From 38a4de9a35313065fd0d46213dba13f6482ad592 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Tue, 14 Sep 2021 17:49:00 +0200 Subject: follow more API changes in v0.2.0 Signed Tree Heads binary format now contains a hash of the log pubkey. v0/add-cosignature takes cosignatures in 'cosignature='. --- siglog-witness.py | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/siglog-witness.py b/siglog-witness.py index 06e9330..c6c5898 100755 --- a/siglog-witness.py +++ b/siglog-witness.py @@ -136,10 +136,11 @@ class TreeHead: text += 'signature={}\n'.format(self._text['signature']) return text.encode('ascii') - def serialise(self): + def serialise(self, pubkey): data = struct.pack('!QQ', self.timestamp, self.tree_size) data += unhexlify(self._text['root_hash']) - assert(len(data) == 48) + data += sha256(pubkey.encode()).digest() + assert(len(data) == 8 + 8 + 32 + 32) return data def signature_valid(self, pubkey): @@ -148,7 +149,7 @@ class TreeHead: assert(type(self._text['signature']) is str) sig = unhexlify(self._text['signature']) assert(len(sig) == 64) - data = self.serialise() + data = self.serialise(pubkey) try: verified_data = pubkey.verify(sig + data) except nacl.exceptions.BadSignatureError: @@ -341,11 +342,11 @@ def consistency_proof_valid(first, second, proof): return sn == 0 and fr == first.root_hash and sr == second.root_hash -def sign_send_store_tree_head(signing_key, tree_head): +def sign_send_store_tree_head(signing_key, log_key, tree_head): + signature = signing_key.sign(tree_head.serialise(log_key)).signature hash = sha256(signing_key.verify_key.encode()) - signature = signing_key.sign(tree_head.serialise()).signature - post_data = 'signature={}\n'.format(hexlify(signature).decode('ascii')) + post_data = 'cosignature={}\n'.format(hexlify(signature).decode('ascii')) post_data += 'key_hash={}\n'.format(hash.hexdigest()) req = requests.post(g_args.base_url + 'sigsum/v0/add-cosignature', post_data) @@ -467,7 +468,7 @@ def main(args): new_tree_head.tree_size)) if user_confirm("Really sign head for tree of size {} and upload " "the signature?".format(new_tree_head.tree_size)): - err3 = sign_send_store_tree_head(signing_key, new_tree_head) + err3 = sign_send_store_tree_head(signing_key, log_verification_key, new_tree_head) if err3: return err3 return 0, None @@ -488,7 +489,7 @@ def main(args): if not cur_tree_head.signature_valid(log_verification_key): return ERR_TREEHEAD_SIGNATURE_INVALID, "ERROR: signature of current tree head invalid" - err = sign_send_store_tree_head(signing_key, new_tree_head) + err = sign_send_store_tree_head(signing_key, log_verification_key, new_tree_head) if err: return err return 0, None -- cgit v1.2.3