summaryrefslogtreecommitdiff
path: root/siglog-witness.py
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2021-09-14 17:49:00 +0200
committerLinus Nordberg <linus@nordberg.se>2021-09-14 17:57:03 +0200
commit38a4de9a35313065fd0d46213dba13f6482ad592 (patch)
tree624ecf1b86da0d89f267d8a70dab1701a2be8338 /siglog-witness.py
parent73aa0ea861ea86def159db81b024b13b423afbca (diff)
follow more API changes in v0.2.0
Signed Tree Heads binary format now contains a hash of the log pubkey. v0/add-cosignature takes cosignatures in 'cosignature='.
Diffstat (limited to 'siglog-witness.py')
-rwxr-xr-xsiglog-witness.py17
1 files changed, 9 insertions, 8 deletions
diff --git a/siglog-witness.py b/siglog-witness.py
index 06e9330..c6c5898 100755
--- a/siglog-witness.py
+++ b/siglog-witness.py
@@ -136,10 +136,11 @@ class TreeHead:
text += 'signature={}\n'.format(self._text['signature'])
return text.encode('ascii')
- def serialise(self):
+ def serialise(self, pubkey):
data = struct.pack('!QQ', self.timestamp, self.tree_size)
data += unhexlify(self._text['root_hash'])
- assert(len(data) == 48)
+ data += sha256(pubkey.encode()).digest()
+ assert(len(data) == 8 + 8 + 32 + 32)
return data
def signature_valid(self, pubkey):
@@ -148,7 +149,7 @@ class TreeHead:
assert(type(self._text['signature']) is str)
sig = unhexlify(self._text['signature'])
assert(len(sig) == 64)
- data = self.serialise()
+ data = self.serialise(pubkey)
try:
verified_data = pubkey.verify(sig + data)
except nacl.exceptions.BadSignatureError:
@@ -341,11 +342,11 @@ def consistency_proof_valid(first, second, proof):
return sn == 0 and fr == first.root_hash and sr == second.root_hash
-def sign_send_store_tree_head(signing_key, tree_head):
+def sign_send_store_tree_head(signing_key, log_key, tree_head):
+ signature = signing_key.sign(tree_head.serialise(log_key)).signature
hash = sha256(signing_key.verify_key.encode())
- signature = signing_key.sign(tree_head.serialise()).signature
- post_data = 'signature={}\n'.format(hexlify(signature).decode('ascii'))
+ post_data = 'cosignature={}\n'.format(hexlify(signature).decode('ascii'))
post_data += 'key_hash={}\n'.format(hash.hexdigest())
req = requests.post(g_args.base_url + 'sigsum/v0/add-cosignature', post_data)
@@ -467,7 +468,7 @@ def main(args):
new_tree_head.tree_size))
if user_confirm("Really sign head for tree of size {} and upload "
"the signature?".format(new_tree_head.tree_size)):
- err3 = sign_send_store_tree_head(signing_key, new_tree_head)
+ err3 = sign_send_store_tree_head(signing_key, log_verification_key, new_tree_head)
if err3: return err3
return 0, None
@@ -488,7 +489,7 @@ def main(args):
if not cur_tree_head.signature_valid(log_verification_key):
return ERR_TREEHEAD_SIGNATURE_INVALID, "ERROR: signature of current tree head invalid"
- err = sign_send_store_tree_head(signing_key, new_tree_head)
+ err = sign_send_store_tree_head(signing_key, log_verification_key, new_tree_head)
if err: return err
return 0, None