| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_ | 5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_ |
| 6 #define NET_CERT_CT_LOG_VERIFIER_H_ | 6 #define NET_CERT_CT_LOG_VERIFIER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/gtest_prod_util.h" | 10 #include "base/gtest_prod_util.h" |
| 11 #include "base/memory/ref_counted.h" | 11 #include "base/memory/ref_counted.h" |
| 12 #include "base/strings/string_piece.h" | 12 #include "base/strings/string_piece.h" |
| 13 #include "net/base/net_export.h" | 13 #include "net/base/net_export.h" |
| 14 #include "net/cert/signed_certificate_timestamp.h" | 14 #include "net/cert/signed_certificate_timestamp.h" |
| 15 #include "url/gurl.h" | 15 #include "url/gurl.h" |
| 16 | 16 |
| 17 // Forward declare the crypto types to avoid having to include the full | 17 // Forward declare the crypto types to avoid having to include the full |
| 18 // headers. | 18 // headers. |
| 19 typedef struct evp_pkey_st EVP_PKEY; | 19 typedef struct evp_pkey_st EVP_PKEY; |
| 20 | 20 |
| 21 namespace net { | 21 namespace net { |
| 22 | 22 |
| 23 namespace ct { | 23 namespace ct { |
| 24 | 24 struct MerkleAuditProof; |
| 25 struct MerkleConsistencyProof; |
| 25 struct SignedTreeHead; | 26 struct SignedTreeHead; |
| 26 struct MerkleConsistencyProof; | |
| 27 | |
| 28 } // namespace ct | 27 } // namespace ct |
| 29 | 28 |
| 30 // Class for verifying signatures of a single Certificate Transparency | 29 // Class for verifying signatures of a single Certificate Transparency |
| 31 // log, whose identity is provided during construction. | 30 // log, whose identity is provided during construction. |
| 32 // Currently can verify Signed Certificate Timestamp (SCT) and Signed | 31 // Currently can verify Signed Certificate Timestamp (SCT) and Signed |
| 33 // Tree Head (STH) signatures. | 32 // Tree Head (STH) signatures. |
| 34 // Immutable: Does not hold any state beyond the log information it was | 33 // Immutable: Does not hold any state beyond the log information it was |
| 35 // initialized with. | 34 // initialized with. |
| 36 class NET_EXPORT CTLogVerifier | 35 class NET_EXPORT CTLogVerifier |
| 37 : public base::RefCountedThreadSafe<CTLogVerifier> { | 36 : public base::RefCountedThreadSafe<CTLogVerifier> { |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 69 bool VerifySignedTreeHead(const ct::SignedTreeHead& signed_tree_head) const; | 68 bool VerifySignedTreeHead(const ct::SignedTreeHead& signed_tree_head) const; |
| 70 | 69 |
| 71 // Verifies that |proof| is a valid consistency proof (RFC 6962, Section | 70 // Verifies that |proof| is a valid consistency proof (RFC 6962, Section |
| 72 // 2.1.2) for this log, and which proves that |old_tree_hash| has | 71 // 2.1.2) for this log, and which proves that |old_tree_hash| has |
| 73 // been fully incorporated into the Merkle tree represented by | 72 // been fully incorporated into the Merkle tree represented by |
| 74 // |new_tree_hash|. | 73 // |new_tree_hash|. |
| 75 bool VerifyConsistencyProof(const ct::MerkleConsistencyProof& proof, | 74 bool VerifyConsistencyProof(const ct::MerkleConsistencyProof& proof, |
| 76 const std::string& old_tree_hash, | 75 const std::string& old_tree_hash, |
| 77 const std::string& new_tree_hash) const; | 76 const std::string& new_tree_hash) const; |
| 78 | 77 |
| 78 // Verifies that |proof| is a valid audit proof (RFC 6962, Section 2.1.1) for |
| 79 // this log, and which proves that the certificate represented by |leaf_hash| |
| 80 // has been incorporated into the Merkle tree represented by |root_hash|. |
| 81 // Returns true if verification succeeds, false otherwise. |
| 82 bool VerifyAuditProof(const ct::MerkleAuditProof& proof, |
| 83 const std::string& root_hash, |
| 84 const std::string& leaf_hash) const; |
| 85 |
| 79 private: | 86 private: |
| 80 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature); | 87 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature); |
| 81 friend class base::RefCountedThreadSafe<CTLogVerifier>; | 88 friend class base::RefCountedThreadSafe<CTLogVerifier>; |
| 82 | 89 |
| 83 CTLogVerifier(const base::StringPiece& description, | 90 CTLogVerifier(const base::StringPiece& description, |
| 84 const GURL& url, | 91 const GURL& url, |
| 85 const base::StringPiece& dns_domain); | 92 const base::StringPiece& dns_domain); |
| 86 ~CTLogVerifier(); | 93 ~CTLogVerifier(); |
| 87 | 94 |
| 88 // Performs crypto-library specific initialization. | 95 // Performs crypto-library specific initialization. |
| (...skipping 15 matching lines...) Expand all Loading... |
| 104 std::string dns_domain_; | 111 std::string dns_domain_; |
| 105 ct::DigitallySigned::HashAlgorithm hash_algorithm_; | 112 ct::DigitallySigned::HashAlgorithm hash_algorithm_; |
| 106 ct::DigitallySigned::SignatureAlgorithm signature_algorithm_; | 113 ct::DigitallySigned::SignatureAlgorithm signature_algorithm_; |
| 107 | 114 |
| 108 EVP_PKEY* public_key_; | 115 EVP_PKEY* public_key_; |
| 109 }; | 116 }; |
| 110 | 117 |
| 111 } // namespace net | 118 } // namespace net |
| 112 | 119 |
| 113 #endif // NET_CERT_CT_LOG_VERIFIER_H_ | 120 #endif // NET_CERT_CT_LOG_VERIFIER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2182533002:
Adds a VerifyAuditProof method to CTLogVerifier (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master