diff options
| author | jwijenbergh <jeroenwijenbergh@protonmail.com> | 2022-02-09 18:10:09 +0100 |
|---|---|---|
| committer | jwijenbergh <jeroenwijenbergh@protonmail.com> | 2022-04-05 12:26:10 +0200 |
| commit | 23e63807085b13a9b221c3374d05099559583011 (patch) | |
| tree | 61f53f9c8282ba60edba322499a3b68317bc53a7 /src/test_data/generate_forged.py | |
| parent | 70b4bad8904fe02fe4d783b75c6137ba959363ec (diff) | |
Add signature verification to list retrieval
- Move test data to src
- Verify signatures by calling the Verify method
- Add a customizable parameter to force prehashed signatures
Signed-off-by: jwijenbergh <jeroenwijenbergh@protonmail.com>
Diffstat (limited to 'src/test_data/generate_forged.py')
| -rw-r--r-- | src/test_data/generate_forged.py | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/src/test_data/generate_forged.py b/src/test_data/generate_forged.py new file mode 100644 index 0000000..843b32d --- /dev/null +++ b/src/test_data/generate_forged.py @@ -0,0 +1,37 @@ +#!/usr/bin/env python3 + +import hashlib +import base64 + +# Hash server_list.json + +with open("server_list.json", "rb") as f: + b = f.read() + +with open("server_list.json.blake2b", "wb") as f: + f.write(hashlib.blake2b(b).digest()) + +# Forge pure signature on hash, see https://github.com/jedisct1/minisign/issues/104 + +with open("server_list.json.minisig", "rb") as f: + siglines = f.readlines() + +siglines[0] = b"untrusted comment: this signature has ED changed to Ed\n" +sig = base64.b64decode(siglines[1]) +siglines[1] = base64.b64encode(b"Ed" + sig[2:]) + b"\n" + +with open("server_list.json.forged_pure.minisig", "wb") as f: + f.writelines(siglines) + # Should now work: minisign -Vm server_list.json.blake2b -x server_list.json.forged_pure.minisig -p public-key + +# Try to forge key ID + +with open("server_list.json.wrong_key.minisig", "rb") as f: + siglines = f.readlines() + +siglines[0] = b"untrusted comment: this signature was created with wrong_secret.key but has key ID changed to that of public.key\n" +sig_wrong = base64.b64decode(siglines[1]) +siglines[1] = base64.b64encode(sig_wrong[:2] + sig[2:2+8] + sig_wrong[2+8:]) + b"\n" + +with open("server_list.json.forged_keyid.minisig", "wb") as f: + f.writelines(siglines) |