net/cert/ct_log_verifier.cc - Issue 2182533002: Adds a VerifyAuditProof method to CTLogVerifier

Side by Side Diff: net/cert/ct_log_verifier.cc

Issue 2182533002: Adds a VerifyAuditProof method to CTLogVerifier (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Removes hash cache Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/ct_log_verifier.h"	5 #include "net/cert/ct_log_verifier.h"

6	6

7 #include <string.h>	7 #include <string.h>

8 #include <openssl/bytestring.h>	8 #include <openssl/bytestring.h>

9 #include <openssl/evp.h>	9 #include <openssl/evp.h>

10	10

	11 #include <vector>
	Ryan Sleevi 2016/07/26 19:33:44 Unnecessary Unnecessary Rob Percival 2016/07/28 05:18:47 Why? Vector is already used in this file, the #inc Show quoted text On 2016/07/26 19:33:44, Ryan Sleevi (slow) wrote: > Unnecessary Why? Vector is already used in this file, the #include was just missing. Ryan Sleevi 2016/07/28 14:54:49 The use is from proof.nodes on line 188, which mea Show quoted text On 2016/07/28 05:18:47, Rob Percival wrote: > On 2016/07/26 19:33:44, Ryan Sleevi (slow) wrote: > > Unnecessary > > Why? Vector is already used in this file, the #include was just missing. The use is from proof.nodes on line 188, which means it should be coming from line 20. For example, line 188 could have said "auto" and you still would have had the dependency on line 20. This is the sort of change that bears commenting, at least, when publishing for reviewers - when it's a cleanup unrelated at all to the substance of the CL, but you happened to notice on the CL. Otherwise, it becomes a test for reviewers, and that's not ideal.
	12

11 #include "base/logging.h"	13 #include "base/logging.h"

12 #include "crypto/openssl_util.h"	14 #include "crypto/openssl_util.h"

13 #include "crypto/scoped_openssl_types.h"	15 #include "crypto/scoped_openssl_types.h"

14 #include "crypto/sha2.h"	16 #include "crypto/sha2.h"

15 #include "net/cert/ct_log_verifier_util.h"	17 #include "net/cert/ct_log_verifier_util.h"

16 #include "net/cert/ct_serialization.h"	18 #include "net/cert/ct_serialization.h"

	19 #include "net/cert/merkle_audit_proof.h"

17 #include "net/cert/merkle_consistency_proof.h"	20 #include "net/cert/merkle_consistency_proof.h"

18 #include "net/cert/signed_tree_head.h"	21 #include "net/cert/signed_tree_head.h"

19	22

20 namespace net {	23 namespace net {

21	24

22 namespace {	25 namespace {

23	26

24 // The SHA-256 hash of the empty string.	27 // The SHA-256 hash of the empty string.

25 const unsigned char kSHA256EmptyStringHash[ct::kSthRootHashLength] = {	28 const unsigned char kSHA256EmptyStringHash[ct::kSthRootHashLength] = {

26 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4,	29 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4,

(...skipping 208 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
235 sn >>= 1;	238 sn >>= 1;

236 }	239 }

237	240

238 // 6. After completing iterating through the "consistency_path" array as	241 // 6. After completing iterating through the "consistency_path" array as

239 // described above, verify that the "fr" calculated is equal to the	242 // described above, verify that the "fr" calculated is equal to the

240 // "first_hash" supplied, that the "sr" calculated is equal to the	243 // "first_hash" supplied, that the "sr" calculated is equal to the

241 // "second_hash" supplied and that "sn" is 0.	244 // "second_hash" supplied and that "sn" is 0.

