Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(130)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/ct_log_verifier.cc

Issue 1440643002: Certificate Transparency: Per-profile CT verification (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixing iOS compilation Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/ct_log_verifier.h ('k') | net/cert/ct_log_verifier_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/ct_log_verifier.h" 5 #include "net/cert/ct_log_verifier.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "net/cert/ct_serialization.h" 8 #include "net/cert/ct_serialization.h"
9 #include "net/cert/signed_tree_head.h" 9 #include "net/cert/signed_tree_head.h"
10 10
11 namespace net { 11 namespace net {
12 12
13 // static 13 // static
14 scoped_refptr<CTLogVerifier> CTLogVerifier::Create( 14 scoped_refptr<const CTLogVerifier> CTLogVerifier::Create(
15 const base::StringPiece& public_key, 15 const base::StringPiece& public_key,
16 const base::StringPiece& description, 16 const base::StringPiece& description,
17 const base::StringPiece& url) { 17 const base::StringPiece& url) {
18 GURL log_url(url.as_string()); 18 GURL log_url(url.as_string());
19 if (!log_url.is_valid()) 19 if (!log_url.is_valid())
20 return nullptr; 20 return nullptr;
21 scoped_refptr<CTLogVerifier> result(new CTLogVerifier(description, log_url)); 21 scoped_refptr<CTLogVerifier> result(new CTLogVerifier(description, log_url));
22 if (!result->Init(public_key)) 22 if (!result->Init(public_key))
23 return nullptr; 23 return nullptr;
24 return result; 24 return result;
25 } 25 }
26 26
27 CTLogVerifier::CTLogVerifier(const base::StringPiece& description, 27 CTLogVerifier::CTLogVerifier(const base::StringPiece& description,
28 const GURL& url) 28 const GURL& url)
29 : description_(description.as_string()), 29 : description_(description.as_string()),
30 url_(url), 30 url_(url),
31 hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE), 31 hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE),
32 signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS), 32 signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS),
33 public_key_(NULL) { 33 public_key_(NULL) {
34 DCHECK(url_.is_valid()); 34 DCHECK(url_.is_valid());
35 } 35 }
36 36
37 bool CTLogVerifier::Verify(const ct::LogEntry& entry, 37 bool CTLogVerifier::Verify(const ct::LogEntry& entry,
38 const ct::SignedCertificateTimestamp& sct) { 38 const ct::SignedCertificateTimestamp& sct) const {
39 if (sct.log_id != key_id()) { 39 if (sct.log_id != key_id()) {
40 DVLOG(1) << "SCT is not signed by this log."; 40 DVLOG(1) << "SCT is not signed by this log.";
41 return false; 41 return false;
42 } 42 }
43 43
44 if (!SignatureParametersMatch(sct.signature)) 44 if (!SignatureParametersMatch(sct.signature))
45 return false; 45 return false;
46 46
47 std::string serialized_log_entry; 47 std::string serialized_log_entry;
48 if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) { 48 if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) {
49 DVLOG(1) << "Unable to serialize entry."; 49 DVLOG(1) << "Unable to serialize entry.";
50 return false; 50 return false;
51 } 51 }
52 std::string serialized_data; 52 std::string serialized_data;
53 if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry, 53 if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry,
54 sct.extensions, &serialized_data)) { 54 sct.extensions, &serialized_data)) {
55 DVLOG(1) << "Unable to create SCT to verify."; 55 DVLOG(1) << "Unable to create SCT to verify.";
56 return false; 56 return false;
57 } 57 }
58 58
59 return VerifySignature(serialized_data, sct.signature.signature_data); 59 return VerifySignature(serialized_data, sct.signature.signature_data);
60 } 60 }
61 61
62 bool CTLogVerifier::VerifySignedTreeHead( 62 bool CTLogVerifier::VerifySignedTreeHead(
63 const ct::SignedTreeHead& signed_tree_head) { 63 const ct::SignedTreeHead& signed_tree_head) const {
64 if (!SignatureParametersMatch(signed_tree_head.signature)) 64 if (!SignatureParametersMatch(signed_tree_head.signature))
65 return false; 65 return false;
66 66
67 std::string serialized_data; 67 std::string serialized_data;
68 ct::EncodeTreeHeadSignature(signed_tree_head, &serialized_data); 68 ct::EncodeTreeHeadSignature(signed_tree_head, &serialized_data);
69 if (VerifySignature(serialized_data, 69 if (VerifySignature(serialized_data,
70 signed_tree_head.signature.signature_data)) { 70 signed_tree_head.signature.signature_data)) {
71 return true; 71 return true;
72 } 72 }
73 return false; 73 return false;
74 } 74 }
75 75
76 bool CTLogVerifier::SignatureParametersMatch( 76 bool CTLogVerifier::SignatureParametersMatch(
77 const ct::DigitallySigned& signature) { 77 const ct::DigitallySigned& signature) const {
78 if (!signature.SignatureParametersMatch(hash_algorithm_, 78 if (!signature.SignatureParametersMatch(hash_algorithm_,
79 signature_algorithm_)) { 79 signature_algorithm_)) {
80 DVLOG(1) << "Mismatched hash or signature algorithm. Hash: " 80 DVLOG(1) << "Mismatched hash or signature algorithm. Hash: "
81 << hash_algorithm_ << " vs " << signature.hash_algorithm 81 << hash_algorithm_ << " vs " << signature.hash_algorithm
82 << " Signature: " << signature_algorithm_ << " vs " 82 << " Signature: " << signature_algorithm_ << " vs "
83 << signature.signature_algorithm << "."; 83 << signature.signature_algorithm << ".";
84 return false; 84 return false;
85 } 85 }
86 86
87 return true; 87 return true;
88 } 88 }
89 89
90 } // namespace net 90 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/ct_log_verifier.h ('k') | net/cert/ct_log_verifier_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698