make audit request
62 views
Skip to first unread message
gnebs...@gmail.com
Nov 5, 2014, 4:26:13 AM11/5/14
to certificate-...@googlegroups.com
Hi folks,
I would like to implement the audit : retrieve merkle audit proof from log by leaf hash : proof-by-hash in java.
According to the recommendation of the rfc 6269:
My main concern is about actually the input: So the input is : . When i retrieve the entries of the log server , i got the following json format:
Inputs hash is then :Base64(hash(LEAFINPUT_XXX)). However i got an exception on the log server: segmentation fault. I would like to know whether my request is correct
I would like to implement the audit : retrieve merkle audit proof from log by leaf hash : proof-by-hash in java.
According to the recommendation of the rfc 6269:
Inputs: hash: A base64-encoded v1 leaf hash. tree_size: The tree_size of the tree on which to base the proof, in decimal.
My main concern is about actually the input: So the input is : . When i retrieve the entries of the log server , i got the following json format:
{ "entries": [ { "leaf_input": LEAFINPUT_XXX, "extra_data": XXX}]}Inputs hash is then :Base64(hash(LEAFINPUT_XXX)). However i got an exception on the log server: segmentation fault. I would like to know whether my request is correct
Eran Messeri
Nov 5, 2014, 4:58:05 AM11/5/14
to certificate-...@googlegroups.com
Hi,
If I understand correctly the issue is that the get-proof-by-hash parameters you send to the server make it crash.
Can you send a dump of the request you send to the server so we can help you debug? (You can get this by running 'tcpdump tcp port 80 -w request.pcap).
Are you using the leaf_input you get from get-entries? If so, you're right in base64-encoding it's hash, but it should be hashed after being prefixed with 0x00 (See section 2.1 of the RFC and note what the Python client does).
Eran
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
gnebs...@gmail.com
Nov 5, 2014, 10:53:16 AM11/5/14
to certificate-...@googlegroups.com
Hi ,
Yes, i use the leaf_input from the entries. I appended the prefix(0x00) converted to bytes array , the new request is Base64(hash(concatenate(0x00.tobytesarray, LEAFINPUTXXX.tobytesarray))), still got the same error :3106 Segmentation fault (core dumped) on the server side. I attached my pcap file.
Yes, i use the leaf_input from the entries. I appended the prefix(0x00) converted to bytes array , the new request is Base64(hash(concatenate(0x00.tobytesarray, LEAFINPUTXXX.tobytesarray))), still got the same error :3106 Segmentation fault (core dumped) on the server side. I attached my pcap file.
Eran Messeri
Feb 23, 2015, 4:20:12 PM2/23/15
to certificate-...@googlegroups.com
Apologies for not replying earlier - a few of my colleagues are working on a new version of the CT server. I suggest testing this against the new version of the open-source CT server as the old one is unmaintained.
--
Reply all
Reply to author
Forward
0 new messages