: {} ({})".format(ts_sec, ts_asc))
+ if ts_sec > now + 12 * 3600:
+ return (ERR_TREEHEAD_INVALID,
+ "ERROR: timestamp too new: {} ({})".format(ts_sec, ts_asc))
+
+ # TODO: Needs more thought: size, hash, timestamp -- what may change and what may not?
if new_tree_head.tree_size() <= cur_tree_head.tree_size():
return 0, "INFO: Fetched head of tree of size {} already seen".format(cur_tree_head.tree_size())