| OLD | NEW |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_ | 5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_ |
| 6 #define NET_CERT_CT_LOG_VERIFIER_H_ | 6 #define NET_CERT_CT_LOG_VERIFIER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/gtest_prod_util.h" | 10 #include "base/gtest_prod_util.h" |
| 11 #include "base/memory/ref_counted.h" | 11 #include "base/memory/ref_counted.h" |
| 12 #include "base/strings/string_piece.h" | 12 #include "base/strings/string_piece.h" |
| 13 #include "net/base/net_export.h" | 13 #include "net/base/net_export.h" |
| 14 #include "net/cert/signed_certificate_timestamp.h" | 14 #include "net/cert/signed_certificate_timestamp.h" |
| 15 #include "url/gurl.h" | 15 #include "url/gurl.h" |
| 16 | 16 |
| 17 // Forward declare the crypto types to avoid having to include the full | 17 // Forward declare the crypto types to avoid having to include the full |
| 18 // headers. | 18 // headers. |
| 19 typedef struct evp_pkey_st EVP_PKEY; | 19 typedef struct evp_pkey_st EVP_PKEY; |
| 20 | 20 |
| 21 namespace net { | 21 namespace net { |
| 22 | 22 |
| 23 namespace ct { | 23 namespace ct { |
| 24 | 24 struct MerkleAuditProof; |
| 25 struct MerkleConsistencyProof; |
| 25 struct SignedTreeHead; | 26 struct SignedTreeHead; |
| 26 struct MerkleConsistencyProof; | |
| 27 | |
| 28 } // namespace ct | 27 } // namespace ct |
| 29 | 28 |
| 30 // Class for verifying signatures of a single Certificate Transparency | 29 // Class for verifying signatures of a single Certificate Transparency |
| 31 // log, whose identity is provided during construction. | 30 // log, whose identity is provided during construction. |
| 32 // Currently can verify Signed Certificate Timestamp (SCT) and Signed | 31 // Currently can verify Signed Certificate Timestamp (SCT) and Signed |
| 33 // Tree Head (STH) signatures. | 32 // Tree Head (STH) signatures. |
| 34 // Immutable: Does not hold any state beyond the log information it was | 33 // Immutable: Does not hold any state beyond the log information it was |
| 35 // initialized with. | 34 // initialized with. |
| 36 class NET_EXPORT CTLogVerifier | 35 class NET_EXPORT CTLogVerifier |
| 37 : public base::RefCountedThreadSafe<CTLogVerifier> { | 36 : public base::RefCountedThreadSafe<CTLogVerifier> { |
| (...skipping 23 matching lines...) Expand all Loading... |
| 61 bool VerifySignedTreeHead(const ct::SignedTreeHead& signed_tree_head) const; | 60 bool VerifySignedTreeHead(const ct::SignedTreeHead& signed_tree_head) const; |
| 62 | 61 |
| 63 // Verifies that |proof| is a valid consistency proof (RFC 6962, Section | 62 // Verifies that |proof| is a valid consistency proof (RFC 6962, Section |
| 64 // 2.1.2) for this log, and which proves that |old_tree_hash| has | 63 // 2.1.2) for this log, and which proves that |old_tree_hash| has |
| 65 // been fully incorporated into the Merkle tree represented by | 64 // been fully incorporated into the Merkle tree represented by |
| 66 // |new_tree_hash|. | 65 // |new_tree_hash|. |
| 67 bool VerifyConsistencyProof(const ct::MerkleConsistencyProof& proof, | 66 bool VerifyConsistencyProof(const ct::MerkleConsistencyProof& proof, |
| 68 const std::string& old_tree_hash, | 67 const std::string& old_tree_hash, |
| 69 const std::string& new_tree_hash) const; | 68 const std::string& new_tree_hash) const; |
| 70 | 69 |
| 70 // Verifies that |proof| is a valid audit proof (RFC 6962, Section 2.1.1) for |
| 71 // this log, and which proves that the certificate represented by |leaf_hash| |
| 72 // has been incorporated into the Merkle tree represented by |root_hash|. |
| 73 // Returns true if verification succeeds, false otherwise. |
| 74 bool VerifyAuditProof(const ct::MerkleAuditProof& proof, |
| 75 const std::string& root_hash, |
| 76 const std::string& leaf_hash) const; |
| 77 |
| 71 private: | 78 private: |
| 72 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature); | 79 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature); |
| 73 friend class base::RefCountedThreadSafe<CTLogVerifier>; | 80 friend class base::RefCountedThreadSafe<CTLogVerifier>; |
| 74 | 81 |
| 75 CTLogVerifier(const base::StringPiece& description, const GURL& url); | 82 CTLogVerifier(const base::StringPiece& description, const GURL& url); |
| 76 ~CTLogVerifier(); | 83 ~CTLogVerifier(); |
| 77 | 84 |
| 78 // Performs crypto-library specific initialization. | 85 // Performs crypto-library specific initialization. |
| 79 bool Init(const base::StringPiece& public_key); | 86 bool Init(const base::StringPiece& public_key); |
| 80 | 87 |
| (...skipping 12 matching lines...) Expand all Loading... |
| 93 GURL url_; | 100 GURL url_; |
| 94 ct::DigitallySigned::HashAlgorithm hash_algorithm_; | 101 ct::DigitallySigned::HashAlgorithm hash_algorithm_; |
| 95 ct::DigitallySigned::SignatureAlgorithm signature_algorithm_; | 102 ct::DigitallySigned::SignatureAlgorithm signature_algorithm_; |
| 96 | 103 |
| 97 EVP_PKEY* public_key_; | 104 EVP_PKEY* public_key_; |
| 98 }; | 105 }; |
| 99 | 106 |
| 100 } // namespace net | 107 } // namespace net |
| 101 | 108 |
| 102 #endif // NET_CERT_CT_LOG_VERIFIER_H_ | 109 #endif // NET_CERT_CT_LOG_VERIFIER_H_ |
| OLD | NEW |