add hashleaf and sign commands

author: Rasmus Dahlberg <rasmus@mullvad.net> 2022-03-27 20:38:05 +0200
committer: Rasmus Dahlberg <rasmus@mullvad.net> 2022-04-13 15:11:08 +0200
commit: 76b67507b902cebe701bd2e2b59beb455f96c923 (patch)
tree: 32a1b2a722eef534cbb4c424f4c6225e4525b14f
parent: 30b9e5d5f5a29a3d83f9e16c9b606c903f750acc (diff)
4 files changed, 122 insertions, 3 deletions
diff --git a/cmd/sigsum-debug/hashleaf.go b/cmd/sigsum-debug/hashleaf.go
new file mode 100644
index 0000000..2b4910d
--- /dev/null
+++ b/cmd/sigsum-debug/hashleaf.go
@@ -0,0 +1,37 @@
+package main
+
+import (
+	"fmt"
+	"crypto/ed25519"
+
+	"git.sigsum.org/sigsum-lib-go/pkg/hex"
+	"git.sigsum.org/sigsum-lib-go/pkg/types"
+)
+
+func CmdHashLeaf(optPriv string, optShardHint uint64) error {
+	data, err := readStdin()
+	if err != nil {
+		return fmt.Errorf("sign: %v", err)
+	}
+	priv, err := privFromHex(optPriv)
+	if err != nil {
+		return fmt.Errorf("sign: %v", err)
+	}
+	stm := types.Statement{
+		ShardHint: optShardHint,
+		Checksum: *types.HashFn(data),
+	}
+	sig, err := stm.Sign(priv)
+	if err != nil {
+		fmt.Errorf("sign: %v", err)
+	}
+	leaf := types.Leaf{
+		Statement: stm,
+		Signature: *sig,
+		KeyHash: *types.HashFn(priv.Public().(ed25519.PublicKey)[:]),
+	}
+	lh := types.LeafHash(leaf.ToBinary())
+
+	fmt.Printf("%s\n", hex.Serialize(lh[:]))
+	return nil
+}
diff --git a/cmd/sigsum-debug/main.go b/cmd/sigsum-debug/main.go
index 1d9e769..8b49e0b 100644
--- a/cmd/sigsum-debug/main.go
+++ b/cmd/sigsum-debug/main.go
@@ -31,9 +31,27 @@ Usage:
 
     sigsum-debug hashkey
         Reads a public key from stdin and output its key hash.
+
+    sigsum-debug hashleaf -k PRIVATE_KEY [-s SHARD_HINT]
+        Reads data from STDIN and outputs a leaf hash.
+        -k, --private-key    Private key to sign with
+        -s, --shard-hint     Shard hint to use (Default: 0)
+
+    sigsum-debug sign -k PRIVATE_KEY [-s SHARD_HINT]
+        Reads data from STDIN and outputs a signature.
+        -k, --private-key    Private key to sign with
+        -s, --shard-hint     Shard hint to use (Default: 0)
+
+    sigsum-debug cosign -w WIT_PRIV -l LOG_PUB
+        Reads an ASCII signed tree head from STDIN and outputs a cosignature.
+        -w, --witness-priv   Witness private key to sign with
+        -l, --log-pub        Log public key to verify signed tree head
 `
 
 var (
+	optPriv, optPub string
+	optShardHint uint64
+
 	someVersion = "unknown"
 )
 
