Ace:StorePython
From Adapt
The following is some sample code for reading and parsing ACE Token Stores in Python. All samples were tested on RHEL5 against python 2.4.3 with a backport of the hashlib library installed.
Read Token Store
The simpliest way (with no error checking) to read a well-formed token store.
import string import hashlib def readHeader(file): currLine = file.readline() if not currLine: return False headerParts = string.split(currLine) if (len(headerParts) != 6): return False return headerParts def readIdentifiers(infile): line = infile.readline().rstrip("\n") ids = [] while line != "": ids.append(line) line = infile.readline().rstrip("\n") return ids def readProof(infile): line = infile.readline().rstrip("\n") proof = [] while line != "": proof.append(line) line = infile.readline().rstrip("\n") return proof infile = open("/YOUR_TOKEN_STORE_FILE",'rb') while 1: header = readHeader(infile) if not header: break identifiers = readIdentifiers(infile) proof = readProof(infile) infile.close()
You will end up with three arrays, header which contains the six header components, identifiers containing the identifiers for the entry, and a proof array containing proof levels for the entry.
Calculate a file's proof
The round proof is calculated by digesting the encoded byte arrays in each layer in order, while substituting the previous layer or file's digest where an X appears.
For each layer:
- split by :
- on each item from the split, convert the hex-encoded to a byte array if not an X
- if the split item is an X, substitute the byte array from the previous layer or file's digest
- create a digest by concatenating each byte array for that layer (in order left to right)
- feed result into next layer
import binascii ... ... def calculateLevel(lowerHash,rowString): hashAlg = hashlib.sha256() for hash in string.split(rowString,":"): if (hash == "X"): hashAlg.update(lowerHash) else: hashAlg.update(binascii.a2b_hex(hash)) return hashAlg.digest() def calculateProof(file,prooflines): digFile = open(file,'rb') # Note, sha256 hardcoded in this example, store algorithm should be checked hashAlg = hashlib.sha256() hashAlg.update(digFile.read()) prevhash = hashAlg.digest() for proofLine in proof: prevhash = calculateLevel(prevhash,proofLine) return binascii.b2a_hex(prevhash) ... ... myfile = "FILE_TO_CHECK" ... while 1: ... proof = readProof(infile) # using proof lines from above, compute a files's proof if myfile in identifiers: print calculateProof(myfile,proof)
This example will read the FILE_TO_VALIDATE, calculate a digest, then feed that digest into each level of the digest. The final level's digest should be compared to the address of that round stored on the IMS.