Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(48)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/ct_log_verifier.h

Issue 27026002: CT: Adding preliminary Certificate Transparency support to Chromium. Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Distinguish between SCTs from unknown logs and unverified ones Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/cert/cert_status_flags.h ('k') | net/cert/ct_log_verifier.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_ 5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_
6 #define NET_CERT_CT_LOG_VERIFIER_H_ 6 #define NET_CERT_CT_LOG_VERIFIER_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/gtest_prod_util.h" 10 #include "base/gtest_prod_util.h"
11 #include "base/memory/scoped_ptr.h" 11 #include "base/memory/scoped_ptr.h"
12 #include "base/strings/string_piece.h" 12 #include "base/strings/string_piece.h"
13 #include "net/base/net_export.h" 13 #include "net/base/net_export.h"
14 #include "net/cert/signed_certificate_timestamp.h" 14 #include "net/cert/signed_certificate_timestamp.h"
15 15
16 // Forward declare the crypto types to avoid having to include the full 16 // Forward declare the crypto types to avoid having to include the full
17 // headers. 17 // headers.
18 #if defined(USE_OPENSSL) 18 #if defined(USE_OPENSSL)
19 typedef struct evp_pkey_st EVP_PKEY; 19 typedef struct evp_pkey_st EVP_PKEY;
20 #else 20 #else
21 typedef struct SECKEYPublicKeyStr SECKEYPublicKey; 21 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
22 #endif 22 #endif
23 23
24 namespace net { 24 namespace net {
25 25
26 // Class for verifying Signed Certificate Timestamps (SCTs) provided by a 26 // Class for verifying Signed Certificate Timestamps (SCTs) provided by a
27 // specific log (whose identity is provided during construction). 27 // specific log (whose identity is provided during construction).
28 class NET_EXPORT CTLogVerifier { 28 class NET_EXPORT CTLogVerifier {
29 public: 29 public:
30 enum VerifyResult {
31 SCT_VERIFIED_OK = 0,
32 SCT_NOT_FROM_THIS_LOG = 1,
33 SCT_ALGORITHM_MISMATCH = 2,
34 SCT_DATA_SERIALIZATION_FAILED = 3,
35 SCT_VERIFICATION_FAILED = 4,
36 };
37
30 // Creates a new CTLogVerifier that will verify SignedCertificateTimestamps 38 // Creates a new CTLogVerifier that will verify SignedCertificateTimestamps
31 // using |public_key|, which is a DER-encoded SubjectPublicKeyInfo. 39 // using |public_key|, which is a DER-encoded SubjectPublicKeyInfo.
32 // If |public_key| refers to an unsupported public key, returns NULL. 40 // If |public_key| refers to an unsupported public key, returns NULL.
33 // |description| is a textual description of the log. 41 // |description| is a textual description of the log.
34 static scoped_ptr<CTLogVerifier> Create( 42 static scoped_ptr<CTLogVerifier> Create(
35 const base::StringPiece& public_key, 43 const base::StringPiece& public_key,
36 const base::StringPiece& description); 44 const base::StringPiece& description);
37 45
38 ~CTLogVerifier(); 46 ~CTLogVerifier();
39 47
40 // Returns the log's key ID (RFC6962, Section 3.2) 48 // Returns the log's key ID (RFC6962, Section 3.2)
41 const std::string& key_id() const { return key_id_; } 49 const std::string& key_id() const { return key_id_; }
42 // Returns the log's human-readable description. 50 // Returns the log's human-readable description.
43 const std::string& description() const { return description_; } 51 const std::string& description() const { return description_; }
44 52
45 // Verifies that |sct| contains a valid signature for |entry|. 53 // Verifies that |sct| contains a valid signature for |entry|.
46 bool Verify(const ct::LogEntry& entry, 54 VerifyResult Verify(const ct::LogEntry& entry,
47 const ct::SignedCertificateTimestamp& sct); 55 const ct::SignedCertificateTimestamp& sct);
48 56
49 private: 57 private:
50 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature); 58 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature);
51 59
52 CTLogVerifier(); 60 CTLogVerifier();
53 61
54 // Performs crypto-library specific initialization. 62 // Performs crypto-library specific initialization.
55 bool Init(const base::StringPiece& public_key, 63 bool Init(const base::StringPiece& public_key,
56 const base::StringPiece& description); 64 const base::StringPiece& description);
57 65
(...skipping 11 matching lines...) Expand all
69 #if defined(USE_OPENSSL) 77 #if defined(USE_OPENSSL)
70 EVP_PKEY* public_key_; 78 EVP_PKEY* public_key_;
71 #else 79 #else
72 SECKEYPublicKey* public_key_; 80 SECKEYPublicKey* public_key_;
73 #endif 81 #endif
74 }; 82 };
75 83
76 } // namespace net 84 } // namespace net
77 85
78 #endif // NET_CERT_CT_LOG_VERIFIER_H_ 86 #endif // NET_CERT_CT_LOG_VERIFIER_H_
OLDNEW
« no previous file with comments | « net/cert/cert_status_flags.h ('k') | net/cert/ct_log_verifier.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698