242 return fr == old_tree_hash && sr == new_tree_hash && sn == 0;	245 return fr == old_tree_hash && sr == new_tree_hash && sn == 0;

243 }	246 }

244	247

	248 bool CTLogVerifier::VerifyAuditProof(const ct::MerkleAuditProof& proof,

	249 const std::string& root_hash,

	250 const std::string& leaf_hash) const {

	251 // Implements the algorithm described in

	252 // https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-17#section-10.4.1.
	Ryan Sleevi 2016/07/28 16:40:46 Omit the period at the end, it's getting interpret Omit the period at the end, it's getting interpreted as part of the URL :) Rob Percival 2016/08/25 17:44:59 Done. Show quoted text On 2016/07/28 16:40:46, Ryan Sleevi (slow) wrote: > Omit the period at the end, it's getting interpreted as part of the URL :) Done.
	253

	254 // 1. Compare "leaf_index" against "tree_size". If "leaf_index" is

	255 // greater than or equal to "tree_size" fail the proof verification.

	256 if (proof.leaf_index >= proof.tree_size)

	257 return false;

	258

	259 // 2. Set "fn" to "leaf_index" and "sn" to "tree_size - 1".

	260 uint64_t fn = proof.leaf_index;

	261 uint64_t sn = proof.tree_size - 1;

	262 // 3. Set "r" to "hash".

	263 std::string r = leaf_hash;

	264

	265 // 4. For each value "p" in the "inclusion_path" array:

	266 for (const std::string& p : proof.nodes) {

	267 // If "LSB(fn)" is set, or if "fn" is equal to "sn", then:

	268 if ((fn & 1) \|\| fn == sn) {

	269 // 1. Set "r" to "HASH(0x01 \|\| p \|\| r)"

	270 r = ct::internal::HashNodes(p, r);

	271

	272 // 2. If "LSB(fn)" is not set, then right-shift both "fn" and "sn"

	273 // equally until either "LSB(fn)" is set or "fn" is "0".

	274 while (!(fn & 1) && fn != 0) {

	275 fn >>= 1;

	276 sn >>= 1;

	277 }

	278 } else { // Otherwise:

	279 // Set "r" to "HASH(0x01 \|\| r \|\| p)"

	280 r = ct::internal::HashNodes(r, p);

	281 }

	282

	283 // Finally, right-shift both "fn" and "sn" one time.

	284 fn >>= 1;

	285 sn >>= 1;

	286 }

	287

	288 // 5. Compare "sn" to 0. Compare "r" against the "root_hash". If "sn"

	289 // is equal to 0, and "r" and the "root_hash" are equal, then the

	290 // log has proven the inclusion of "hash". Otherwise, fail the

	291 // proof verification.

	292 return sn == 0 && r == root_hash;

	293 }

	294

245 CTLogVerifier::~CTLogVerifier() {	295 CTLogVerifier::~CTLogVerifier() {

246 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);	296 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

247	297

248 if (public_key_)	298 if (public_key_)

249 EVP_PKEY_free(public_key_);	299 EVP_PKEY_free(public_key_);

250 }	300 }

251	301

252 bool CTLogVerifier::Init(const base::StringPiece& public_key) {	302 bool CTLogVerifier::Init(const base::StringPiece& public_key) {

253 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);	303 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

254	304

(...skipping 50 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
305 data_to_sign.size()) &&	355 data_to_sign.size()) &&

306 1 == EVP_DigestVerifyFinal(	356 1 == EVP_DigestVerifyFinal(

307 &ctx, reinterpret_cast<const uint8_t*>(signature.data()),	357 &ctx, reinterpret_cast<const uint8_t*>(signature.data()),

308 signature.size()));	358 signature.size()));

309	359

310 EVP_MD_CTX_cleanup(&ctx);	360 EVP_MD_CTX_cleanup(&ctx);

311 return ok;	361 return ok;

312 }	362 }

313	363

314 } // namespace net	364 } // namespace net

OLD	NEW

« no previous file with comments | « net/cert/ct_log_verifier.h ('k') | net/cert/ct_log_verifier_unittest.cc » ('j') | net/cert/ct_log_verifier_unittest.cc » ('J')