net/cert/ct_log_verifier.h - Issue 230713002: Certificate Transparency: Parse Signed Tree Heads and validate them

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/ct_log_verifier.h

Issue 230713002: Certificate Transparency: Parse Signed Tree Heads and validate them (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Explicitly exporting symbol Created 6 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/ct_log_verifier.h

diff --git a/net/cert/ct_log_verifier.h b/net/cert/ct_log_verifier.h

index b4ee52026746809a7c8b0e3657ceae77a1d0f6ad..052be9d14a37f06c2a762207d2c53c6db253c7a2 100644

--- a/net/cert/ct_log_verifier.h

+++ b/net/cert/ct_log_verifier.h

@@ -23,6 +23,10 @@ typedef struct SECKEYPublicKeyStr SECKEYPublicKey;

namespace net {

+namespace ct {

+struct SignedTreeHead;

+} // namespace ct

// Class for verifying Signed Certificate Timestamps (SCTs) provided by a

// specific log (whose identity is provided during construction).

class NET_EXPORT CTLogVerifier {

@@ -46,6 +50,11 @@ class NET_EXPORT CTLogVerifier {

bool Verify(const ct::LogEntry& entry,

const ct::SignedCertificateTimestamp& sct);

+ // Verifies and sets |signed_tree_head|. If |signed_tree_head|'s signature is

+ // valid, stores it and returns true. Otherwise, discards the sth and

+ // returns false.

+ bool SetSignedTreeHead(scoped_ptr<ct::SignedTreeHead> signed_tree_head);

private:

FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature);

@@ -61,10 +70,15 @@ class NET_EXPORT CTLogVerifier {

bool VerifySignature(const base::StringPiece& data_to_sign,

const base::StringPiece& signature);

+ // Returns true if the signature and hash algorithms in |signature|

+ // match those of the log

+ bool SignatureParametersMatch(const ct::DigitallySigned& signature);

std::string key_id_;

std::string description_;

ct::DigitallySigned::HashAlgorithm hash_algorithm_;

ct::DigitallySigned::SignatureAlgorithm signature_algorithm_;

+ scoped_ptr<ct::SignedTreeHead> sth_;

Ryan Sleevi 2014/04/25 23:33:19 s/sth_/signed_tree_head_/

Eran Messeri 2014/04/29 15:22:24 Done.

#if defined(USE_OPENSSL)

EVP_PKEY* public_key_;

« net/cert/ct_log_response_parser_unittest.cc ('K') | « net/cert/ct_log_response_parser_unittest.cc ('k') | net/cert/ct_log_verifier.cc » ('j') | net/cert/ct_log_verifier.cc » ('J')