From 76b67507b902cebe701bd2e2b59beb455f96c923 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Sun, 27 Mar 2022 20:38:05 +0200 Subject: add hashleaf and sign commands --- cmd/sigsum-debug/hashleaf.go | 37 +++++++++++++++++++++++++++++++++++++ cmd/sigsum-debug/main.go | 33 +++++++++++++++++++++++++++++++++ cmd/sigsum-debug/sign.go | 30 ++++++++++++++++++++++++++++++ cmd/sigsum-debug/util.go | 25 ++++++++++++++++++++++--- 4 files changed, 122 insertions(+), 3 deletions(-) create mode 100644 cmd/sigsum-debug/hashleaf.go create mode 100644 cmd/sigsum-debug/sign.go (limited to 'cmd') diff --git a/cmd/sigsum-debug/hashleaf.go b/cmd/sigsum-debug/hashleaf.go new file mode 100644 index 0000000..2b4910d --- /dev/null +++ b/cmd/sigsum-debug/hashleaf.go @@ -0,0 +1,37 @@ +package main + +import ( + "fmt" + "crypto/ed25519" + + "git.sigsum.org/sigsum-lib-go/pkg/hex" + "git.sigsum.org/sigsum-lib-go/pkg/types" +) + +func CmdHashLeaf(optPriv string, optShardHint uint64) error { + data, err := readStdin() + if err != nil { + return fmt.Errorf("sign: %v", err) + } + priv, err := privFromHex(optPriv) + if err != nil { + return fmt.Errorf("sign: %v", err) + } + stm := types.Statement{ + ShardHint: optShardHint, + Checksum: *types.HashFn(data), + } + sig, err := stm.Sign(priv) + if err != nil { + fmt.Errorf("sign: %v", err) + } + leaf := types.Leaf{ + Statement: stm, + Signature: *sig, + KeyHash: *types.HashFn(priv.Public().(ed25519.PublicKey)[:]), + } + lh := types.LeafHash(leaf.ToBinary()) + + fmt.Printf("%s\n", hex.Serialize(lh[:])) + return nil +} diff --git a/cmd/sigsum-debug/main.go b/cmd/sigsum-debug/main.go index 1d9e769..8b49e0b 100644 --- a/cmd/sigsum-debug/main.go +++ b/cmd/sigsum-debug/main.go @@ -31,9 +31,27 @@ Usage: sigsum-debug hashkey Reads a public key from stdin and output its key hash. + + sigsum-debug hashleaf -k PRIVATE_KEY [-s SHARD_HINT] + Reads data from STDIN and outputs a leaf hash. + -k, --private-key Private key to sign with + -s, --shard-hint Shard hint to use (Default: 0) + + sigsum-debug sign -k PRIVATE_KEY [-s SHARD_HINT] + Reads data from STDIN and outputs a signature. + -k, --private-key Private key to sign with + -s, --shard-hint Shard hint to use (Default: 0) + + sigsum-debug cosign -w WIT_PRIV -l LOG_PUB + Reads an ASCII signed tree head from STDIN and outputs a cosignature. + -w, --witness-priv Witness private key to sign with + -l, --log-pub Log public key to verify signed tree head ` var ( + optPriv, optPub string + optShardHint uint64 + someVersion = "unknown" ) @@ -50,6 +68,12 @@ func main() { err = CmdPubKey() case "hashkey": err = CmdHashKey() + case "hashleaf": + err = CmdHashLeaf(optPriv, optShardHint) + case "sign": + err = CmdSign(optPriv, optShardHint) + case "cosign": + err = fmt.Errorf("TODO") default: err = fmt.Errorf("invalid command %q, try %q", cmd.Name(), "sigsum help") } @@ -78,6 +102,15 @@ func parseCommand() *flag.FlagSet { func registerOptions(fs *flag.FlagSet) { switch cmd := fs.Name(); cmd { default: + case "hashleaf": + registerStringOption(fs, &optPriv, "k", "key", "") + registerUint64Option(fs, &optShardHint, "s", "shard-hint", 0) + case "sign": + registerStringOption(fs, &optPriv, "k", "key", "") + registerUint64Option(fs, &optShardHint, "s", "shard-hint", 0) + case "cosign": + registerStringOption(fs, &optPriv, "w", "--witness-priv", "") + registerStringOption(fs, &optPub, "l", "--log-pub", "") } } diff --git a/cmd/sigsum-debug/sign.go b/cmd/sigsum-debug/sign.go new file mode 100644 index 0000000..130a649 --- /dev/null +++ b/cmd/sigsum-debug/sign.go @@ -0,0 +1,30 @@ +package main + +import ( + "fmt" + + "git.sigsum.org/sigsum-lib-go/pkg/hex" + "git.sigsum.org/sigsum-lib-go/pkg/types" +) + +func CmdSign(optPriv string, optShardHint uint64) error { + data, err := readStdin() + if err != nil { + return fmt.Errorf("sign: %v", err) + } + priv, err := privFromHex(optPriv) + if err != nil { + return fmt.Errorf("sign: %v", err) + } + stm := types.Statement{ + ShardHint: optShardHint, + Checksum: *types.HashFn(data), + } + sig, err := stm.Sign(priv) + if err != nil { + fmt.Errorf("sign: %v", err) + } + + fmt.Printf("%s\n", hex.Serialize(sig[:])) + return nil +} diff --git a/cmd/sigsum-debug/util.go b/cmd/sigsum-debug/util.go index d7ba6a8..8d2cd4e 100644 --- a/cmd/sigsum-debug/util.go +++ b/cmd/sigsum-debug/util.go @@ -1,24 +1,43 @@ package main import ( + "crypto" "bytes" "fmt" "io/ioutil" "os" + "crypto/ed25519" "git.sigsum.org/sigsum-lib-go/pkg/hex" ) -func decodeHexFromStdin() ([]byte, error) { +func readStdin() ([]byte, error) { b, err := ioutil.ReadAll(os.Stdin) if err != nil { - return nil, fmt.Errorf("failed reading stdin: %v", err) + return nil, fmt.Errorf("stdin: %v", err) } + return b, nil +} +func decodeHexFromStdin() ([]byte, error) { + b, err := readStdin() + if err != nil { + return nil, fmt.Errorf("failed reading stdin: %v", err) + } b, err = hex.Deserialize(string(bytes.TrimSpace(b))) if err != nil { return nil, fmt.Errorf("invalid private key: %v", err) } - return b, nil } + +func privFromHex(s string) (crypto.Signer, error) { + b, err := hex.Deserialize(optPriv) + if err != nil { + return nil, fmt.Errorf("invalid private key: %v", err) + } + if len(b) != ed25519.PrivateKeySize { + return nil, fmt.Errorf("invalid private key: size") + } + return ed25519.PrivateKey(b), nil +} -- cgit v1.2.3