aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus@mullvad.net>2022-03-27 20:38:05 +0200
committerRasmus Dahlberg <rasmus@mullvad.net>2022-04-13 15:11:08 +0200
commit76b67507b902cebe701bd2e2b59beb455f96c923 (patch)
tree32a1b2a722eef534cbb4c424f4c6225e4525b14f
parent30b9e5d5f5a29a3d83f9e16c9b606c903f750acc (diff)
add hashleaf and sign commands
-rw-r--r--cmd/sigsum-debug/hashleaf.go37
-rw-r--r--cmd/sigsum-debug/main.go33
-rw-r--r--cmd/sigsum-debug/sign.go30
-rw-r--r--cmd/sigsum-debug/util.go25
4 files changed, 122 insertions, 3 deletions
diff --git a/cmd/sigsum-debug/hashleaf.go b/cmd/sigsum-debug/hashleaf.go
new file mode 100644
index 0000000..2b4910d
--- /dev/null
+++ b/cmd/sigsum-debug/hashleaf.go
@@ -0,0 +1,37 @@
+package main
+
+import (
+ "fmt"
+ "crypto/ed25519"
+
+ "git.sigsum.org/sigsum-lib-go/pkg/hex"
+ "git.sigsum.org/sigsum-lib-go/pkg/types"
+)
+
+func CmdHashLeaf(optPriv string, optShardHint uint64) error {
+ data, err := readStdin()
+ if err != nil {
+ return fmt.Errorf("sign: %v", err)
+ }
+ priv, err := privFromHex(optPriv)
+ if err != nil {
+ return fmt.Errorf("sign: %v", err)
+ }
+ stm := types.Statement{
+ ShardHint: optShardHint,
+ Checksum: *types.HashFn(data),
+ }
+ sig, err := stm.Sign(priv)
+ if err != nil {
+ fmt.Errorf("sign: %v", err)
+ }
+ leaf := types.Leaf{
+ Statement: stm,
+ Signature: *sig,
+ KeyHash: *types.HashFn(priv.Public().(ed25519.PublicKey)[:]),
+ }
+ lh := types.LeafHash(leaf.ToBinary())
+
+ fmt.Printf("%s\n", hex.Serialize(lh[:]))
+ return nil
+}
diff --git a/cmd/sigsum-debug/main.go b/cmd/sigsum-debug/main.go
index 1d9e769..8b49e0b 100644
--- a/cmd/sigsum-debug/main.go
+++ b/cmd/sigsum-debug/main.go
@@ -31,9 +31,27 @@ Usage:
sigsum-debug hashkey
Reads a public key from stdin and output its key hash.
+
+ sigsum-debug hashleaf -k PRIVATE_KEY [-s SHARD_HINT]
+ Reads data from STDIN and outputs a leaf hash.
+ -k, --private-key Private key to sign with
+ -s, --shard-hint Shard hint to use (Default: 0)
+
+ sigsum-debug sign -k PRIVATE_KEY [-s SHARD_HINT]
+ Reads data from STDIN and outputs a signature.
+ -k, --private-key Private key to sign with
+ -s, --shard-hint Shard hint to use (Default: 0)
+
+ sigsum-debug cosign -w WIT_PRIV -l LOG_PUB
+ Reads an ASCII signed tree head from STDIN and outputs a cosignature.
+ -w, --witness-priv Witness private key to sign with
+ -l, --log-pub Log public key to verify signed tree head
`
var (
+ optPriv, optPub string
+ optShardHint uint64
+
someVersion = "unknown"
)
@@ -50,6 +68,12 @@ func main() {
err = CmdPubKey()
case "hashkey":
err = CmdHashKey()
+ case "hashleaf":
+ err = CmdHashLeaf(optPriv, optShardHint)
+ case "sign":
+ err = CmdSign(optPriv, optShardHint)
+ case "cosign":
+ err = fmt.Errorf("TODO")
default:
err = fmt.Errorf("invalid command %q, try %q", cmd.Name(), "sigsum help")
}
@@ -78,6 +102,15 @@ func parseCommand() *flag.FlagSet {
func registerOptions(fs *flag.FlagSet) {
switch cmd := fs.Name(); cmd {
default:
+ case "hashleaf":
+ registerStringOption(fs, &optPriv, "k", "key", "")
+ registerUint64Option(fs, &optShardHint, "s", "shard-hint", 0)
+ case "sign":
+ registerStringOption(fs, &optPriv, "k", "key", "")
+ registerUint64Option(fs, &optShardHint, "s", "shard-hint", 0)
+ case "cosign":
+ registerStringOption(fs, &optPriv, "w", "--witness-priv", "")
+ registerStringOption(fs, &optPub, "l", "--log-pub", "")
}
}
diff --git a/cmd/sigsum-debug/sign.go b/cmd/sigsum-debug/sign.go
new file mode 100644
index 0000000..130a649
--- /dev/null
+++ b/cmd/sigsum-debug/sign.go
@@ -0,0 +1,30 @@
+package main
+
+import (
+ "fmt"
+
+ "git.sigsum.org/sigsum-lib-go/pkg/hex"
+ "git.sigsum.org/sigsum-lib-go/pkg/types"
+)
+
+func CmdSign(optPriv string, optShardHint uint64) error {
+ data, err := readStdin()
+ if err != nil {
+ return fmt.Errorf("sign: %v", err)
+ }
+ priv, err := privFromHex(optPriv)
+ if err != nil {
+ return fmt.Errorf("sign: %v", err)
+ }
+ stm := types.Statement{
+ ShardHint: optShardHint,
+ Checksum: *types.HashFn(data),
+ }
+ sig, err := stm.Sign(priv)
+ if err != nil {
+ fmt.Errorf("sign: %v", err)
+ }
+
+ fmt.Printf("%s\n", hex.Serialize(sig[:]))
+ return nil
+}
diff --git a/cmd/sigsum-debug/util.go b/cmd/sigsum-debug/util.go
index d7ba6a8..8d2cd4e 100644
--- a/cmd/sigsum-debug/util.go
+++ b/cmd/sigsum-debug/util.go
@@ -1,24 +1,43 @@
package main
import (
+ "crypto"
"bytes"
"fmt"
"io/ioutil"
"os"
+ "crypto/ed25519"
"git.sigsum.org/sigsum-lib-go/pkg/hex"
)
-func decodeHexFromStdin() ([]byte, error) {
+func readStdin() ([]byte, error) {
b, err := ioutil.ReadAll(os.Stdin)
if err != nil {
- return nil, fmt.Errorf("failed reading stdin: %v", err)
+ return nil, fmt.Errorf("stdin: %v", err)
}
+ return b, nil
+}
+func decodeHexFromStdin() ([]byte, error) {
+ b, err := readStdin()
+ if err != nil {
+ return nil, fmt.Errorf("failed reading stdin: %v", err)
+ }
b, err = hex.Deserialize(string(bytes.TrimSpace(b)))
if err != nil {
return nil, fmt.Errorf("invalid private key: %v", err)
}
-
return b, nil
}
+
+func privFromHex(s string) (crypto.Signer, error) {
+ b, err := hex.Deserialize(optPriv)
+ if err != nil {
+ return nil, fmt.Errorf("invalid private key: %v", err)
+ }
+ if len(b) != ed25519.PrivateKeySize {
+ return nil, fmt.Errorf("invalid private key: size")
+ }
+ return ed25519.PrivateKey(b), nil
+}