@@ -50,6 +68,12 @@ func main() {
 		err = CmdPubKey()
 	case "hashkey":
 		err = CmdHashKey()
+	case "hashleaf":
+		err = CmdHashLeaf(optPriv, optShardHint)
+	case "sign":
+		err = CmdSign(optPriv, optShardHint)
+	case "cosign":
+		err = fmt.Errorf("TODO")
 	default:
 		err = fmt.Errorf("invalid command %q, try %q", cmd.Name(), "sigsum help")
 	}
@@ -78,6 +102,15 @@ func parseCommand() *flag.FlagSet {
 func registerOptions(fs *flag.FlagSet) {
 	switch cmd := fs.Name(); cmd {
 	default:
+	case "hashleaf":
+		registerStringOption(fs, &optPriv, "k", "key", "")
+		registerUint64Option(fs, &optShardHint, "s", "shard-hint", 0)
+	case "sign":
+		registerStringOption(fs, &optPriv, "k", "key", "")
+		registerUint64Option(fs, &optShardHint, "s", "shard-hint", 0)
+	case "cosign":
+		registerStringOption(fs, &optPriv, "w", "--witness-priv", "")
+		registerStringOption(fs, &optPub, "l", "--log-pub", "")
 	}
 }
 
diff --git a/cmd/sigsum-debug/sign.go b/cmd/sigsum-debug/sign.go
new file mode 100644
index 0000000..130a649
--- /dev/null
+++ b/cmd/sigsum-debug/sign.go
@@ -0,0 +1,30 @@
+package main
+
+import (
+	"fmt"
+
+	"git.sigsum.org/sigsum-lib-go/pkg/hex"
+	"git.sigsum.org/sigsum-lib-go/pkg/types"
+)
+
+func CmdSign(optPriv string, optShardHint uint64) error {
+	data, err := readStdin()
+	if err != nil {
+		return fmt.Errorf("sign: %v", err)
+	}
+	priv, err := privFromHex(optPriv)
+	if err != nil {
+		return fmt.Errorf("sign: %v", err)
+	}
+	stm := types.Statement{
+		ShardHint: optShardHint,
+		Checksum: *types.HashFn(data),
+	}
+	sig, err := stm.Sign(priv)
+	if err != nil {
+		fmt.Errorf("sign: %v", err)
+	}
+
+	fmt.Printf("%s\n", hex.Serialize(sig[:]))
+	return nil
+}
diff --git a/cmd/sigsum-debug/util.go b/cmd/sigsum-debug/util.go
index d7ba6a8..8d2cd4e 100644
--- a/cmd/sigsum-debug/util.go
+++ b/cmd/sigsum-debug/util.go
@@ -1,24 +1,43 @@
 package main
 
 import (
+	"crypto"
 	"bytes"
 	"fmt"
 	"io/ioutil"
 	"os"
+	"crypto/ed25519"
 
 	"git.sigsum.org/sigsum-lib-go/pkg/hex"
 )
 
-func decodeHexFromStdin() ([]byte, error) {
+func readStdin() ([]byte, error) {
 	b, err := ioutil.ReadAll(os.Stdin)
 	if err != nil {
-		return nil, fmt.Errorf("failed reading stdin: %v", err)
+		return nil, fmt.Errorf("stdin: %v", err)
 	}
+	return b, nil
+}
 
+func decodeHexFromStdin() ([]byte, error) {
+	b, err := readStdin()
+	if err != nil {
+		return nil, fmt.Errorf("failed reading stdin: %v", err)
+	}
 	b, err = hex.Deserialize(string(bytes.TrimSpace(b)))
 	if err != nil {
 		return nil, fmt.Errorf("invalid private key: %v", err)
 	}
-
 	return b, nil
 }
+
+func privFromHex(s string) (crypto.Signer, error) {
+	b, err := hex.Deserialize(optPriv)
+	if err != nil {
+		return nil, fmt.Errorf("invalid private key: %v", err)
+	}
+	if len(b) != ed25519.PrivateKeySize {
+		return nil, fmt.Errorf("invalid private key: size")
+	}
+	return ed25519.PrivateKey(b), nil
+}
author	Rasmus Dahlberg <rasmus@mullvad.net>	2022-03-27 20:38:05 +0200
committer	Rasmus Dahlberg <rasmus@mullvad.net>	2022-04-13 15:11:08 +0200
commit	76b67507b902cebe701bd2e2b59beb455f96c923 (patch)
tree	32a1b2a722eef534cbb4c424f4c6225e4525b14f
parent	30b9e5d5f5a29a3d83f9e16c9b606c903f750acc (diff)