Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(594)

Unified Diff: net/cert/ct_log_verifier.h

Issue 2182533002: Adds a VerifyAuditProof method to CTLogVerifier (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/cert/ct_log_verifier.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/ct_log_verifier.h
diff --git a/net/cert/ct_log_verifier.h b/net/cert/ct_log_verifier.h
index e9ba307c3e99d33d7a22b984b823ccb4e7022073..6e3b938eb0bff7884d1105465afa7bf99515b5a1 100644
--- a/net/cert/ct_log_verifier.h
+++ b/net/cert/ct_log_verifier.h
@@ -19,14 +19,13 @@
typedef struct evp_pkey_st EVP_PKEY;
namespace net {
namespace ct {
-
-struct SignedTreeHead;
+struct MerkleAuditProof;
struct MerkleConsistencyProof;
-
+struct SignedTreeHead;
} // namespace ct
// Class for verifying signatures of a single Certificate Transparency
// log, whose identity is provided during construction.
// Currently can verify Signed Certificate Timestamp (SCT) and Signed
@@ -74,10 +73,18 @@ class NET_EXPORT CTLogVerifier
// |new_tree_hash|.
bool VerifyConsistencyProof(const ct::MerkleConsistencyProof& proof,
const std::string& old_tree_hash,
const std::string& new_tree_hash) const;
+ // Verifies that |proof| is a valid audit proof (RFC 6962, Section 2.1.1) for
+ // this log, and which proves that the certificate represented by |leaf_hash|
+ // has been incorporated into the Merkle tree represented by |root_hash|.
+ // Returns true if verification succeeds, false otherwise.
+ bool VerifyAuditProof(const ct::MerkleAuditProof& proof,
+ const std::string& root_hash,
+ const std::string& leaf_hash) const;
+
private:
FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature);
friend class base::RefCountedThreadSafe<CTLogVerifier>;
CTLogVerifier(const base::StringPiece& description,
« no previous file with comments | « no previous file | net/cert/ct_log_verifier.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698