From 367aac5fa4073a925b24bd3bc8ac2105fea63cfe Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Fri, 25 Mar 2022 14:38:07 +0100
Subject: sign tree head using SSHSIG

---
 sigsum-witness.py | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/sigsum-witness.py b/sigsum-witness.py
index 2be3f3a..52005df 100755
--- a/sigsum-witness.py
+++ b/sigsum-witness.py
@@ -29,6 +29,7 @@ from hashlib import sha256
 import time
 from math import floor
 from pathlib import PurePath
+from tools.libsigntools import ssh_to_sign
 
 BASE_URL_DEFAULT = 'http://poc.sigsum.org:4780/'
 CONFIG_DIR_DEFAULT = os.path.expanduser('~/.config/sigsum-witness/')
@@ -140,12 +141,12 @@ class TreeHead:
         text += 'signature={}\n'.format(self._text['signature'])
         return text.encode('ascii')
 
-    def serialise(self, pubkey):
-        data = struct.pack('!QQ', self.timestamp, self.tree_size)
-        data += unhexlify(self._text['root_hash'])
-        data += sha256(pubkey.encode()).digest()
-        assert(len(data) == 8 + 8 + 32 + 32)
-        return data
+    def to_signed_data(self, pubkey):
+        namespace = 'tree_head:v0:{}@sigsum.org'.format(hexlify(sha256(pubkey.encode()).digest()).decode())
+        msg = struct.pack('!QQ', self.timestamp, self.tree_size)
+        msg += unhexlify(self._text['root_hash'])
+        assert(len(msg) == 8 + 8 + 32)
+        return ssh_to_sign(namespace, 'sha256', sha256(msg).digest())
 
     def signature_valid(self, pubkey):
         # Guard against tree head with >1 signature -- don't try to
@@ -153,7 +154,7 @@ class TreeHead:
         assert(type(self._text['signature']) is str)
         sig = unhexlify(self._text['signature'])
         assert(len(sig) == 64)
-        data = self.serialise(pubkey)
+        data = self.to_signed_data(pubkey)
         try:
             verified_data = pubkey.verify(sig + data)
         except nacl.exceptions.BadSignatureError:
@@ -348,7 +349,7 @@ def consistency_proof_valid(first, second, proof):
     return sn == 0 and fr == first.root_hash and sr == second.root_hash
 
 def sign_send_store_tree_head(signing_key, log_key, tree_head):
-    signature = signing_key.sign(tree_head.serialise(log_key)).signature
+    signature = signing_key.sign(tree_head.to_signed_data(log_key)).signature
     hash = sha256(signing_key.verify_key.encode())
 
     post_data = 'cosignature={}\n'.format(hexlify(signature).decode('ascii'))
-- 
cgit v1.2.3