OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_ | 5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_ |
6 #define NET_CERT_CT_LOG_VERIFIER_H_ | 6 #define NET_CERT_CT_LOG_VERIFIER_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/gtest_prod_util.h" | 10 #include "base/gtest_prod_util.h" |
11 #include "base/memory/ref_counted.h" | 11 #include "base/memory/ref_counted.h" |
12 #include "base/strings/string_piece.h" | 12 #include "base/strings/string_piece.h" |
13 #include "net/base/net_export.h" | 13 #include "net/base/net_export.h" |
14 #include "net/cert/signed_certificate_timestamp.h" | 14 #include "net/cert/signed_certificate_timestamp.h" |
15 #include "url/gurl.h" | 15 #include "url/gurl.h" |
16 | 16 |
17 // Forward declare the crypto types to avoid having to include the full | 17 // Forward declare the crypto types to avoid having to include the full |
18 // headers. | 18 // headers. |
19 typedef struct evp_pkey_st EVP_PKEY; | 19 typedef struct evp_pkey_st EVP_PKEY; |
20 | 20 |
21 namespace net { | 21 namespace net { |
22 | 22 |
23 namespace ct { | 23 namespace ct { |
24 | 24 struct MerkleAuditProof; |
| 25 struct MerkleConsistencyProof; |
25 struct SignedTreeHead; | 26 struct SignedTreeHead; |
26 struct MerkleConsistencyProof; | |
27 | |
28 } // namespace ct | 27 } // namespace ct |
29 | 28 |
30 // Class for verifying signatures of a single Certificate Transparency | 29 // Class for verifying signatures of a single Certificate Transparency |
31 // log, whose identity is provided during construction. | 30 // log, whose identity is provided during construction. |
32 // Currently can verify Signed Certificate Timestamp (SCT) and Signed | 31 // Currently can verify Signed Certificate Timestamp (SCT) and Signed |
33 // Tree Head (STH) signatures. | 32 // Tree Head (STH) signatures. |
34 // Immutable: Does not hold any state beyond the log information it was | 33 // Immutable: Does not hold any state beyond the log information it was |
35 // initialized with. | 34 // initialized with. |
36 class NET_EXPORT CTLogVerifier | 35 class NET_EXPORT CTLogVerifier |
37 : public base::RefCountedThreadSafe<CTLogVerifier> { | 36 : public base::RefCountedThreadSafe<CTLogVerifier> { |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
69 bool VerifySignedTreeHead(const ct::SignedTreeHead& signed_tree_head) const; | 68 bool VerifySignedTreeHead(const ct::SignedTreeHead& signed_tree_head) const; |
70 | 69 |
71 // Verifies that |proof| is a valid consistency proof (RFC 6962, Section | 70 // Verifies that |proof| is a valid consistency proof (RFC 6962, Section |
72 // 2.1.2) for this log, and which proves that |old_tree_hash| has | 71 // 2.1.2) for this log, and which proves that |old_tree_hash| has |
73 // been fully incorporated into the Merkle tree represented by | 72 // been fully incorporated into the Merkle tree represented by |
74 // |new_tree_hash|. | 73 // |new_tree_hash|. |
75 bool VerifyConsistencyProof(const ct::MerkleConsistencyProof& proof, | 74 bool VerifyConsistencyProof(const ct::MerkleConsistencyProof& proof, |
76 const std::string& old_tree_hash, | 75 const std::string& old_tree_hash, |
77 const std::string& new_tree_hash) const; | 76 const std::string& new_tree_hash) const; |
78 | 77 |
| 78 // Verifies that |proof| is a valid audit proof (RFC 6962, Section 2.1.1) for |
| 79 // this log, and which proves that the certificate represented by |leaf_hash| |
| 80 // has been incorporated into the Merkle tree represented by |root_hash|. |
| 81 // Returns true if verification succeeds, false otherwise. |
| 82 bool VerifyAuditProof(const ct::MerkleAuditProof& proof, |
| 83 const std::string& root_hash, |
| 84 const std::string& leaf_hash) const; |
| 85 |
79 private: | 86 private: |
80 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature); | 87 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature); |
81 friend class base::RefCountedThreadSafe<CTLogVerifier>; | 88 friend class base::RefCountedThreadSafe<CTLogVerifier>; |
82 | 89 |
83 CTLogVerifier(const base::StringPiece& description, | 90 CTLogVerifier(const base::StringPiece& description, |
84 const GURL& url, | 91 const GURL& url, |
85 const base::StringPiece& dns_domain); | 92 const base::StringPiece& dns_domain); |
86 ~CTLogVerifier(); | 93 ~CTLogVerifier(); |
87 | 94 |
88 // Performs crypto-library specific initialization. | 95 // Performs crypto-library specific initialization. |
(...skipping 15 matching lines...) Expand all Loading... |
104 std::string dns_domain_; | 111 std::string dns_domain_; |
105 ct::DigitallySigned::HashAlgorithm hash_algorithm_; | 112 ct::DigitallySigned::HashAlgorithm hash_algorithm_; |
106 ct::DigitallySigned::SignatureAlgorithm signature_algorithm_; | 113 ct::DigitallySigned::SignatureAlgorithm signature_algorithm_; |
107 | 114 |
108 EVP_PKEY* public_key_; | 115 EVP_PKEY* public_key_; |
109 }; | 116 }; |
110 | 117 |
111 } // namespace net | 118 } // namespace net |
112 | 119 |
113 #endif // NET_CERT_CT_LOG_VERIFIER_H_ | 120 #endif // NET_CERT_CT_LOG_VERIFIER_H_ |
OLD | NEW |