| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/ct_log_verifier.h" | 5 #include "net/cert/ct_log_verifier.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "net/cert/ct_serialization.h" | 8 #include "net/cert/ct_serialization.h" |
| 9 #include "net/cert/signed_tree_head.h" | 9 #include "net/cert/signed_tree_head.h" |
| 10 | 10 |
| 11 namespace net { | 11 namespace net { |
| 12 | 12 |
| 13 // static | 13 // static |
| 14 scoped_ptr<CTLogVerifier> CTLogVerifier::Create( | 14 scoped_ptr<CTLogVerifier> CTLogVerifier::Create( |
| 15 const base::StringPiece& public_key, | 15 const base::StringPiece& public_key, |
| 16 const base::StringPiece& description) { | 16 const base::StringPiece& description, |
| 17 scoped_ptr<CTLogVerifier> result(new CTLogVerifier()); | 17 const base::StringPiece& url) { |
| 18 if (!result->Init(public_key, description)) | 18 scoped_ptr<CTLogVerifier> result(new CTLogVerifier(description, url)); |
| 19 if (!result->Init(public_key)) |
| 19 result.reset(); | 20 result.reset(); |
| 20 return result.Pass(); | 21 return result.Pass(); |
| 21 } | 22 } |
| 22 | 23 |
| 24 CTLogVerifier::CTLogVerifier(const base::StringPiece& description, |
| 25 const base::StringPiece& url) |
| 26 : description_(description.as_string()), |
| 27 url_(url.as_string()), |
| 28 hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE), |
| 29 signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS), |
| 30 public_key_(NULL) { |
| 31 } |
| 32 |
| 23 bool CTLogVerifier::Verify(const ct::LogEntry& entry, | 33 bool CTLogVerifier::Verify(const ct::LogEntry& entry, |
| 24 const ct::SignedCertificateTimestamp& sct) { | 34 const ct::SignedCertificateTimestamp& sct) { |
| 25 if (sct.log_id != key_id()) { | 35 if (sct.log_id != key_id()) { |
| 26 DVLOG(1) << "SCT is not signed by this log."; | 36 DVLOG(1) << "SCT is not signed by this log."; |
| 27 return false; | 37 return false; |
| 28 } | 38 } |
| 29 | 39 |
| 30 if (!SignatureParametersMatch(sct.signature)) | 40 if (!SignatureParametersMatch(sct.signature)) |
| 31 return false; | 41 return false; |
| 32 | 42 |
| 33 std::string serialized_log_entry; | 43 std::string serialized_log_entry; |
| 34 if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) { | 44 if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) { |
| 35 DVLOG(1) << "Unable to serialize entry."; | 45 DVLOG(1) << "Unable to serialize entry."; |
| 36 return false; | 46 return false; |
| 37 } | 47 } |
| 38 std::string serialized_data; | 48 std::string serialized_data; |
| 39 if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry, | 49 if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry, |
| 40 sct.extensions, &serialized_data)) { | 50 sct.extensions, &serialized_data)) { |
| 41 DVLOG(1) << "Unable to create SCT to verify."; | 51 DVLOG(1) << "Unable to create SCT to verify."; |
| 42 return false; | 52 return false; |
| 43 } | 53 } |
| 44 | 54 |
| 45 return VerifySignature(serialized_data, sct.signature.signature_data); | 55 return VerifySignature(serialized_data, sct.signature.signature_data); |
| 46 } | 56 } |
| 47 | 57 |
| 48 bool CTLogVerifier::SetSignedTreeHead( | 58 bool CTLogVerifier::VerifySignedTreeHead( |
| 49 scoped_ptr<ct::SignedTreeHead> signed_tree_head) { | 59 const ct::SignedTreeHead* signed_tree_head) { |
| 50 if (!SignatureParametersMatch(signed_tree_head->signature)) | 60 if (!SignatureParametersMatch(signed_tree_head->signature)) |
| 51 return false; | 61 return false; |
| 52 | 62 |
| 53 std::string serialized_data; | 63 std::string serialized_data; |
| 54 ct::EncodeTreeHeadSignature(*signed_tree_head.get(), &serialized_data); | 64 ct::EncodeTreeHeadSignature(*signed_tree_head, &serialized_data); |
| 55 if (VerifySignature(serialized_data, | 65 if (VerifySignature(serialized_data, |
| 56 signed_tree_head->signature.signature_data)) { | 66 signed_tree_head->signature.signature_data)) { |
| 57 signed_tree_head_.reset(signed_tree_head.release()); | |
| 58 return true; | 67 return true; |
| 59 } | 68 } |
| 60 return false; | 69 return false; |
| 61 } | 70 } |
| 62 | 71 |
| 63 bool CTLogVerifier::SignatureParametersMatch( | 72 bool CTLogVerifier::SignatureParametersMatch( |
| 64 const ct::DigitallySigned& signature) { | 73 const ct::DigitallySigned& signature) { |
| 65 if (!signature.SignatureParametersMatch(hash_algorithm_, | 74 if (!signature.SignatureParametersMatch(hash_algorithm_, |
| 66 signature_algorithm_)) { | 75 signature_algorithm_)) { |
| 67 DVLOG(1) << "Mismatched hash or signature algorithm. Hash: " | 76 DVLOG(1) << "Mismatched hash or signature algorithm. Hash: " |
| 68 << hash_algorithm_ << " vs " << signature.hash_algorithm | 77 << hash_algorithm_ << " vs " << signature.hash_algorithm |
| 69 << " Signature: " << signature_algorithm_ << " vs " | 78 << " Signature: " << signature_algorithm_ << " vs " |
| 70 << signature.signature_algorithm << "."; | 79 << signature.signature_algorithm << "."; |
| 71 return false; | 80 return false; |
| 72 } | 81 } |
| 73 | 82 |
| 74 return true; | 83 return true; |
| 75 } | 84 } |
| 76 | 85 |
| 77 } // namespace net | 86 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1100003006:
Certificate Transparency: Fetching of Signed Tree Heads (DRAFT) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master