Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(483)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/ct_log_verifier.cc

Issue 230713002: Certificate Transparency: Parse Signed Tree Heads and validate them (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Addressing more of Ryan's comments Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/ct_log_verifier.h ('k') | net/cert/ct_log_verifier_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/ct_log_verifier.h" 5 #include "net/cert/ct_log_verifier.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "net/cert/ct_serialization.h" 8 #include "net/cert/ct_serialization.h"
9 #include "net/cert/signed_tree_head.h"
9 10
10 namespace net { 11 namespace net {
11 12
12 // static 13 // static
13 scoped_ptr<CTLogVerifier> CTLogVerifier::Create( 14 scoped_ptr<CTLogVerifier> CTLogVerifier::Create(
14 const base::StringPiece& public_key, 15 const base::StringPiece& public_key,
15 const base::StringPiece& description) { 16 const base::StringPiece& description) {
16 scoped_ptr<CTLogVerifier> result(new CTLogVerifier()); 17 scoped_ptr<CTLogVerifier> result(new CTLogVerifier());
17 if (!result->Init(public_key, description)) 18 if (!result->Init(public_key, description))
18 result.reset(); 19 result.reset();
19 return result.Pass(); 20 return result.Pass();
20 } 21 }
21 22
22 bool CTLogVerifier::Verify(const ct::LogEntry& entry, 23 bool CTLogVerifier::Verify(const ct::LogEntry& entry,
23 const ct::SignedCertificateTimestamp& sct) { 24 const ct::SignedCertificateTimestamp& sct) {
24 if (sct.log_id != key_id()) { 25 if (sct.log_id != key_id()) {
25 DVLOG(1) << "SCT is not signed by this log."; 26 DVLOG(1) << "SCT is not signed by this log.";
26 return false; 27 return false;
27 } 28 }
28 29
29 if (sct.signature.hash_algorithm != hash_algorithm_) { 30 if (!SignatureParametersMatch(sct.signature))
30 DVLOG(1) << "Mismatched hash algorithm. Expected " << hash_algorithm_
31 << ", got " << sct.signature.hash_algorithm << ".";
32 return false; 31 return false;
33 }
34
35 if (sct.signature.signature_algorithm != signature_algorithm_) {
36 DVLOG(1) << "Mismatched sig algorithm. Expected " << signature_algorithm_
37 << ", got " << sct.signature.signature_algorithm << ".";
38 return false;
39 }
40 32
41 std::string serialized_log_entry; 33 std::string serialized_log_entry;
42 if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) { 34 if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) {
43 DVLOG(1) << "Unable to serialize entry."; 35 DVLOG(1) << "Unable to serialize entry.";
44 return false; 36 return false;
45 } 37 }
46 std::string serialized_data; 38 std::string serialized_data;
47 if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry, 39 if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry,
48 sct.extensions, &serialized_data)) { 40 sct.extensions, &serialized_data)) {
49 DVLOG(1) << "Unable to create SCT to verify."; 41 DVLOG(1) << "Unable to create SCT to verify.";
50 return false; 42 return false;
51 } 43 }
52 44
53 return VerifySignature(serialized_data, sct.signature.signature_data); 45 return VerifySignature(serialized_data, sct.signature.signature_data);
54 } 46 }
55 47
48 bool CTLogVerifier::SetSignedTreeHead(
49 scoped_ptr<ct::SignedTreeHead> signed_tree_head) {
50 if (!SignatureParametersMatch(signed_tree_head->signature))
51 return false;
52
53 std::string serialized_data;
54 ct::EncodeTreeHeadSignature(*signed_tree_head.get(), &serialized_data);
55 if (VerifySignature(serialized_data,
56 signed_tree_head->signature.signature_data)) {
57 signed_tree_head_.reset(signed_tree_head.release());
58 return true;
59 }
60 return false;
61 }
62
63 bool CTLogVerifier::SignatureParametersMatch(
64 const ct::DigitallySigned& signature) {
65 if (!signature.SignatureParametersMatch(hash_algorithm_,
66 signature_algorithm_)) {
67 DVLOG(1) << "Mismatched hash or signature algorithm. Hash: "
68 << hash_algorithm_ << " vs " << signature.hash_algorithm
69 << " Signature: " << signature_algorithm_ << " vs "
70 << signature.signature_algorithm << ".";
71 return false;
72 }
73
74 return true;
75 }
76
56 } // namespace net 77 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/ct_log_verifier.h ('k') | net/cert/ct_log_verifier_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698