Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(390)

Side by Side Diff: net/cert/ct_log_verifier.h

Issue 2182533002: Adds a VerifyAuditProof method to CTLogVerifier (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/cert/ct_log_verifier.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_ 5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_
6 #define NET_CERT_CT_LOG_VERIFIER_H_ 6 #define NET_CERT_CT_LOG_VERIFIER_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/gtest_prod_util.h" 10 #include "base/gtest_prod_util.h"
11 #include "base/memory/ref_counted.h" 11 #include "base/memory/ref_counted.h"
12 #include "base/strings/string_piece.h" 12 #include "base/strings/string_piece.h"
13 #include "net/base/net_export.h" 13 #include "net/base/net_export.h"
14 #include "net/cert/signed_certificate_timestamp.h" 14 #include "net/cert/signed_certificate_timestamp.h"
15 #include "url/gurl.h" 15 #include "url/gurl.h"
16 16
17 // Forward declare the crypto types to avoid having to include the full 17 // Forward declare the crypto types to avoid having to include the full
18 // headers. 18 // headers.
19 typedef struct evp_pkey_st EVP_PKEY; 19 typedef struct evp_pkey_st EVP_PKEY;
20 20
21 namespace net { 21 namespace net {
22 22
23 namespace ct { 23 namespace ct {
24 24 struct MerkleAuditProof;
25 struct MerkleConsistencyProof;
25 struct SignedTreeHead; 26 struct SignedTreeHead;
26 struct MerkleConsistencyProof;
27
28 } // namespace ct 27 } // namespace ct
29 28
30 // Class for verifying signatures of a single Certificate Transparency 29 // Class for verifying signatures of a single Certificate Transparency
31 // log, whose identity is provided during construction. 30 // log, whose identity is provided during construction.
32 // Currently can verify Signed Certificate Timestamp (SCT) and Signed 31 // Currently can verify Signed Certificate Timestamp (SCT) and Signed
33 // Tree Head (STH) signatures. 32 // Tree Head (STH) signatures.
34 // Immutable: Does not hold any state beyond the log information it was 33 // Immutable: Does not hold any state beyond the log information it was
35 // initialized with. 34 // initialized with.
36 class NET_EXPORT CTLogVerifier 35 class NET_EXPORT CTLogVerifier
37 : public base::RefCountedThreadSafe<CTLogVerifier> { 36 : public base::RefCountedThreadSafe<CTLogVerifier> {
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
69 bool VerifySignedTreeHead(const ct::SignedTreeHead& signed_tree_head) const; 68 bool VerifySignedTreeHead(const ct::SignedTreeHead& signed_tree_head) const;
70 69
71 // Verifies that |proof| is a valid consistency proof (RFC 6962, Section 70 // Verifies that |proof| is a valid consistency proof (RFC 6962, Section
72 // 2.1.2) for this log, and which proves that |old_tree_hash| has 71 // 2.1.2) for this log, and which proves that |old_tree_hash| has
73 // been fully incorporated into the Merkle tree represented by 72 // been fully incorporated into the Merkle tree represented by
74 // |new_tree_hash|. 73 // |new_tree_hash|.
75 bool VerifyConsistencyProof(const ct::MerkleConsistencyProof& proof, 74 bool VerifyConsistencyProof(const ct::MerkleConsistencyProof& proof,
76 const std::string& old_tree_hash, 75 const std::string& old_tree_hash,
77 const std::string& new_tree_hash) const; 76 const std::string& new_tree_hash) const;
78 77
78 // Verifies that |proof| is a valid audit proof (RFC 6962, Section 2.1.1) for
79 // this log, and which proves that the certificate represented by |leaf_hash|
80 // has been incorporated into the Merkle tree represented by |root_hash|.
81 // Returns true if verification succeeds, false otherwise.
82 bool VerifyAuditProof(const ct::MerkleAuditProof& proof,
83 const std::string& root_hash,
84 const std::string& leaf_hash) const;
85
79 private: 86 private:
80 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature); 87 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature);
81 friend class base::RefCountedThreadSafe<CTLogVerifier>; 88 friend class base::RefCountedThreadSafe<CTLogVerifier>;
82 89
83 CTLogVerifier(const base::StringPiece& description, 90 CTLogVerifier(const base::StringPiece& description,
84 const GURL& url, 91 const GURL& url,
85 const base::StringPiece& dns_domain); 92 const base::StringPiece& dns_domain);
86 ~CTLogVerifier(); 93 ~CTLogVerifier();
87 94
88 // Performs crypto-library specific initialization. 95 // Performs crypto-library specific initialization.
(...skipping 15 matching lines...) Expand all
104 std::string dns_domain_; 111 std::string dns_domain_;
105 ct::DigitallySigned::HashAlgorithm hash_algorithm_; 112 ct::DigitallySigned::HashAlgorithm hash_algorithm_;
106 ct::DigitallySigned::SignatureAlgorithm signature_algorithm_; 113 ct::DigitallySigned::SignatureAlgorithm signature_algorithm_;
107 114
108 EVP_PKEY* public_key_; 115 EVP_PKEY* public_key_;
109 }; 116 };
110 117
111 } // namespace net 118 } // namespace net
112 119
113 #endif // NET_CERT_CT_LOG_VERIFIER_H_ 120 #endif // NET_CERT_CT_LOG_VERIFIER_H_
OLDNEW
« no previous file with comments | « no previous file | net/cert/ct_log_verifier.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698