Personal tools

Ace:StorePython: Difference between revisions

From Adapt

Jump to: navigation, search
No edit summary
 
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 3: Line 3:
=Read Token Store=
=Read Token Store=


The simpliest way (with little-no error checking) to read a well-formed token store.
The simpliest way (with no error checking) to read a well-formed token store.


<pre>
<pre>
import string
import hashlib
def readHeader(file):
def readHeader(file):
     currLine = file.readline()
     currLine = file.readline()
Line 42: Line 45:
infile.close()
infile.close()
</pre>
</pre>
You will end up with three arrays, header which contains the six header components, identifiers containing the identifiers for the entry, and a proof array containing proof levels for the entry.


=Calculate a file's proof=
=Calculate a file's proof=
The round proof is calculated by digesting the encoded byte arrays in each layer in order, while substituting the previous layer or file's digest where an X appears.
For each layer:
# split by :
# on each item from the split, convert the hex-encoded to a byte array if not an X
# if the split item is an X, substitute the byte array from the previous layer or file's digest
# create a digest by concatenating each byte array for that layer (in order left to right)
# feed result into next layer


<pre>
<pre>
import binascii
...
...
def calculateLevel(lowerHash,rowString):
def calculateLevel(lowerHash,rowString):
     hashAlg = hashlib.sha256()     
     hashAlg = hashlib.sha256()     
Line 54: Line 71:
             hashAlg.update(binascii.a2b_hex(hash))
             hashAlg.update(binascii.a2b_hex(hash))
     return hashAlg.digest()
     return hashAlg.digest()
def calculateProof(file,prooflines):
    digFile = open(file,'rb')
# Note, sha256 hardcoded in this example, store algorithm should be checked
    hashAlg = hashlib.sha256()
    hashAlg.update(digFile.read())
    prevhash = hashAlg.digest()
    for proofLine in proof:
        prevhash = calculateLevel(prevhash,proofLine)
    return binascii.b2a_hex(prevhash)


...
...
...
...
myfile = "FILE_TO_CHECK"
...
while 1:
  ...
  proof = readProof(infile)
# using proof lines from above, compute a files's proof
# using proof lines from above, compute a files's proof
# Note, sha256 hardcoded in this example, store algorithm should be checked
  if myfile in identifiers:
digFile = open("/FILE_TO_VALIDATE,'rb')
      print calculateProof(myfile,proof)
hashAlg = hashlib.sha256()
 
hashAlg.update(digFile.read())
prevhash = hashAlg.digest()
 
for proofLine in proof:
    prevhash = calculateLevel(prevhash,proofLine)
print "Proof Result: " + binascii.b2a_hex(prevhash)
</pre>
</pre>


This example will read the FILE_TO_VALIDATE, calculate a digest, then feed that digest into each level of the digest. The final level's digest should be compared to the address of that round stored on the IMS.
This example will read the FILE_TO_VALIDATE, calculate a digest, then feed that digest into each level of the digest. The final level's digest should be compared to the address of that round stored on the IMS.

Latest revision as of 17:35, 17 December 2010

The following is some sample code for reading and parsing ACE Token Stores in Python. All samples were tested on RHEL5 against python 2.4.3 with a backport of the hashlib library installed.

Read Token Store

The simpliest way (with no error checking) to read a well-formed token store.

import string
import hashlib

def readHeader(file):
    currLine = file.readline()
    if not currLine:
        return False
    headerParts = string.split(currLine)
    if (len(headerParts) != 6):
        return False
    return headerParts

def readIdentifiers(infile):
    line = infile.readline().rstrip("\n")
    ids = []
    while line != "":
        ids.append(line)        
        line = infile.readline().rstrip("\n")
    return ids

def readProof(infile):
    line = infile.readline().rstrip("\n")
    proof = []
    while line != "":
        proof.append(line)        
        line = infile.readline().rstrip("\n")
    return proof

infile = open("/YOUR_TOKEN_STORE_FILE",'rb')

while 1:
    header = readHeader(infile)
    if not header:
        break
    identifiers = readIdentifiers(infile)
    proof = readProof(infile)

infile.close()

You will end up with three arrays, header which contains the six header components, identifiers containing the identifiers for the entry, and a proof array containing proof levels for the entry.

Calculate a file's proof

The round proof is calculated by digesting the encoded byte arrays in each layer in order, while substituting the previous layer or file's digest where an X appears.

For each layer:

  1. split by :
  2. on each item from the split, convert the hex-encoded to a byte array if not an X
  3. if the split item is an X, substitute the byte array from the previous layer or file's digest
  4. create a digest by concatenating each byte array for that layer (in order left to right)
  5. feed result into next layer
import binascii
...
...
def calculateLevel(lowerHash,rowString):
    hashAlg = hashlib.sha256()    
    for hash in string.split(rowString,":"):
        if (hash == "X"):
            hashAlg.update(lowerHash)
        else:
            hashAlg.update(binascii.a2b_hex(hash))
    return hashAlg.digest()

def calculateProof(file,prooflines):
    digFile = open(file,'rb')
# Note, sha256 hardcoded in this example, store algorithm should be checked
    hashAlg = hashlib.sha256()
    hashAlg.update(digFile.read())
    prevhash = hashAlg.digest()

    for proofLine in proof:
        prevhash = calculateLevel(prevhash,proofLine)
    return binascii.b2a_hex(prevhash)


...
...
myfile = "FILE_TO_CHECK"
...
while 1:
   ...
   proof = readProof(infile)
# using proof lines from above, compute a files's proof
   if myfile in identifiers:
      print calculateProof(myfile,proof)
   

This example will read the FILE_TO_VALIDATE, calculate a digest, then feed that digest into each level of the digest. The final level's digest should be compared to the address of that round stored on the IMS.